[SR-Users] NAT, TLS and location table
Bernhard Suttner
bernhard.suttner at winet.ch
Fri Feb 11 13:15:42 CET 2011
Hi,
thanks for you response. Do you think that kamailio does send sip-options-ping within TCP/TLS (instead of sending the dummy packets)?
Best regards,
Bernhard
-----Ursprüngliche Nachricht-----
Von: Klaus Darilion [mailto:klaus.mailinglists at pernau.at]
Gesendet: Freitag, 11. Februar 2011 12:30
An: Bernhard Suttner
Cc: sr-users at lists.sip-router.org
Betreff: Re: [SR-Users] NAT, TLS and location table
Am 11.02.2011 12:15, schrieb Bernhard Suttner:
> Hi,
>
> I am using TLS and recognize the following problem:
>
> The TLS connection are build up successfully but the natping
> (natping_interval = 10) does not send small dummy packets to the
> phones. The phones are behind a firewall with NAT. Registered phones
> with NAT but UDP do work correctly. They are getting the natping
> every 10 seconds. After 120 seconds (should be the
> tcp_connection_timeout) kamailio does send a FIN to the TLS phone to
> close the TLS connection.
IIRC the keep-alive code in nathelper module sends CRLF only on UDP. IMO
it would be nice if it sends it also on TCP/TLS connections, at least as
a config option. Of course the code should also take care of not setting
up a new TCP connection if the old one is gone.
I once have seen a client which was confused by the CRLF and then closes
the TCP connection, so there might be other problems as well.
Of course the proper solution (IETF view) is that the clients sends
keep-alive (SIP outbound RFC).
> Should I increase the tcp_connection_timeout to a value bigger than
> the registration timeout? I thought I do not need that, because of
> the natping_interval. Is it maybe better to use a SIP-Options Ping
> instead of the small dummy packets? I would prefer the dummy packets
> because they are much smaller.
http://www.kamailio.org/dokuwiki/doku.php/install:1.5.x-to-3.0.0#tcp_connection_lifetime
http://www.kamailio.org/dokuwiki/doku.php/core-cookbook:3.1.x#tcp_keepalive
and
http://www.kamailio.org/dokuwiki/doku.php/core-cookbook:3.1.x#set_forward_no_connect
(to be used after lookup())
might be interesting too.
regards
klaus
More information about the sr-users
mailing list