[OpenSIPS-Users] Error: A TLS packet with unexpected length was received.

bay2x1 rod at racequeen.ph
Tue Sep 29 02:47:42 CEST 2009 

I have corrected the wrong port assigned in (25061) in the relay section on
my configuration.  I have set the value for dispatcher = 172.16.100.20 (ip
of my dispatcher) -- leaving the port blank.  I have already check the
version both are version 2.3.4.  I am still stuck in the same error:   A TLS
packet with unexpected length was received.  

The only problem I see is that I cant establish the TCP part for the TLS
connection. Again I have checked the versions of both mediaproxy relay and
dispatcher to be the same 2.3.4 version.

Sep 29 08:44:15 ws20 media-dispatcher[14419]: Main loop terminated.
Sep 29 08:44:15 ws20 media-dispatcher[14481]: Log opened.
Sep 29 08:44:15 ws20 media-dispatcher[14481]: warning: startSyslog is being
deprecated and will be removed in 1.2.0. Use the start_syslog function
instead.
Sep 29 08:44:15 ws20 media-dispatcher[14481]: Starting MediaProxy Dispatcher
2.3.4

Sep 29 08:44:32 ws17 media-relay[4007]: Main loop terminated.
Sep 29 08:44:36 ws17 media-relay[4261]: Log opened.
Sep 29 08:44:36 ws17 media-relay[4261]: warning: startSyslog is being
deprecated and will be removed in 1.2.0. Use the start_syslog function
instead.
Sep 29 08:44:36 ws17 media-relay[4261]: Starting MediaProxy Relay 2.3.4
Sep 29 08:44:37 ws17 media-relay[4261]: Set resource limit for maximum open
file descriptors to 11000

Is there a command to check what version of mediaproxy i am using?



Dan Pascu wrote:
> 
> 
> On 25 Sep 2009, at 04:11, bay2x1 wrote:
> 
>>
>> I was able to determine that the relay is using TCP.
> 
> The relay _never_ uses TCP.
> 
>>  I am encountering this error on the mediaproxy-relay machine
>>
>> Sep 24 18:38:44  media-relay[9744]: error: Connection with  
>> dispatcher at
>> xxx.xxx.xxx:25061 was lost: TCP connection timed out.
> 
> This only means that it could not connect on the TCP level (TLS works  
> on top of TCP, so it needs an established TCP connection before it  
> starts negotiating and establishing TLS on top of it).
> In your case the first stage (establishing a TCP transport) has failed.
> 
>> Sep 24 18:38:55 media-relay[9744]: error: Could not decode command/ 
>> sequence
>> number pair from dispatcher: error
>> Sep 24 18:39:05 media-relay[9744]: error: Could not decode command/ 
>> sequence
>> number pair from dispatcher: error
>> Sep 24 18:39:15 media-relay[9744]: error: Could not decode command/ 
>> sequence
>> number pair from dispatcher: error
>>
> 
> make sure the relay and dispatcher version numbers match.
> 
>> and on the mediaproxy-dispatcher
>>
>> Sep 24 18:31:46 media-dispatcher[19071]: error: Unknown command on
>> management interface: ping
>> Sep 24 18:31:56 media-dispatcher[19071]: error: Unknown command on
>> management interface: ping
>> Sep 24 18:32:06 media-dispatcher[19071]: error: Unknown command on
>> management interface: ping
> 
> ping was not meant to be used on the management interface. Unless you  
> manually send that command to the management interface for testing, I  
> suspect that you somehow got the 2 ports mixed. There are 2 ports used  
> by the dispatcher: 25060 used to listen for incoming relay connections  
> and communicate with the relays; 25061 is used for the management  
> interface, that can be used to obtain information about the dispatcher  
> and relays. In your case it sounds as if the relay connected to the  
> dispatcher management port (25061) instead of the standard relay port  
> (25060)
> 
>>
>> I have already set the value on the dispatcher config.ini
>>
>> listen_management = 0.0.0.0
>>
>> ; Whether or not to use TLS on the management interface. Note that  
>> the same
>> ; TLS credentials are used for both the relay and the management  
>> interface
>> ; connections.
>> ;
>> ; Default value is yes.
>> ;
>> management_use_tls = yes
>>
>> ; Specify extra checks to be performed on the relay TLS credentials  
>> before
>> ; considering the connection with the relay succesful. The passport is
>> ; specified as a list of attribute/value pairs in the form:
>> ;   AN:value[, AN:value...]
>> ; where the attribute name (AN) is one of the available attribute  
>> names from
>> ; the X509 certificate subject: O, OU, CN, C, L, ST, EMAIL. The  
>> value is a
>> ; string that has to match with the corresponding attribute value  
>> from the
>> ; relay certificate. A wildcard (*) can be used in the value at the
>> beginning
>> ; or the end of the string to indicate that the corresponding  
>> attribute from
>> ; the relay certificate must end with respectively to start with the  
>> given
>> ; string (excluding the wildcard).
>> ; For example using this passport:
>> ;   passport = O:AG Projects, CN:relay*
>> ; means that a connection with a relay will only be accepted if the  
>> relay
>> ; certificate subject has organization set to "AG Projects" and the  
>> common
>> ; name starts with "relay". To specify that no additional identity  
>> checks
>> ; need to be performed, use the keyword None. If passport is None,  
>> then only
>> ; the certificate signature is verified agains the certificate  
>> authority in
>> ; tls/ca.pem (signature is always verified even when passport is  
>> None).
>> ;
>> ; Default value is None.
>> ;
>> passport = None
>>
>> ; This option is similar to passport above, but applies to the  
>> management
>> ; interface connections instead of relay connections. It specifies  
>> extra
>> ; checks to be performed on the TLS credentials suplied by an entity  
>> that
>> ; connects to the management interface. Please consult passport  
>> above for
>> ; a detailed description of the possible values for this option.
>> ;
>> ; If management_use_tls is false, this option is ignored.
>> ;
>> ; Default value is None.
>> ;
>> management_passport = None
>>
>> What part did I misconfigure mediaproxy?
> 
> Nothing in this config seems out of place. Did you specify the  
> dispatchers in the relay section and by any chance you used the wrong  
> port with them, like ip:25061 ?
> 
> --
> Dan
> 
> 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 
> 


-----
http://opensips.blogspot.com http://opensips.blogspot.com 
-- 
View this message in context: http://n2.nabble.com/Error-A-TLS-packet-with-unexpected-length-was-received-tp3415244p3732822.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.

More information about the Users mailing list