[Serusers] TLS support in SER
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Jan 27 13:40:36 CET 2006
So the question is: Does natping also works with TCP and TLS? Has
someone ever tried this?
regards
klaus
Cesc wrote:
> I have never tried because we don't have nats in my project. Now, if
> the natping thing updates de expire-timer that the ser tcp core keeps
> (in the tcp_conn object list), then there is no problem.
> I mean, the problem is not the nat machine closing the binding ... the
> problem is ser executing a "close" on the socket. This may either then
> shutdown the nat binding, or in most end-points mean that no incoming
> connections can be accepted (most end-points do not support incoming
> tls call establishment ... they can only connect to a tls server, that
> is, a sip proxy).
>
> Regards,
>
> Cesc
>
> On 1/27/06, Atle Samuelsen <clona at cyberhouse.no> wrote:
>
>>Hi Cesc,
>>
>>cant this be "fixed" with haveing the natping from server-side? (like
>>sending options requests every say 80 sec? (or even more if you adjust
>>it in the ser's source?)
>>
>>-Atle
>>
>>* Cesc <cesc.santa at gmail.com> [060127 09:19]:
>>
>>>Mmm ... one comes to mind ...
>>>ser/openser will close the tcp/tls connection after a couple minutes
>>>of inactivity by the phone ... thus, you either change this in ser's
>>>source code or you force your phone to re-register every 90 seconds or
>>>so ... otherwise, the tcp/tls connection is closed, thus the phone
>>>cannot be reached (for incoming calls).
>>>
>>>Cesc
>>>
>>>On 1/25/06, Yi Zheng <yizheng at sbcglobal.net> wrote:
>>>
>>>>thanks for the pointer.
>>>>
>>>>Are there known issues for TCP+TLS to work across NAT? The few NAT travesal
>>>>sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with
>>>>UDP only.
>>>>
>>>>- ming
>>>>
>>>>Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>>>>Yi Zheng wrote:
>>>>
>>>>>Hi,
>>>>>
>>>>>I am wondering whether SER has any support for TLS as a security
>>>>>mechanism? Thanks,
>>>>
>>>>Yes. It is in the experimental tree:
>>>>http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
>>>>
>>>>You can also try openser, which has TLS integrated in the stable version
>>>>1.0.0
>>>>
>>>>regards
>>>>klaus
>>>>
>>>>
>>>>_______________________________________________
>>>>Serusers mailing list
>>>>serusers at lists.iptel.org
>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>>
>>>>
>>>
>>>_______________________________________________
>>>Serusers mailing list
>>>serusers at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list