20 Oct
2016
20 Oct
'16
8:08 p.m.
Hello,
Selinux is not enabled and no firewall is active (except iproutes rules).
Looking in the TLS module, I found the modparam connection_timeout .
By default, this parameter is set to 10 minutes (!), but the description says : " If
an I/O event occurs, the timeout will be extended with tcp_connection_lifetime"
So I was expecting that after the first successful REGISTER, this timeout was set to my
own param tcp_connection_lifetime value (3605). But it seems this is not the case.
I added the TLS parameter connection_timeout and set it also to 3605, and the first result
show it seems to work, but I must do more tests to verify it is ok. Setting this parameter
to -1 means the TLS connection will never be closed: do you think it is a good idea to set
it to -1?
Regards
Giovanni
From: Daniel-Constantin Mierla-6 [via SIP Router]
[mailto:ml-node+s1086192n152653h9@n5.nabble.com]
Sent: jeudi 20 octobre 2016 15:28
To: Mele Giovanni
Subject: Re: TCP FIN after 10 minutes
Hello,
do you have selinux enabled or some firewall active on the system?
Cheers,
Daniel
On 20/10/16 13:25, gmele wrote:
Hello,
we have deployed a Kamailio acting as SIP proxy on a RHEL 7.2 machine.
Clients (mainly mobile phones) connects to the proxy using a TLS protected
TCP connection.
In the kamailio config, we've set :
#!ifdef WITH_TLS
enable_tls=yes
tcp_async=yes
tcp_connection_lifetime=3605
tcp_accept_no_cl=yes
tcp_crlf_ping = yes
#!endif
Our problem is that, even if we set the tcp_connection_lifetime to > 1 hour,
the tcp connection is closed after 10 minutes: on tcp dumps, we see clearly
the TCP FIN sent by machine hosting the kamailio proxy... Setting parameters
tcp_keepidle/keepintlv/keepcnt in the kamailio config didn't change the
behavior. We also set TCP keepalived at system level, but without result...
This TCP closure is causing us lot of problems when calls between 2 UAs last
more than 10 minutes because the REINVITE or BYE messages are lost. Also,
closing the TCP connection will wake up the mobile app and make it resend a
REGISTER, thing we absolutely want to avoid.
Is there a parameter we can use to avoid this closure? I had a look in
previous posts, found people with the same problem as mine, but no real
solution...
Thx for your help.
Giovanni
--
View this message in context:
http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646.h…
Sent from the Users mailing list archive at Nabble.com.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
[hidden email]</user/SendEmail.jtp?type=node&node=152653&i=0>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Oct 24-26, 2016 - http://www.asipto.com
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
[hidden email]</user/SendEmail.jtp?type=node&node=152653&i=1>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
________________________________
If you reply to this email, your message will be added to the discussion below:
http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646p1…
To unsubscribe from TCP FIN after 10 minutes, click
here<http://sip-router.1086192.n5.nabble.com/template/NamlServlet.jtp?ma…U2MDgyNTA0>.
NAML<http://sip-router.1086192.n5.nabble.com/template/NamlServlet.jtp?ma…
--
View this message in context:
http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646p1…
Sent from the Users mailing list archive at Nabble.com.