[OpenSIPS-Users] I need some help in websocket connection error .
Răzvan Crainea
razvan at opensips.org
Fri Jun 28 04:01:35 EDT 2019
Hi, Sasmita!
I see that you require TLSv1.2 authentication method - are you sure your
clients do support this version? A similar problem can be with the
ciphers, are you sure your clients support the whitelisted ciphers? As
you do not enforce anything, this might be true, but this is something
you should double-check. Besides that, I don't have any other ideas.
Best regards,
Răzvan
On 6/27/19 9:02 AM, Sasmita Panda wrote:
> Hi,
>
> SSL miss configuration in client side or in opensips side . I think I
> have done the configuration right .
>
> listen=wss:192.168.143.20:443 <http://192.168.143.20:443>
> loadmodule "tls_mgm.so"
> modparam("tls_mgm", "tls_method", "tlsv1_2")
> modparam("tls_mgm", "verify_cert", "0")
> modparam("tls_mgm", "require_cert", "0")
> modparam("tls_mgm", "certificate",
> "/usr/local/etc/opensips/tls/3ccloudwebrtc2019.crt")
> modparam("tls_mgm", "private_key",
> "/usr/local/etc/opensips/tls/3ccloud.key")
> modparam("tls_mgm", "ca_list",
> "/usr/local/etc/opensips/tls/rootCA/cacert.pem")
> loadmodule "proto_wss.so"
> modparam("proto_wss", "wss_port", 443)
>
> This is for wss . Is there anything I am missing in configuration ?
>
>
> */Thanks & Regards/*
> /Sasmita Panda/
> /Senior Network Testing and Software Engineer/
> /3CLogic , ph:07827611765/
>
>
> On Wed, Jun 26, 2019 at 8:10 PM Răzvan Crainea <razvan at opensips.org
> <mailto:razvan at opensips.org>> wrote:
>
> TBH, all I can see in the logs you sent is that a connection was
> terminated (without even being started), and a connection that was
> started, but closed by the client. So in order to understand what's
> happening, you need to understand why the client is closing the
> connection. Check logs, documentation, anything, but this doesn't seem
> to be related to OpenSIPS, it looks like some SSL misconfiguration.
>
> Best regards,
> Răzvan
>
> On 6/26/19 4:24 PM, Sasmita Panda wrote:
> > Is there any update on this issue . How I can solve this error
> message
> > from my opensips logs .
> >
> >
> > */Thanks & Regards/*
> > /Sasmita Panda/
> > /Senior Network Testing and Software Engineer/
> > /3CLogic , ph:07827611765/
> >
> >
> > On Tue, Jun 25, 2019 at 3:48 PM Sasmita Panda <spanda at 3clogic.com
> <mailto:spanda at 3clogic.com>
> > <mailto:spanda at 3clogic.com <mailto:spanda at 3clogic.com>>> wrote:
> >
> > I have tried to take ssldump in the webrtc server in run time .
> >
> > New TCP connection #19: 192.168.1.y(48530) <-> 192.168.0.x(443)
> > 19 0.0011 (0.0011) C>S TCP FIN
> > 19 0.0013 (0.0001) S>C TCP FIN
> >
> > New TCP connection #20: 192.168.0.y(52975) <-> 192.168.0.x(443)
> > 20 1 0.0006 (0.0006) C>S Handshake ClientHello
> > 20 2 0.0008 (0.0002) S>C Handshake ServerHello
> > 20 3 0.0008 (0.0000) S>C Handshake Certificate
> > 20 4 0.0008 (0.0000) S>C Handshake ServerHelloDone
> > 20 5 0.0020 (0.0011) C>S Handshake ClientKeyExchange
> > 20 6 0.0020 (0.0000) C>S ChangeCipherSpec
> > 20 7 0.0020 (0.0000) C>S Handshake
> > 20 8 0.0036 (0.0015) S>C Handshake20 9 0.0036 (0.0000) S>C
> > ChangeCipherSpec
> > 20 10 0.0036 (0.0000) S>C Handshake
> > 20 11 0.0042 (0.0006) C>S Alert
> > 20 0.0042 (0.0000) C>S TCP FIN
> > 20 0.0043 (0.0000) S>C TCP FIN
> >
> > The portion I marked in red whenever appear there is error in
> > opensips logs . For below portion the connection was accepted .
