[SR-Users] WSS connection is getting dropped after BYE is sent

Tue, 25 Nov 2014 12:06:13 -0800 

Hi,

I have successfully configured Kamailio for WSS support using the below 
instructions. Everything works perfectly except, when call is hanged up from 
the receiving end, Kamailio sends BYE and the browser disconnects websocket 
connection right after getting response from Kamailio with the following error 
message:

Firefox: WebSocket connection to 'ws://localhost:3001/websocket' failed: 
Invalid frame headerChrome: The connection to ws://localhost:3001/websocket was 
interrupted while the page was loading.
Everything works perfectly over plain websocket(WS). Kamailio is sending 
something with the websocket that the browsers do not like. But im not sure 
what it is. If somebody faced same issue before or can give any clue that would 
be really helpful. 

Thanks in advanced!

Date: Fri, 17 Oct 2014 18:33:17 -0700
From: gascagonz...@gmail.com
To: sr-users@lists.sip-router.org
CC: b...@langfeld.me
Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio

Hi Ben,
In regards your certificates, please double check the following:a) CN field:In 
your webrtc client check the URL used for wss. and verify it matches the CN 
field of the certificate installed in kamailio:Example:In my sipml5 client I 
configured wss://ramenlabs.io:5063 and my certificate in fact contains in the 
cn field ramenlabs.io







Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io
openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text
b) I have successfully configured Kamailio 4.1 with TLS and WSS using TLS port 
5063Topology:1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)2) sipml5 
--wss---> kamailio
Relevant configurations:kamailio.cfgtls.cfgcertificates
Kamailio:







loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/









Listening on 

             udp: 172.31.27.85:5060

             tcp: 172.31.27.85:5060

             tcp: 172.31.27.85:5062

             tls: 172.31.27.85:5061

             tls: 172.31.27.85:5063

Aliases: 

             tls: ip-172-31-27-85.us-west-2.compute.internal:5063

             tls: ip-172-31-27-85.us-west-2.compute.internal:5061

             tcp: ip-172-31-27-85.us-west-2.compute.internal:5062

             tcp: ip-172-31-27-85.us-west-2.compute.internal:5060

             udp: ip-172-31-27-85.us-west-2.compute.internal:5060

             *: ramenlabs.io:*

             *: 172.31.27.85:*


kamailio.cfgtls.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg
https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg










openssl s_client -connect 172.31.27.85:5063 where this i my internal IP address 
I get presented the certificates.
HTH
-G
On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan <do...@live.com> wrote:



ok. I have made some changes. rather than getting the TLS configaration from a 
file I added this lines: 
#!ifdef WITH_TLS# ----- tls params -----
modparam("tls", "private_key", 
"/etc/certs/sip.192.168.146.133/key.pem")modparam("tls", "certificate", 
"/etc/certs/sip.192.168.146.133/cert.pem")modparam("tls", "ca_list", 
"/etc/certs/demoCA/cert.pem")
now, Im getting different logs which looks good.  Getting positive results from 
openssl test,
openssl s_client -connect 192.168.146.133:5061 -tls1CONNECTED(00000003)^C
But when I try to connect using my webRTC client or even from web-browsers im 
getting timed out. I think im  close .. please help me fixing this issue.
Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: 
tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9Oct 17 
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls 
[tls_domain.c:287]: fill_missing(): TLSs<default>: 
certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu 
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: 
fill_missing(): TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls 
[tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'Oct 17 16:35:38 
ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls 
[tls_domain.c:305]: fill_missing(): TLSs<default>: require_certificate=0Oct 17 
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls 
[tls_domain.c:312]: fill_missing(): TLSs<default>: cipher_list='(null)'Oct 17 
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls 
[tls_domain.c:319]: fill_missing(): TLSs<default>: 
private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu 
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: 
fill_missing(): TLSs<default>: verify_certificate=0Oct 17 16:35:38 ubuntu 
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: 
fill_missing(): TLSs<default>: verify_depth=9Oct 17 16:35:38 ubuntu 
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:670]: 
set_verification(): TLSs<default>: No client certificate required and no checks 
performedOct 17 16:35:38 ubuntu 
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: 
fill_missing(): TLSc<default>: tls_method=9Oct 17 16:35:38 ubuntu 
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: 
fill_missing(): TLSc<default>: 
certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu 
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: 
fill_missing(): TLSc<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls 
[tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'Oct 17 16:35:38 
ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls 
[tls_domain.c:305]: fill_missing(): TLSc<default>: require_certificate=0Oct 17 
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls 
[tls_domain.c:312]: fill_missing(): TLSc<default>: cipher_list='(null)'Oct 17 
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls 
[tls_domain.c:319]: fill_missing(): TLSc<default>: 
private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu 
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: 
fill_missing(): TLSc<default>: verify_certificate=0Oct 17 16:35:38 ubuntu 
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: 
fill_missing(): TLSc<default>: verify_depth=9Oct 17 16:35:38 ubuntu 
/usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:673]: 
set_verification(): TLSc<default>: Server MAY present invalid certificateOct 17 
16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: INFO: ctl 
[io_listener.c:225]: io_listen_loop(): io_listen_loop:  using epoll_lt io watch 
method (config)


                                                                                
  
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to