[SR-Users] TCP FIN after 10 minutes

gmele giovanni.mele at nagra.com
Thu Oct 20 19:08:48 CEST 2016


Selinux is not enabled and no firewall is active (except iproutes rules).

Looking in the TLS module, I found the modparam  connection_timeout .

By default, this parameter is set to 10 minutes (!), but the description says : " If an I/O event occurs, the timeout will be extended with tcp_connection_lifetime"

So I was expecting that after the first successful  REGISTER, this timeout was set to my own param tcp_connection_lifetime value (3605). But it seems this is not the case.

I added the TLS parameter connection_timeout and set it also to 3605, and the first result show it seems to work, but I must do more tests to verify it is ok. Setting this parameter to -1 means the TLS connection will never be closed: do you think it is a good idea to set it to -1?



From: Daniel-Constantin Mierla-6 [via SIP Router] [mailto:ml-node+s1086192n152653h9 at n5.nabble.com]
Sent: jeudi 20 octobre 2016 15:28
To: Mele Giovanni
Subject: Re: TCP FIN after 10 minutes


do you have selinux enabled or some firewall active on the system?


On 20/10/16 13:25, gmele wrote:

> Hello,
> we have deployed a Kamailio acting as SIP proxy on a RHEL 7.2 machine.
> Clients (mainly mobile phones) connects to the proxy using a TLS protected
> TCP connection.
> In the kamailio config, we've set :
> #!ifdef WITH_TLS
> enable_tls=yes
> tcp_async=yes
> tcp_connection_lifetime=3605
> tcp_accept_no_cl=yes
> tcp_crlf_ping = yes
> #!endif
> Our problem is that, even if we set the tcp_connection_lifetime to > 1 hour,
> the tcp connection is closed after 10 minutes: on tcp dumps, we see clearly
> the TCP FIN sent by machine hosting the kamailio proxy... Setting parameters
> tcp_keepidle/keepintlv/keepcnt in the kamailio config didn't change the
> behavior. We also set TCP keepalived at system level, but without result...
> This TCP closure is causing us lot of problems when calls between 2 UAs last
> more than 10 minutes because the REINVITE or BYE messages are lost. Also,
> closing the TCP connection will wake up the mobile app and make it resend a
> REGISTER, thing we absolutely want to avoid.
> Is there a parameter we can use to avoid this closure? I had a look in
> previous posts, found people with the same problem as mine, but no real
> solution...
> Thx for your help.
> Giovanni
> --
> View this message in context: http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646.html
> Sent from the Users mailing list archive at Nabble.com.
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> [hidden email]</user/SendEmail.jtp?type=node&node=152653&i=0>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Oct 24-26, 2016 - http://www.asipto.com

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
[hidden email]</user/SendEmail.jtp?type=node&node=152653&i=1>

If you reply to this email, your message will be added to the discussion below:
To unsubscribe from TCP FIN after 10 minutes, click here<http://sip-router.1086192.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=152646&code=Z2lvdmFubmkubWVsZUBuYWdyYS5jb218MTUyNjQ2fC0xNzU2MDgyNTA0>.

View this message in context: http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646p152658.html
Sent from the Users mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20161020/6f0af0a8/attachment.html>

More information about the sr-users mailing list