[Serusers] TLS support in SER

Atle Samuelsen clona at cyberhouse.no
Fri Jan 27 14:03:30 CET 2006 

Hi Klaus, 

That's a good Question :p I've never tried it.. Hopefully it works :-) 

Regarding Cesc's answer,, I dont have the slightest clue if it would
update the timer.. but, I guess it would :-)

-Atle

* Klaus Darilion <klaus.mailinglists at pernau.at> [060127 13:40]:
> So the question is: Does natping also works with TCP and TLS? Has someone ever tried this?
> 
> regards
> klaus
> 
> Cesc wrote:
> >I have never tried because we don't have nats in my project. Now, if
> >the natping thing updates de expire-timer that the ser tcp core keeps
> >(in the tcp_conn object list), then there is no problem.
> >I mean, the problem is not the nat machine closing the binding ... the
> >problem is ser executing a "close" on the socket. This may either then
> >shutdown the nat binding, or in most end-points mean that no incoming
> >connections can be accepted (most end-points do not support incoming
> >tls call establishment ... they can only connect to a tls server, that
> >is, a sip proxy).
> >Regards,
> >Cesc
> >On 1/27/06, Atle Samuelsen <clona at cyberhouse.no> wrote:
> >>Hi Cesc,
> >>
> >>cant this be "fixed" with haveing the natping from server-side? (like
> >>sending options requests every say 80 sec? (or even more if you adjust
> >>it in the ser's source?)
> >>
> >>-Atle
> >>
> >>* Cesc <cesc.santa at gmail.com> [060127 09:19]:
> >>
> >>>Mmm ... one comes to mind ...
> >>>ser/openser will close the tcp/tls connection after a couple minutes
> >>>of inactivity by the phone ... thus, you either change this in ser's
> >>>source code or you force your phone to re-register every 90 seconds or
> >>>so ... otherwise, the tcp/tls connection is closed, thus the phone
> >>>cannot be reached (for incoming calls).
> >>>
> >>>Cesc
> >>>
> >>>On 1/25/06, Yi Zheng <yizheng at sbcglobal.net> wrote:
> >>>
> >>>>thanks for the pointer.
> >>>>
> >>>>Are there known issues for TCP+TLS to work across NAT? The few NAT travesal
> >>>>sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with
> >>>>UDP only.
> >>>>
> >>>>- ming
> >>>>
> >>>>Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
> >>>>Yi Zheng wrote:
> >>>>
> >>>>>Hi,
> >>>>>
> >>>>>I am wondering whether SER has any support for TLS as a security
> >>>>>mechanism? Thanks,
> >>>>
> >>>>Yes. It is in the experimental tree:
> >>>>http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
> >>>>
> >>>>You can also try openser, which has TLS integrated in the stable version
> >>>>1.0.0
> >>>>
> >>>>regards
> >>>>klaus
> >>>>
> >>>>
> >>>>_______________________________________________
> >>>>Serusers mailing list
> >>>>serusers at lists.iptel.org
> >>>>http://lists.iptel.org/mailman/listinfo/serusers
> >>>>
> >>>>
> >>>>
> >>>
> >>>_______________________________________________
> >>>Serusers mailing list
> >>>serusers at lists.iptel.org
> >>>http://lists.iptel.org/mailman/listinfo/serusers
> >>>
> >>
> >_______________________________________________
> >Serusers mailing list
> >serusers at lists.iptel.org
> >http://lists.iptel.org/mailman/listinfo/serusers
> 
>

More information about the sr-users mailing list