[SR-Users] kamailio restart and TLS ( relay_to_tls() )
Dominguez Jover, Ricardo
djover at umh.es
Wed Dec 22 08:58:32 CET 2010
TCP ASYNC=YES fixed the problem (set_forward_no_connect() didn´t.)
I don't know if you notice that "TCP ASYNC" in Core Cook Book v3.1 is not updated with this feature with TLS:
http://www.kamailio.org/dokuwiki/doku.php/core-cookbook:3.1.x#tcp_async
although in Kamailio 3.1 New Features DOC it is:
http://www.kamailio.org/dokuwiki/doku.php/features:new-in-3.1.x#asynchronous_tls
Thanks a lot for your help.
Best regards,
Ricardo Domínguez
-----Mensaje original-----
De: Klaus Darilion [mailto:klaus.mailinglists at pernau.at]
Enviado el: martes, 21 de diciembre de 2010 20:03
Para: Dominguez Jover, Ricardo
CC: sr-users at lists.sip-router.org
Asunto: Re: [SR-Users] kamailio restart and TLS ( relay_to_tls() )
Am 21.12.2010 18:46, schrieb Dominguez Jover, Ricardo:
> Hi again Klaus,
> I understand (now better) what you mean with timing parameters, I was
> just testing to close the first connection. The reason is because when I
> restart kamailio the clients I use reopen a second connection, as you
> said to me. So the solution to this issue could be not to open newer
> connection. I tested, as you said, "set_forward_no_connect();" but may
> be not well enough. I imagine the solution goes by using it.
The TCP connection should be kept alive as long as possible. If for some
reason the TCP connection is lost (client crash, network failure,
kamailio restart) there are two things the should be done:
- the client has to create a new registration on a new TCP connection
- the proxy should ignore contacts without existing TCP connections
(thus use set_forward_no_connect())
> About the question on making TLS connection to the clients, I'm only
> relaying TLS connections to the gateway, who has a certificate. I set
> TCP ASYNC=NO, because I had an error running TLS, as documentation says
> if I use TLS I have to disable asynch TCP.
That was valid with 3.0 release. Since 3.1 release this is fixed and
asynch mode can be used also with TLS.
regards
Klaus
More information about the sr-users
mailing list