[Serusers] TLS support in SER

Atle Samuelsen clona at cyberhouse.no
Sat Jan 28 11:25:39 CET 2006 

Hi Nils,

* Nils Ohlmeier <lists at ohlmeier.org> [060128 01:06]:
> On Friday 27 January 2006 16:53, Klaus Darilion wrote:
> > Atle Samuelsen wrote:
> > > Hi Klaus,
> > >
> > > That's a good Question :p I've never tried it.. Hopefully it works :-)
> > >
> > > Regarding Cesc's answer,, I dont have the slightest clue if it would
> > > update the timer.. but, I guess it would :-)
> >
> > I think any read/write on a TCP connection will update the timer.
> 
> Yes, from my own experience with TCP connections and SER I can report, that as 
> long as the re-registration time is below the TCP drop connection timeout the 
> connection will stay up (as long as the server does not run into other 
> resource problems I guess). Any other SIP request should do it as well. I'm 
> just not sure about the empty keep alive packets.
> 

In CVS ser, you have a new natping function, that will build
sip-requests instead of the old emty keep alive packets.

So, if that functionality works, it should be very cool :D


- Atle

>   Nils
> 
> > regards
> > klaus
> >
> > > -Atle
> > >
> > > * Klaus Darilion <klaus.mailinglists at pernau.at> [060127 13:40]:
> > >>So the question is: Does natping also works with TCP and TLS? Has someone
> > >> ever tried this?
> > >>
> > >>regards
> > >>klaus
> > >>
> > >>Cesc wrote:
> > >>>I have never tried because we don't have nats in my project. Now, if
> > >>>the natping thing updates de expire-timer that the ser tcp core keeps
> > >>>(in the tcp_conn object list), then there is no problem.
> > >>>I mean, the problem is not the nat machine closing the binding ... the
> > >>>problem is ser executing a "close" on the socket. This may either then
> > >>>shutdown the nat binding, or in most end-points mean that no incoming
> > >>>connections can be accepted (most end-points do not support incoming
> > >>>tls call establishment ... they can only connect to a tls server, that
> > >>>is, a sip proxy).
> > >>>Regards,
> > >>>Cesc
> > >>>
> > >>>On 1/27/06, Atle Samuelsen <clona at cyberhouse.no> wrote:
> > >>>>Hi Cesc,
> > >>>>
> > >>>>cant this be "fixed" with haveing the natping from server-side? (like
> > >>>>sending options requests every say 80 sec? (or even more if you adjust
> > >>>>it in the ser's source?)
> > >>>>
> > >>>>-Atle
> > >>>>
> > >>>>* Cesc <cesc.santa at gmail.com> [060127 09:19]:
> > >>>>>Mmm ... one comes to mind ...
> > >>>>>ser/openser will close the tcp/tls connection after a couple minutes
> > >>>>>of inactivity by the phone ... thus, you either change this in ser's
> > >>>>>source code or you force your phone to re-register every 90 seconds or
> > >>>>>so ... otherwise, the tcp/tls connection is closed, thus the phone
> > >>>>>cannot be reached (for incoming calls).
> > >>>>>
> > >>>>>Cesc
> > >>>>>
> > >>>>>On 1/25/06, Yi Zheng <yizheng at sbcglobal.net> wrote:
> > >>>>>>thanks for the pointer.
> > >>>>>>
> > >>>>>>Are there known issues for TCP+TLS to work across NAT? The few NAT
> > >>>>>> travesal sloutions I am aware of such as STUN, nathelper+rtp proxy
> > >>>>>> seem to work with UDP only.
> > >>>>>>
> > >>>>>>- ming
> > >>>>>>
> > >>>>>>Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
> > >>>>>>
> > >>>>>>Yi Zheng wrote:
> > >>>>>>>Hi,
> > >>>>>>>
> > >>>>>>>I am wondering whether SER has any support for TLS as a security
> > >>>>>>>mechanism? Thanks,
> > >>>>>>
> > >>>>>>Yes. It is in the experimental tree:
> > >>>>>>http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
> > >>>>>>
> > >>>>>>You can also try openser, which has TLS integrated in the stable
> > >>>>>> version 1.0.0
> > >>>>>>
> > >>>>>>regards
> > >>>>>>klaus
> > >>>>>>
> > >>>>>>
> > >>>>>>_______________________________________________
> > >>>>>>Serusers mailing list
> > >>>>>>serusers at lists.iptel.org
> > >>>>>>http://lists.iptel.org/mailman/listinfo/serusers
> > >>>>>
> > >>>>>_______________________________________________
> > >>>>>Serusers mailing list
> > >>>>>serusers at lists.iptel.org
> > >>>>>http://lists.iptel.org/mailman/listinfo/serusers
> > >>>
> > >>>_______________________________________________
> > >>>Serusers mailing list
> > >>>serusers at lists.iptel.org
> > >>>http://lists.iptel.org/mailman/listinfo/serusers
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
>

More information about the sr-users mailing list