VoIP Software trouble

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

VoIP Software trouble

gswijker
Hello,
 
I have trouble with a VoIP software. It can't connect to the VoIP server.
Log of working software:
09:14:56.3 Telephony device Loading
09:14:56.5 Telephony device License: CRM
09:15:01.0 Telephony device Connecting
09:15:01.1 Telephony device Method: XSI-HTTPS
09:15:01.1 Telephony device Connecting
09:15:01.1 Telephony device Verified: CN=*.interact.mtel.eu, OU=PositiveSSL
Wildcard, OU=Domain Control Validated
09:15:01.2 Telephony device Version: 21.0
09:15:01.5 Telephony device Channel started
09:15:01.5 Telephony device Fetching directory: Extensions
09:15:01.9 Telephony device 2 common records
09:15:02.0 Telephony device 0 personal records
09:15:02.0 Telephony device 127 records downloaded, 0 seconds
09:15:02.6 Telephony device Service pack found: OBT CONNECTOR CRM
09:15:02.6 Telephony device Service pack: CRM
09:15:02.6 Telephony device License: CRM

Log of not working software:
10:13:44.5 Telephony device Loading
10:13:44.6 Telephony device License: CRM
10:13:49.1 Telephony device Connecting
10:13:49.2 Telephony device Method: XSI-HTTPS
10:13:49.2 Telephony device Connecting

OS: Debian Linux 9 v19.36
Squid Proxy Server v3.5

tail -f /var/log/squid/access.log:
1564047457.829  65109 10.1.10.224 TAG_NONE/503 0 CONNECT
clients.interact.mtel.eu:443 - HIER_NONE/- -

/etc/squid/squid.conf:
acl all src all
acl localhost src 127.0.0.1/32
acl localnet src 10.1.9.0/24
acl localnet src 10.1.10.0/24
acl localnet src 172.19.142.0/24

icp_port 3130
icp_access allow all

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 2208 # Evolve OBT
acl Safe_ports port 2209 # Evolve OBT
acl CONNECT method CONNECT
acl HTTPS proto HTTPS

http_access allow all
http_access allow localnet
http_access allow localhost
http_access deny all

http_port 3128
http_port 3130

dns_v4_first on

ssl_bump peek all
ssl_bump splice all

http_access allow localhost manager
http_access deny manager

http_port 3128
cache_mem 1048 MB
cache_dir ufs /var/spool/squid 100 16 256

access_log /var/log/squid/combined.log combined
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/debug.log
coredump_dir /var/spool/squid
strip_query_terms off

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

cache_effective_user proxy
check_hostnames off
cache_effective_group proxy

I have search for months, but I can't find the solution.
Can someone help me? I'm a linux novice, so do it step by step, please.

Best regards,
gswijker




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: VoIP Software trouble

Alex Rousskov
On 7/25/19 6:00 AM, gswijker wrote:

> Squid Proxy Server v3.5
...
> ssl_bump peek all
> ssl_bump splice all

Please upgrade to Squid v4 (at least) or stop using SslBump features,
depending on whether you actually need SslBump features. And if you do
need SslBump features, then you must configure http_port(s) accordingly.


> tail -f /var/log/squid/access.log:
> 1564047457.829  65109 10.1.10.224 TAG_NONE/503 0 CONNECT
> clients.interact.mtel.eu:443 - HIER_NONE/- -

The primary question is why is your Squid responding with a 503 error to
the CONNECT request? Perhaps Squid cannot resolve
clients.interact.mtel.eu domain name? You can see Squid error response
(that may have more details) in a packet capture (or, probably, in
cache.log after setting debug_options to ALL,2).


> http_access allow all
> http_access allow localnet
> http_access allow localhost
> http_access deny all
...
> http_access allow localhost manager
> http_access deny manager


This combination does not make sense. The very first rule is the only
one that will work, potentially turning your Squid into an open proxy.
However, this is not the reason for those 503 errors.


> http_port 3128
> http_port 3130
...
> http_port 3128

One http_port directive per port/address, please. Perhaps you are not
looking at cache.log errors/warnings? They are often useful.


> I'm a linux novice, so do it step by step, please.

Sorry, the above is all I had time for. If you need more detailed
instructions, then hopefully somebody on the list can give them to you.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: VoIP Software trouble

gswijker
Hello Alex,

I have upgrade the OS to Debian Linux 10 with Squid version 4.6.

