Hello,
Selinux is not enabled and no firewall is active (except iproutes rules).
Looking in the TLS module, I found the modparam connection_timeout .
By default, this parameter is set to 10 minutes (!), but the description says : " If an I/O event occurs, the timeout will be extended with tcp_connection_lifetime"
So I was expecting that after the first successful REGISTER, this timeout was set to my own param tcp_connection_lifetime value (3605). But it seems this is not the case.
I added the TLS parameter connection_timeout and set it also to 3605, and the first result show it seems to work, but I must do more tests to verify it is ok. Setting this parameter to -1 means the TLS connection will never be closed: do you think it is a good idea to set it to -1?
Regards
Giovanni
From: Daniel-Constantin Mierla-6 [via SIP Router] [mailto:ml-node+s1086192n152653h9@n5.nabble.com] Sent: jeudi 20 octobre 2016 15:28 To: Mele Giovanni Subject: Re: TCP FIN after 10 minutes
Hello,
do you have selinux enabled or some firewall active on the system?
Cheers, Daniel
On 20/10/16 13:25, gmele wrote:
Hello,
we have deployed a Kamailio acting as SIP proxy on a RHEL 7.2 machine. Clients (mainly mobile phones) connects to the proxy using a TLS protected TCP connection.
In the kamailio config, we've set :
#!ifdef WITH_TLS enable_tls=yes tcp_async=yes tcp_connection_lifetime=3605 tcp_accept_no_cl=yes tcp_crlf_ping = yes #!endif
Our problem is that, even if we set the tcp_connection_lifetime to > 1 hour, the tcp connection is closed after 10 minutes: on tcp dumps, we see clearly the TCP FIN sent by machine hosting the kamailio proxy... Setting parameters tcp_keepidle/keepintlv/keepcnt in the kamailio config didn't change the behavior. We also set TCP keepalived at system level, but without result... This TCP closure is causing us lot of problems when calls between 2 UAs last more than 10 minutes because the REINVITE or BYE messages are lost. Also, closing the TCP connection will wake up the mobile app and make it resend a REGISTER, thing we absolutely want to avoid.
Is there a parameter we can use to avoid this closure? I had a look in previous posts, found people with the same problem as mine, but no real solution...
Thx for your help.
Giovanni
-- View this message in context: http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646.ht... Sent from the Users mailing list archive at Nabble.com.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list [hidden email]</user/SendEmail.jtp?type=node&node=152653&i=0> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Training, Berlin, Oct 24-26, 2016 - http://www.asipto.com
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list [hidden email]</user/SendEmail.jtp?type=node&node=152653&i=1> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
________________________________ If you reply to this email, your message will be added to the discussion below: http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646p15... To unsubscribe from TCP FIN after 10 minutes, click herehttp://sip-router.1086192.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=152646&code=Z2lvdmFubmkubWVsZUBuYWdyYS5jb218MTUyNjQ2fC0xNzU2MDgyNTA0. NAMLhttp://sip-router.1086192.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
-- View this message in context: http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646p15... Sent from the Users mailing list archive at Nabble.com.