[Serusers] TLS support in SER

Nils Ohlmeier lists at ohlmeier.org
Sat Jan 28 01:06:38 CET 2006 

On Friday 27 January 2006 16:53, Klaus Darilion wrote:
> Atle Samuelsen wrote:
> > Hi Klaus,
> >
> > That's a good Question :p I've never tried it.. Hopefully it works :-)
> >
> > Regarding Cesc's answer,, I dont have the slightest clue if it would
> > update the timer.. but, I guess it would :-)
>
> I think any read/write on a TCP connection will update the timer.

Yes, from my own experience with TCP connections and SER I can report, that as 
long as the re-registration time is below the TCP drop connection timeout the 
connection will stay up (as long as the server does not run into other 
resource problems I guess). Any other SIP request should do it as well. I'm 
just not sure about the empty keep alive packets.

  Nils

> regards
> klaus
>
> > -Atle
> >
> > * Klaus Darilion <klaus.mailinglists at pernau.at> [060127 13:40]:
> >>So the question is: Does natping also works with TCP and TLS? Has someone
> >> ever tried this?
> >>
> >>regards
> >>klaus
> >>
> >>Cesc wrote:
> >>>I have never tried because we don't have nats in my project. Now, if
> >>>the natping thing updates de expire-timer that the ser tcp core keeps
> >>>(in the tcp_conn object list), then there is no problem.
> >>>I mean, the problem is not the nat machine closing the binding ... the
> >>>problem is ser executing a "close" on the socket. This may either then
> >>>shutdown the nat binding, or in most end-points mean that no incoming
> >>>connections can be accepted (most end-points do not support incoming
> >>>tls call establishment ... they can only connect to a tls server, that
> >>>is, a sip proxy).
> >>>Regards,
> >>>Cesc
> >>>
> >>>On 1/27/06, Atle Samuelsen <clona at cyberhouse.no> wrote:
> >>>>Hi Cesc,
> >>>>
> >>>>cant this be "fixed" with haveing the natping from server-side? (like
> >>>>sending options requests every say 80 sec? (or even more if you adjust
> >>>>it in the ser's source?)
> >>>>
> >>>>-Atle
> >>>>
> >>>>* Cesc <cesc.santa at gmail.com> [060127 09:19]:
> >>>>>Mmm ... one comes to mind ...
> >>>>>ser/openser will close the tcp/tls connection after a couple minutes
> >>>>>of inactivity by the phone ... thus, you either change this in ser's
> >>>>>source code or you force your phone to re-register every 90 seconds or
> >>>>>so ... otherwise, the tcp/tls connection is closed, thus the phone
> >>>>>cannot be reached (for incoming calls).
> >>>>>
> >>>>>Cesc
> >>>>>
> >>>>>On 1/25/06, Yi Zheng <yizheng at sbcglobal.net> wrote:
> >>>>>>thanks for the pointer.
> >>>>>>
> >>>>>>Are there known issues for TCP+TLS to work across NAT? The few NAT
> >>>>>> travesal sloutions I am aware of such as STUN, nathelper+rtp proxy
> >>>>>> seem to work with UDP only.
> >>>>>>
> >>>>>>- ming
> >>>>>>
> >>>>>>Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
> >>>>>>
> >>>>>>Yi Zheng wrote:
> >>>>>>>Hi,
> >>>>>>>
> >>>>>>>I am wondering whether SER has any support for TLS as a security
> >>>>>>>mechanism? Thanks,
> >>>>>>
> >>>>>>Yes. It is in the experimental tree:
> >>>>>>http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
> >>>>>>
> >>>>>>You can also try openser, which has TLS integrated in the stable
> >>>>>> version 1.0.0
> >>>>>>
> >>>>>>regards
> >>>>>>klaus
> >>>>>>
> >>>>>>
> >>>>>>_______________________________________________
> >>>>>>Serusers mailing list
> >>>>>>serusers at lists.iptel.org
> >>>>>>http://lists.iptel.org/mailman/listinfo/serusers
> >>>>>
> >>>>>_______________________________________________
> >>>>>Serusers mailing list
> >>>>>serusers at lists.iptel.org
> >>>>>http://lists.iptel.org/mailman/listinfo/serusers
> >>>
> >>>_______________________________________________
> >>>Serusers mailing list
> >>>serusers at lists.iptel.org
> >>>http://lists.iptel.org/mailman/listinfo/serusers
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list