[SR-Users] kamailio restart and TLS ( relay_to_tls() )
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Dec 21 10:46:38 CET 2010
Am 21.12.2010 08:30, schrieb Dominguez Jover, Ricardo:
> Hi everybody,
>
> Since I implemented Kamailio 3.1 with TLS I’ve found a strange behavior.
> That is, with some clients (Bria and Blink) registered, if I restart
> Kamailio, then when the clients re-register the strange behaivour
> happens. This behavior consist on receiving calls, it took about 15
> seconds to receive the first tone since the call was made.
This sounds like some timeout.
Just think about what may happen: you restart Kamailio - thus the TCP
connection is terminated and probably the client will create a new
registration using a new TCP connection.
As the old registration was not deREGISTERed, you will have 2 entries in
your location table: one for the new registration (if the client already
registered) and one for the old one (pointing to a non-existing TCP
connection).
No on incoming call, Kamailio will try to estblish a TCP connection to
the old contact - which for sure will fail of the client is behind NAT
or a firewall.
There are several TCP parameters to tweak, e.g:
make sure TCP is non-blocking:
http://www.kamailio.org/dokuwiki/doku.php/core-cookbook:3.1.x#tcp_async
do not try to open TCP connections to SIP clients when they are known to
be behind NAT/FW.
http://www.kamailio.org/dokuwiki/doku.php/core-cookbook:3.1.x#set_forward_no_connect
There are also some more TCP functions which can be used to change the
behavior, just look around set_forward_no_connect() function in core
cookbook.
regards
klaus
regards
Klaus
>
> I made the following modification in the “route[Relay]” config. The
> reason is I wanted my gateway and Kamailio to make signaling by TLS.
> Without this modification the signaling was unencrypted (SIP):
>
> route[RELAY] {
>
> #!ifdef WITH_NAT
>
> if (check_route_param("nat=yes")) {
>
> setbflag(FLB_NATB);
>
> }
>
> if (isflagset(FLT_NATS) || isbflagset(FLB_NATB)) {
>
> route(RTPPROXY);
>
> }
>
> #!endif
>
> /* example how to enable some additional event routes */
>
> if (is_method("INVITE")) {
>
> #t_on_branch("BRANCH_ONE");
>
> t_on_reply("REPLY_ONE");
>
> t_on_failure("FAIL_ONE");
>
> }
>
> *# Se comunica con el GWa traves de TLS *
>
> ***if(!( ($od=~"mydomain.com") && ( ($rU=~"[a-z]{3,20}$") ||
> ($rU=~"^xx[0-9][0-9]$") ) ) ) { ### If I’m calling a PBX extension do
> the signaling by TLS with the gateway (Cisco 2811)*
>
> **
>
> * if (!t_relay_to_tls()) {*
>
> * sl_reply_error();*
>
> * }*
>
> } else if {
>
> if (!t_relay()) {
>
> sl_reply_error();
>
> }
>
> }
>
> exit;
>
> }
>
> The rest of functionalities are working really fine. Any idea about what
> is happening?
>
> Cheers!
>
> *Ricardo Domínguez*
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
More information about the sr-users
mailing list