[SR-Users] TCP FIN after 10 minutes
giovanni.mele at nagra.com
Thu Oct 20 19:08:48 CEST 2016
Selinux is not enabled and no firewall is active (except iproutes rules).
Looking in the TLS module, I found the modparam connection_timeout .
By default, this parameter is set to 10 minutes (!), but the description says : " If an I/O event occurs, the timeout will be extended with tcp_connection_lifetime"
So I was expecting that after the first successful REGISTER, this timeout was set to my own param tcp_connection_lifetime value (3605). But it seems this is not the case.
I added the TLS parameter connection_timeout and set it also to 3605, and the first result show it seems to work, but I must do more tests to verify it is ok. Setting this parameter to -1 means the TLS connection will never be closed: do you think it is a good idea to set it to -1?
From: Daniel-Constantin Mierla-6 [via SIP Router] [mailto:ml-node+s1086192n152653h9 at n5.nabble.com]
Sent: jeudi 20 octobre 2016 15:28
To: Mele Giovanni
Subject: Re: TCP FIN after 10 minutes
do you have selinux enabled or some firewall active on the system?
On 20/10/16 13:25, gmele wrote:
> we have deployed a Kamailio acting as SIP proxy on a RHEL 7.2 machine.
> Clients (mainly mobile phones) connects to the proxy using a TLS protected
> TCP connection.
> In the kamailio config, we've set :
> #!ifdef WITH_TLS
> tcp_crlf_ping = yes
> Our problem is that, even if we set the tcp_connection_lifetime to > 1 hour,
> the tcp connection is closed after 10 minutes: on tcp dumps, we see clearly
> the TCP FIN sent by machine hosting the kamailio proxy... Setting parameters
> tcp_keepidle/keepintlv/keepcnt in the kamailio config didn't change the
> behavior. We also set TCP keepalived at system level, but without result...
> This TCP closure is causing us lot of problems when calls between 2 UAs last
> more than 10 minutes because the REINVITE or BYE messages are lost. Also,
> closing the TCP connection will wake up the mobile app and make it resend a
> REGISTER, thing we absolutely want to avoid.
> Is there a parameter we can use to avoid this closure? I had a look in
> previous posts, found people with the same problem as mine, but no real
> Thx for your help.
> View this message in context: http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646.html
> Sent from the Users mailing list archive at Nabble.com.
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> [hidden email]</user/SendEmail.jtp?type=node&node=152653&i=0>
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Oct 24-26, 2016 - http://www.asipto.com
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
If you reply to this email, your message will be added to the discussion below:
To unsubscribe from TCP FIN after 10 minutes, click here<http://sip-router.1086192.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=152646&code=Z2lvdmFubmkubWVsZUBuYWdyYS5jb218MTUyNjQ2fC0xNzU2MDgyNTA0>.
View this message in context: http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646p152658.html
Sent from the Users mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the sr-users