[OpenSIPS-Users] OpenSIPs 3.1.3 uses TLS for no reason

Jacek Konieczny jajcus at jajcus.net
Mon Jul 12 13:53:44 EST 2021 

Hi,

I am puzzled by the behaviour of my opensips (3.1.3) server. It 
'decided' to send requests from one of accounts via TLS even though not 
configured to do that.

excerpt from my logs (anonymized):
Jul 12 14:48:35 sip1 /usr/sbin/opensips[28301]: #528515: Forwarding 
INVITE request to: <sip:555555555 at 192.168.111.222;transport=udp>
Jul 12 14:48:35 sip1 /usr/sbin/opensips[28301]: #528515: new branch at 
sip:555555555 at 192.168.111.222;transport=udp
Jul 12 14:48:35 sip1 /usr/sbin/opensips[28301]: 
ERROR:core:tcp_connect_blocking_timeout: poll error: flags 28 - 4 8 16 32
Jul 12 14:48:35 sip1 /usr/sbin/opensips[28301]: 
ERROR:core:tcp_connect_blocking_timeout: failed to retrieve SO_ERROR 
[server=192.168.111.222:5061] (111) Connection refused
Jul 12 14:48:35 sip1 /usr/sbin/opensips[28301]: 
ERROR:proto_tls:tls_sync_connect: tcp_blocking_connect failed
Jul 12 14:48:35 sip1 /usr/sbin/opensips[28301]: 
ERROR:proto_tls:proto_tls_send: connect failed
Jul 12 14:48:35 sip1 /usr/sbin/opensips[28301]: ERROR:tm:msg_send: 
send() to 192.168.111.222:5061 for proto tls/3 failed
Jul 12 14:48:35 sip1 /usr/sbin/opensips[28301]: 
ERROR:tm:t_forward_nonack: sending request failed
Jul 12 14:48:35 sip1 /usr/sbin/opensips[28301]: ERROR:tm:w_t_relay: 
t_forward_nonack failed

The routing is done by the drouting module. I have even forced 
'transport=udp' and using the udp: socket in the dr_gateways table. And 
opensips still attempts to send this via TLS, which fails.

The worst thing it that is only happening for a customer account on the 
production server. I cannot enable debug logs there or do any other 
invasive debugging. The same drouting gataway works properly for traffic 
of other customers. The other gateways, that are supposed to use TLS, 
also work as expected.

I have checked traffic dumps – there is no attempt to use anything other 
than TLS there. And the original request looks 100% normal, with no 
mention of 'tls' or 'sips:' there.

Any idea what might be going on there? Or how can I debug it?

Looks like some random details is triggering the problem.

Greets,
   Jacek

More information about the Users mailing list