The /etc/squid/squid.conf is now basic with:
http_access allow all (for testing)
dns_v4_first on
debug_option All,2

tail -f /var/log/squid/cache.log:
---------
CONNECT clients.interact.mtel.eu:443 HTTP/1.1
User-Agent: Connect 3.1.0.18300
Host: clients.interact.mtel.eu


----------
2019/07/29 09:50:52.762 kid1| 85,2| client_side_request.cc(752)
clientAccessCheckDone: The request CONNECT clients.interact.mtel.eu:443 is
ALLOWED; last ACL checked: all
2019/07/29 09:50:52.762 kid1| 85,2| client_side_request.cc(728)
clientAccessCheck2: No adapted_http_access configuration. default: ALLOW
2019/07/29 09:50:52.762 kid1| 85,2| client_side_request.cc(752)
clientAccessCheckDone: The request CONNECT clients.interact.mtel.eu:443 is
ALLOWED; last ACL checked: all
2019/07/29 09:50:52.762 kid1| 44,2| peer_select.cc(281) peerSelectDnsPaths:
Find IP destination for: clients.interact.mtel.eu:443' via
clients.interact.mtel.eu
2019/07/29 09:50:52.762 kid1| 44,2| peer_select.cc(302) peerSelectDnsPaths:
Found sources for 'clients.interact.mtel.eu:443'
2019/07/29 09:50:52.762 kid1| 44,2| peer_select.cc(303) peerSelectDnsPaths:  
always_direct = DENIED
2019/07/29 09:50:52.762 kid1| 44,2| peer_select.cc(304) peerSelectDnsPaths:  
never_direct = DENIED
2019/07/29 09:50:52.762 kid1| 44,2| peer_select.cc(308) peerSelectDnsPaths:        
DIRECT = local=0.0.0.0 remote=91.220.147.34:443 flags=1
2019/07/29 09:50:52.762 kid1| 44,2| peer_select.cc(317) peerSelectDnsPaths:      
timedout = 0
2019/07/29 09:51:52.793 kid1| 4,2| errorpage.cc(1259) BuildContent: No
existing error page language negotiated for ERR_CONNECT_FAIL. Using default
error file.
2019/07/29 09:51:52.793 kid1| 33,2| client_side.cc(582) swanSong:
local=10.1.9.55:3128 remote=10.1.10.131:50756 flags=1
2019/07/29 09:51:58.822 kid1| 5,2| TcpAcceptor.cc(224) doAccept: New
connection on FD 14
2019/07/29 09:51:58.822 kid1| 5,2| TcpAcceptor.cc(317) acceptNext:
connection on local=[::]:3128 remote=[::] FD 14 flags=9
2019/07/29 09:51:58.822 kid1| 17,2| QosConfig.cc(126)
getNfmarkFromConnection: QOS: Failed to retrieve connection mark: (-1) (1)
Operation not permitted (Destination 10.1.9.55:3128, source
10.1.10.131:50767)
2019/07/29 09:51:58.823 kid1| 11,2| client_side.cc(1319) parseHttpRequest:
HTTP Client local=10.1.9.55:3128 remote=10.1.10.131:50767 FD 9 flags=1
2019/07/29 09:51:58.823 kid1| 11,2| client_side.cc(1323) parseHttpRequest:
HTTP Client REQUEST:

Best regards,
Sebastiaan



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: VoIP Software trouble

Alex Rousskov
On 7/29/19 3:56 AM, gswijker wrote:

> tail -f /var/log/squid/cache.log:
> ---------
> CONNECT clients.interact.mtel.eu:443 HTTP/1.1
> User-Agent: Connect 3.1.0.18300
> Host: clients.interact.mtel.eu
>
>
> ----------
> 2019/07/29 09:50:52.762 kid1| ... DIRECT remote=91.220.147.34:443
> 2019/07/29 09:51:52.793 kid1| ... ERR_CONNECT_FAIL.

Your Squid cannot establish a TCP connection to 91.220.147.34 port 443.
Judging by the timestamps, there was a 60 second timeout somewhere. I do
not know why the connection attempt timed out, but the answer probably
lies outside of Squid itself. FWIW, my Squid can connect to that address.

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: VoIP Software trouble

gswijker
Hello Alex,

After I changed the IP of the proxy, the software starts to worked.
The IP address was blocked by mtel.eu.

Thanks for your help.

Best regards,
Sebastiaan



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users