[OpenSIPS-Users] tls blocking question

Ryan Delgrosso ryandelgrosso at gmail.com
Tue Feb 19 13:50:34 EST 2019


So I have a situation where 100% of my endpoints are TLS behind NAT 
bridging to UDP in core.

I have tcp_async enabled and have set tcp_no_new_conn_bflag on packets 
coming from UDP side to TLS side, as well as setting it on the 
registered AOR's in mid-registrar.

Setting up test scenarios I always seem to hit a wall where opensips 
stops passing packets where it seems to be waiting for some kind of 
timeout.

I am also seeing these messages:

Feb 19 18:46:16 sbc2 /opt/ringrx_edge_proxy/sbin/opensips[20755]: 
ERROR:proto_tls:tls_write: TLS write error:
Feb 19 18:46:16 sbc2 /opt/ringrx_edge_proxy/sbin/opensips[20755]: 
ERROR:proto_tls:tls_blocking_write: TLS failed to send data
Feb 19 18:46:16 sbc2 /opt/ringrx_edge_proxy/sbin/opensips[20755]: 
ERROR:proto_tls:proto_tls_send: failed to send
Feb 19 18:46:16 sbc2 /opt/ringrx_edge_proxy/sbin/opensips[20755]: 
ERROR:sl:msg_send: send() to 1.1.1.1:1234 for proto tls/3 failed

The IP is outside so its from a UDP to TCP flow. Is there another flag I 
need to set to prevent packets from originating new TLS sessions when 
none exist?

Once it gets into this state it takes 30s or so before it starts passing 
packets again, but it does so from a buffer it seems since i can stop my 
tls generator, wait 30s and the core side sipp instance will again begin 
receiving packets.

How can I prevent opensips from blocking like this on TLS sessions?




More information about the Users mailing list