[SR-Users] Fwd: WSS connection is getting dropped after BYE is sent
Gonzalo Gasca
gascagonzalo at gmail.com
Tue Nov 25 22:22:55 CET 2014
forwarding to alias
On Tue, Nov 25, 2014 at 7:09 PM, Kamrul Khan <dodul at live.com> wrote:
> Hi,
>
> I have successfully configured Kamailio for WSS support using the below
> instructions. Everything works perfectly except, when call is hanged up
> from the receiving end, Kamailio sends BYE and the browser disconnects
> websocket connection right after getting response from Kamailio with the
> following error message:
>
> Firefox: WebSocket connection to 'ws://localhost:3001/websocket' failed:
> Invalid frame header
> Chrome: The connection to ws://localhost:3001/websocket was interrupted
> while the page was loading.
>
> Everything works perfectly over plain websocket(WS). Kamailio is sending
> something with the websocket that the browsers do not like. But im not sure
> what it is. If somebody faced same issue before or can give any clue that
> would be really helpful.
>
> Thanks in advanced!
>
> ------------------------------
> Date: Fri, 17 Oct 2014 18:33:17 -0700
> From: gascagonzalo at gmail.com
> To: sr-users at lists.sip-router.org
> CC: ben at langfeld.me
> Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
>
> Hi Ben,
>
> In regards your certificates, please double check the following:
> a) CN field:
> In your webrtc client check the URL used for wss. and verify it matches
> the CN field of the certificate installed in kamailio:
> Example:
> In my sipml5 client I configured wss://ramenlabs.io:5063 and my
> certificate in fact contains in the cn field ramenlabs.io
> Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io
>
> openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text
>
>
> b)
> I have successfully configured Kamailio 4.1 with TLS and WSS using TLS
> port 5063
> Topology:
> 1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)
> 2) sipml5 --wss---> kamailio
>
> Relevant configurations:
> kamailio.cfg
> tls.cfg
> certificates
>
> Kamailio:
> loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/
>
> Listening on
> udp: 172.31.27.85:5060
> tcp: 172.31.27.85:5060
> tcp: 172.31.27.85:5062
> tls: 172.31.27.85:5061
> * tls: 172.31.27.85:5063 <http://172.31.27.85:5063>*
> Aliases:
> * tls: ip-172-31-27-85.us-west-2.compute.internal:5063*
> tls: ip-172-31-27-85.us-west-2.compute.internal:5061
> tcp: ip-172-31-27-85.us-west-2.compute.internal:5062
> tcp: ip-172-31-27-85.us-west-2.compute.internal:5060
> udp: ip-172-31-27-85.us-west-2.compute.internal:5060
> *: ramenlabs.io:*
> *: 172.31.27.85:*
>
>
> kamailio.cfg
> tls.cfg
>
> https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg
> https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg
>
>
> openssl s_client -connect 172.31.27.85:5063 where this i my internal IP
> address I get presented the certificates.
> HTH
>
> -G
>
> On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <dodul at live.com> wrote:
>
> ok. I have made some changes. rather than getting the TLS configaration
> from a file I added this lines:
>
> #!ifdef WITH_TLS
> # ----- tls params -----
>
> modparam("tls", "private_key", "/etc/certs/sip.192.168.146.133/key.pem")
> modparam("tls", "certificate", "/etc/certs/sip.192.168.146.133/cert.pem")
> modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem")
>
> now, Im getting different logs which looks good. Getting positive results
> from openssl test,
>
> openssl s_client -connect 192.168.146.133:5061 -tls1
> CONNECTED(00000003)
> ^C
>
> But when I try to connect using my webRTC client or even from web-browsers
> im getting timed out. I think im close .. please help me fixing this issue.
>
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>:
> certificate='/etc/certs/sip.192.168.146.133/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>:
> ca_list='/etc/certs/demoCA/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>:
> require_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>:
> cipher_list='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>:
> private_key='/etc/certs/sip.192.168.146.133/key.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>:
> verify_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client
> certificate required and no checks performed
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>:
> certificate='/etc/certs/sip.192.168.146.133/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>:
> ca_list='/etc/certs/demoCA/cert.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>:
> require_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>:
> cipher_list='(null)'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>:
> private_key='/etc/certs/sip.192.168.146.133/key.pem'
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>:
> verify_certificate=0
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]:
> INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY
> present invalid certificate
> Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]:
> INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop: using
> epoll_lt io watch method (config)
>
>
> ------------------------------
> From: dodul at live.com
> To: ben at langfeld.me; sr-users at lists.sip-router.org
> Date: Sat, 18 Oct 2014 05:08:20 +0600
>
> Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
>
> I dint find any in my installation directory. probably it doesn't come
> with standard installation unless you explicitly mention for it... not sure
> though
>
> ------------------------------
> Date: Fri, 17 Oct 2014 19:56:50 -0300
> From: ben at langfeld.co.uk
> To: sr-users at lists.sip-router.org
> Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio
>
> Out of curiosity, why don't you use the pre-built packaged binaries
> instead of building from source?
>
> On 17 October 2014 19:53, Kamrul Khan <dodul at live.com> wrote:
>
> Hi,
>
>
> Im trying to connect my WebRTC clietn to kamailio via WSS. I successfully
> connected it via WS but having trouble connecting it via WSS. My first
> issue is I get error messages while i try to compile TLS module(console log
> in the end of the document). But, still it creates tls.so file. So i copied
> the tls.so to my kamailio modules directory and then updated my kamailio
> configuration as below:
>
>
> #!define WITH_TLS
> .
> .
> listen=tcp:127.0.0.1:5061
> listen=tcp:192.168.146.133:5061
> .
> .
> #!ifdef WITH_TLS
> enable_tls=yes
> #!endif
> .
> .