> >
> > I am not even getting any error in my browser side . How I will
> > debug this ? please help .
> >
> > */Thanks & Regards/*
> > /Sasmita Panda/
> > /Senior Network Testing and Software Engineer/
> > /3CLogic , ph:07827611765/
> >
> >
> > On Fri, Jun 14, 2019 at 2:51 PM Callum Guy
> <callum.guy at x-on.co.uk <mailto:callum.guy at x-on.co.uk>
> > <mailto:callum.guy at x-on.co.uk
> <mailto:callum.guy at x-on.co.uk>>> wrote:
> >
> > You might find that a tcpdump is the only way to get to grips
> > with the underlying issue.
> >
> > Having said that I wonder if there is any chance that the
> > connection isn't accepting simply due to a cipher
> > incompatibility. Are you setting a cipher list that you know
> > your clients accept? Maybe try:
> >
> > modparam("tls_mgm", "ciphers_list",
> >
> "AES256-GCM-SHA384,AES256-SHA256,AES256-SHA,CAMELLIA256-SHA,AES128-SHA,CAMELLIA128-SHA,RC4-SHA")
> >
> >
> > On Fri, 14 Jun 2019 at 09:17, Sasmita Panda
> <spanda at 3clogic.com <mailto:spanda at 3clogic.com>
> > <mailto:spanda at 3clogic.com <mailto:spanda at 3clogic.com>>>
> wrote:
> >
> > I had a dedicated server for 1 Client . When that client
> > faces the issue I started looking into the logs . And
> this
> > is what the error I got .
> >
> > but latter on when I saw other servers which is
> getting used
> > by different client in that logs also same error coming
> > everyday .
> >
> > As a conclusion its happening with everybody .
> >
> > Below is the configuration .
> >
> > modparam("tls_mgm", "tls_method", "tlsv1_2")
> > modparam("tls_mgm", "verify_cert", "0")
> > modparam("tls_mgm", "require_cert", "0")
> > modparam("tls_mgm", "certificate",
> > "/usr/etc/opensips/tls/3ccloudwebrtc2019.crt")
> > modparam("tls_mgm", "private_key",
> > "/usr/etc/opensips/tls/3ccloud.key")
> > modparam("tls_mgm", "ca_list",
> > "/usr/etc/opensips/tls/rootCA/cacert.pem")
> >
> >
> >
> > */Thanks & Regards/*
> > /Sasmita Panda/
> > /Senior Network Testing and Software Engineer/
> > /3CLogic , ph:07827611765/
> >
> >
> > On Thu, Jun 13, 2019 at 6:50 PM Răzvan Crainea
> > <razvan at opensips.org <mailto:razvan at opensips.org>
> <mailto:razvan at opensips.org <mailto:razvan at opensips.org>>> wrote:
> >
> > Can you trace the SSL traffic between the two
> endpoints?
> > Perhaps the SSL
> > header give you a reason for not accepting the
> connection.
> > Is this happening only for certain clients, or
> for everyone?
> > Are you requiring any certificates validation?
> >
> > Best regards,
> > Răzvan
> >
> > On 6/12/19 3:34 PM, Sasmita Panda wrote:
> > > I am using opensips 2.2
> > > version: opensips 2.2.4 (x86_64/linux)
> > >
> > > I am using the proto_wss and tls_mgm module for
> > establishing websocket
> > > connection .
> > >
> > > I am getting bellow error again and again .
> Whats the
> > reson behind this
> > > and how can I solve this problem ?
