<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html;

      charset=windows-1252">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hello,</p>

    <p>I relaxed that condition to not connect on forwarding only for

      initial requests going though nat. Can you test with latest master

      and see how is going for your use case?</p>

    <p>Cheers,<br>

      Daniel<br>

    </p>

    <div class="moz-cite-prefix">On 09.09.19 02:00, Anthony Joseph

      Messina wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:6633389.emmfkzaLAu@linux-ws1.messinet.com">

      <pre class="moz-quote-pre" wrap="">In preparation for the 5.3 release, I've been testing the following 

configuration change for TCP/TLS connections:

<a class="moz-txt-link-freetext" href="https://github.com/kamailio/kamailio/commit/">https://github.com/kamailio/kamailio/commit/</a>

8bba208fe6ae7ccb4c92362b8c33f1530b9f56da

route[REQINIT] {

        # no connect for sending replies

        set_reply_no_connect();

        if(has_totag()) {

                # no connect for requests within dialog

                set_forward_no_connect();

        }

This change creates issues when a UAC TLS INVITE routes to an upstream gateway 

using TLS to port 5061 (via the LCR module).  Kamailio sends the initial 

outbound TLS connection from a local ephemeral port.  The TCPOPS 

tcp_keepalive_enable function issues keepalives from the local ephemeral port 

to the gateway port 5061:

<a class="moz-txt-link-freetext" href="https://kamailio.org/docs/modules/stable/modules/">https://kamailio.org/docs/modules/stable/modules/</a>

tcpops#tcpops.f.tcp_keepalive_enable

Even so, the TLS connection eventually times out, after which in-dialog 

requests from the UAC are no longer able to reach the upstream gateway.

ERROR: tm [../../core/forward.h:293]: msg_send_buffer(): tcp_send failed

WARNING: tm [t_fwd.c:1570]: t_send_branch(): sending request on branch 0 

failed

ERROR: sl [sl_funcs.c:372]: sl_reply_error(): stateless error reply used: 

Unfortunately error on sending to next hop occurred (477/SL)

I figure I must be doing something wrong with my TCPOPS here.  Is a TLS 

connection to an upstream gateway supposed to be maintained throughout the 

duration of a call?

</pre>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

Kamailio (SER) - Users Mailing List

<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>

<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

    </blockquote>

    <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>

<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a></pre>

  </body>

</html>