> #!ifdef WITH_TLS
> # ----- tls params -----
> modparam("tls", "config", "/usr/local/kamailio-devel/etc/kamailio/tls.cfg")
> #!endif
>
>
> Now, according to this mailing list,
> http://lists.sip-router.org/pipermail/sr-users/2013-March/077182.html : “*when
> tls module is installed, a self signed pair of certificate-private key is
> generated in /usr/local/etc/kamailio”*
>
>
> In my case, I dont even have the /usr/local/etc/kamailio directory. So, I
> followed http://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
> to create my certificate and key. And updated my tsl.cfg, this is how my
> tsl.cfg looks like:
>
>
> [server:192.168.146.133:5061]
> method = TLSv1
> verify_certificate = no
> require_certificate = no
>
>
> private_key = /etc/certs/sip.192.168.146.133/key.pem
> certificate = /etc/certs/sip.192.168.146.133/cert.pem
> ca_list = /etc/certs/demoCA/cert.pem
>
>
> [client:192.168.146.133:5061]
> verify_certificate = yes
> require_certificate = yes
>
>
>
>
> Then I restarted my kamailio server. And i get the following errors in my
> kamailio log:
>
>
> Im not sure what wrong im doing. Please help me:
>
>
> Oct 17 15:44:50 ubuntu kamailio: INFO: tls [tls_init.c:385]:
> init_tls_compression(): tls: init_tls: disabling compression...
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [socket_info.c:1397]:
> fix_hostname(): WARNING: fix_hostname: could not rev. resolve
> 192.168.146.133
> Oct 17 15:44:50 ubuntu kamailio: message repeated 2 times: [ WARNING:
> <core> [socket_info.c:1397]: fix_hostname(): WARNING: fix_hostname: could
> not rev. resolve 192.168.146.133]
> Oct 17 15:44:50 ubuntu kamailio: INFO: <core> [tcp_main.c:4836]:
> init_tcp(): init_tcp: using epoll_lt as the io watch method (auto detected)
> Oct 17 15:44:50 ubuntu kamailio: WARNING: <core> [daemonize.c:352]:
> daemonize(): pid file contains old pid, replacing pid
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [../outbound/api.h:54]: ob_load_api(): Failed to import bind_ob
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: rr [rr_mod.c:159]: mod_init(): outbound module not available
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: usrloc [hslot.c:53]: ul_init_locks(): locks array size 512
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:288]: mod_init(): forward functionality disabled
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> INFO: utils [utils.c:197]: pres_db_init(): xcap_auth_status function is
> disabled
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: tls [tls_init.c:668]: tls_check_sockets(): TLSs<
> 192.168.146.133:5061>: No listening socket found
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]:
> ERROR: <core> [sr_module.c:970]: init_mod(): init_mod(): Error while
> initializing module tls
> (/usr/local/kamailio-devel/lib64/kamailio/modules/tls.so)
> Oct 17 15:44:50 ubuntu /usr/local/kamailio-devel//sbin/kamailio[11013]: :
> tls [tls_locking.c:103]: locking_f(): BUG: tls: locking_f (callback):
> invalid lock number: 30 (range 0 - 0), called from eng_table.c:227
> Oct 17 15:44:51 ubuntu kamailio: ERROR: <core> [daemonize.c:307]:
> daemonize(): Main process exited before writing to pipe
>
>
> tls module compile log
>
>
> xxx at ubuntu:/usr/local/src/kamailio-4.1/kamailio$ sudo make -C modules/tls
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> make: Entering directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
> CC (gcc) [M tls.so] tls_bio.o
> CC (gcc) [M tls.so] tls_cfg.o
> CC (gcc) [M tls.so] tls_config.o
> CC (gcc) [M tls.so] tls_ct_wrq.o
> CC (gcc) [M tls.so] tls_domain.o
> In file included from tls_domain.c:39:0:
> tls_domain.c: In function âload_certâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:506:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_cert:");
> ^
> tls_domain.c: In function âload_ca_listâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:536:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_ca_list:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:543:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_ca_list:");
> ^
> tls_domain.c: In function âload_crlâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:575:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_crl:");
> ^
> tls_domain.c: In function âload_private_keyâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:990:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:998:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_domain.c:1005:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("load_private_key:");
> ^
> CC (gcc) [M tls.so] tls_dump_vf.o
> CC (gcc) [M tls.so] tls_init.o
> CC (gcc) [M tls.so] tls_locking.o
> CC (gcc) [M tls.so] tls_mod.o
> CC (gcc) [M tls.so] tls_rpc.o
> CC (gcc) [M tls.so] tls_select.o
> CC (gcc) [M tls.so] tls_server.o
> In file included from tls_server.c:52:0:
> tls_server.c: In function âtls_complete_initâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:192:3: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("Failed to create SSL or BIO structure:");
> ^
> tls_server.c: In function âtls_shutdownâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:521:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR("SSL error:");
> ^
> tls_server.c: In function âtls_encode_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:798:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:832:5: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_server.c: In function âtls_read_fâ:
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:1186:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> tls_util.h:52:6: warning: variable âretâ set but not used
> [-Wunused-but-set-variable]
> int ret; \
> ^
> tls_server.c:1220:4: note: in expansion of macro âTLS_ERRâ
> TLS_ERR(err_src);
> ^
> CC (gcc) [M tls.so] tls_util.o
> CC (gcc) [M tls.so] tls_verify.o
> LD (gcc) [M tls.so] tls.so
> make: Leaving directory `/usr/local/src/kamailio-4.1/kamailio/modules/tls'
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________ SIP Express Router (SER)
> and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________ SIP Express Router (SER)
> and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________ SIP Express Router (SER)
> and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20141125/c72e1043/attachment.html>
More information about the sr-users
mailing list