> > >
> > >
> > > Jun 10 00:00:15 localhost
> /usr/sbin/opensips[1548]:
> > > INFO:core:probe_max_sock_buff: using snd
> buffer of 416 kb
> > > Jun 10 00:00:15 localhost
> /usr/sbin/opensips[1548]:
> > > INFO:core:init_sock_keepalive: TCP keepalive
> enabled
> > on socket 96
> > > Jun 10 00:00:15 localhost
> /usr/sbin/opensips[1546]:
> > > ERROR:proto_wss:tls_accept: New TLS connection
> from
> > 192.168.160.6:58616 <http://192.168.160.6:58616>
> <http://192.168.160.6:58616>
> > > <http://192.168.160.6:58616> failed to accept
> > > Jun 10 00:00:15 localhost
> /usr/sbin/opensips[1546]:
> > > ERROR:proto_wss:wss_read_req: cannot fix read
> connection
> > > Jun 10 00:00:17 localhost
> /usr/sbin/opensips[1548]:
> > > INFO:core:probe_max_sock_buff: using snd
> buffer of 416 kb
> > > Jun 10 00:00:17 localhost
> /usr/sbin/opensips[1548]:
> > > INFO:core:init_sock_keepalive: TCP keepalive
> enabled
> > on socket 96
> > > Jun 10 00:00:17 localhost
> /usr/sbin/opensips[1546]:
> > > ERROR:proto_wss:tls_accept: New TLS connection
> from
> > 192.168.175.59:12918 <http://192.168.175.59:12918>
> <http://192.168.175.59:12918>
> > > <http://192.168.175.59:12918> failed to accept
> > > Jun 10 00:00:17 localhost
> /usr/sbin/opensips[1546]:
> > > ERROR:proto_wss:wss_read_req: cannot fix read
> connection
> > >
> > >
> > > Please do help .
> > >
> > >
> > >
> > > */Thanks & Regards/*
> > > /Sasmita Panda/
> > > /Senior Network Testing and Software Engineer/
> > > /3CLogic , ph:07827611765/
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.opensips.org
> <mailto:Users at lists.opensips.org>
> > <mailto:Users at lists.opensips.org
> <mailto:Users at lists.opensips.org>>
> > >
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > >
> >
> > --
> > Răzvan Crainea
> > OpenSIPS Core Developer
> > http://www.opensips-solutions.com
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> <mailto:Users at lists.opensips.org <mailto:Users at lists.opensips.org>>
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> <mailto:Users at lists.opensips.org <mailto:Users at lists.opensips.org>>
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> >
> >
> > *^0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk>
> <http://www.x-on.co.uk> |
> > _**_^<https://www.linkedin.com/company/x-on>
> > <https://www.facebook.com/XonTel>
> <https://twitter.com/xonuk> *
> >
> > X-on is a trading name of Storacall Technology Ltd a limited
> > company registered in England and Wales.
> > Registered Office : Avaland House, 110 London Road, Apsley,
> > Hemel Hempstead, Herts, HP3 9SD. Company Registration No.
> 2578478.
> > The information in this e-mail is confidential and for use by
> > the addressee(s) only. If you are not the intended recipient,
> > please notify X-on immediately on +44(0)333 332 0000 and
> delete the
> > message from your computer. If you are not a named
> addressee you
> > must not use, disclose, disseminate, distribute, copy,
> print or
> > reply to this email. Views or opinions expressed by an
> individual
> > within this email may not necessarily reflect the views
> of X-on
> > or its associated companies. Although X-on routinely
> screens for
> > viruses, addressees should scan this email and any
> attachments
> > for viruses. X-on makes no representation or warranty as
> to the
> > absence of viruses in this email or any attachments.
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> <mailto:Users at lists.opensips.org <mailto:Users at lists.opensips.org>>
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
>
> --
> Răzvan Crainea
> OpenSIPS Core Developer
> http://www.opensips-solutions.com
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
--
Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com
More information about the Users
mailing list