Hello,

 

Selinux is not enabled and no firewall is active (except iproutes rules).

 

Looking in the TLS module, I found the modparam  connection_timeout .

 

By default, this parameter is set to 10 minutes (!), but the description says : “ If an I/O event occurs, the timeout will be extended with tcp_connection_lifetime”

 

So I was expecting that after the first successful  REGISTER, this timeout was set to my own param tcp_connection_lifetime value (3605). But it seems this is not the case.

 

I added the TLS parameter connection_timeout and set it also to 3605, and the first result show it seems to work, but I must do more tests to verify it is ok. Setting this parameter to -1 means the TLS connection will never be closed: do you think it is a good idea to set it to -1?

 

 

Regards

 

 

Giovanni

 

From: Daniel-Constantin Mierla-6 [via SIP Router] [mailto:ml-node+[hidden email]]
Sent: jeudi 20 octobre 2016 15:28
To: Mele Giovanni
Subject: Re: TCP FIN after 10 minutes

 

Hello,

do you have selinux enabled or some firewall active on the system?

Cheers,
Daniel


On 20/10/16 13:25, gmele wrote:


> Hello,
>
> we have deployed a Kamailio acting as SIP proxy on a RHEL 7.2 machine.
> Clients (mainly mobile phones) connects to the proxy using a TLS protected
> TCP connection.
>
> In the kamailio config, we've set :
>
> #!ifdef WITH_TLS
> enable_tls=yes
> tcp_async=yes
> tcp_connection_lifetime=3605
> tcp_accept_no_cl=yes
> tcp_crlf_ping = yes
> #!endif
>
> Our problem is that, even if we set the tcp_connection_lifetime to > 1 hour,
> the tcp connection is closed after 10 minutes: on tcp dumps, we see clearly
> the TCP FIN sent by machine hosting the kamailio proxy... Setting parameters
> tcp_keepidle/keepintlv/keepcnt in the kamailio config didn't change the
> behavior. We also set TCP keepalived at system level, but without result...
> This TCP closure is causing us lot of problems when calls between 2 UAs last
> more than 10 minutes because the REINVITE or BYE messages are lost. Also,
> closing the TCP connection will wake up the mobile app and make it resend a
> REGISTER, thing we absolutely want to avoid.
>
> Is there a parameter we can use to avoid this closure? I had a look in
> previous posts, found people with the same problem as mine, but no real
> solution...
>
> Thx for your help.
>
> Giovanni
>
>
>
> --
> View this message in context: http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646.html
> Sent from the Users mailing list archive at Nabble.com.
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> [hidden email]
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Oct 24-26, 2016 - http://www.asipto.com


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
[hidden email]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

If you reply to this email, your message will be added to the discussion below:

http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646p152653.html

To unsubscribe from TCP FIN after 10 minutes, click here.
NAML


View this message in context: RE: TCP FIN after 10 minutes
Sent from the Users mailing list archive at Nabble.com.