[SR-Users] NAT, TLS and location table

Klaus Darilion klaus.mailinglists at pernau.at
Fri Feb 11 12:30:01 CET 2011



Am 11.02.2011 12:15, schrieb Bernhard Suttner:
> Hi,
> 
> I am using TLS and recognize the following problem:
> 
> The TLS connection are build up successfully but the natping
> (natping_interval = 10) does not send small dummy packets to the
> phones. The phones are behind a firewall with NAT. Registered phones
> with NAT but UDP do work correctly. They are getting the natping
> every 10 seconds. After 120 seconds (should be the
> tcp_connection_timeout) kamailio does send a FIN to the TLS phone to
> close the TLS connection.

IIRC the keep-alive code in nathelper module sends CRLF only on UDP. IMO
it would be nice if it sends it also on TCP/TLS connections, at least as
a config option. Of course the code should also take care of not setting
up a new TCP connection if the old one is gone.

I once have seen a client which was confused by the CRLF and then closes
the TCP connection, so there might be other problems as well.

Of course the proper solution (IETF view) is that the clients sends
keep-alive (SIP outbound RFC).

> Should I increase the tcp_connection_timeout to a value bigger than
> the registration timeout? I thought I do not need that, because of
> the natping_interval. Is it maybe better to use a SIP-Options Ping
> instead of the small dummy packets? I would prefer the dummy packets
> because they are much smaller.

http://www.kamailio.org/dokuwiki/doku.php/install:1.5.x-to-3.0.0#tcp_connection_lifetime

http://www.kamailio.org/dokuwiki/doku.php/core-cookbook:3.1.x#tcp_keepalive
and
http://www.kamailio.org/dokuwiki/doku.php/core-cookbook:3.1.x#set_forward_no_connect
(to be used after lookup())
might be interesting too.


regards
klaus




More information about the sr-users mailing list