[SR-Users] TCP FIN after 10 minutes
gmele
giovanni.mele at nagra.com
Thu Oct 20 19:08:48 CEST 2016
Hello,
Selinux is not enabled and no firewall is active (except iproutes rules).
Looking in the TLS module, I found the modparam connection_timeout .
By default, this parameter is set to 10 minutes (!), but the description says : " If an I/O event occurs, the timeout will be extended with tcp_connection_lifetime"
So I was expecting that after the first successful REGISTER, this timeout was set to my own param tcp_connection_lifetime value (3605). But it seems this is not the case.
I added the TLS parameter connection_timeout and set it also to 3605, and the first result show it seems to work, but I must do more tests to verify it is ok. Setting this parameter to -1 means the TLS connection will never be closed: do you think it is a good idea to set it to -1?
Regards
Giovanni
From: Daniel-Constantin Mierla-6 [via SIP Router] [mailto:ml-node+s1086192n152653h9 at n5.nabble.com]
Sent: jeudi 20 octobre 2016 15:28
To: Mele Giovanni
Subject: Re: TCP FIN after 10 minutes
Hello,
do you have selinux enabled or some firewall active on the system?
Cheers,
Daniel
On 20/10/16 13:25, gmele wrote:
> Hello,
>
> we have deployed a Kamailio acting as SIP proxy on a RHEL 7.2 machine.
> Clients (mainly mobile phones) connects to the proxy using a TLS protected
> TCP connection.
>
> In the kamailio config, we've set :
>
> #!ifdef WITH_TLS
> enable_tls=yes
> tcp_async=yes
> tcp_connection_lifetime=3605
> tcp_accept_no_cl=yes
> tcp_crlf_ping = yes
> #!endif
>
> Our problem is that, even if we set the tcp_connection_lifetime to > 1 hour,
> the tcp connection is closed after 10 minutes: on tcp dumps, we see clearly
> the TCP FIN sent by machine hosting the kamailio proxy... Setting parameters
> tcp_keepidle/keepintlv/keepcnt in the kamailio config didn't change the
> behavior. We also set TCP keepalived at system level, but without result...
> This TCP closure is causing us lot of problems when calls between 2 UAs last
> more than 10 minutes because the REINVITE or BYE messages are lost. Also,
> closing the TCP connection will wake up the mobile app and make it resend a
> REGISTER, thing we absolutely want to avoid.
>
> Is there a parameter we can use to avoid this closure? I had a look in
> previous posts, found people with the same problem as mine, but no real
> solution...
>
> Thx for your help.
>
> Giovanni
>
>
>
> --
> View this message in context: http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646.html
> Sent from the Users mailing list archive at Nabble.com.
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> [hidden email]</user/SendEmail.jtp?type=node&node=152653&i=0>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Oct 24-26, 2016 - http://www.asipto.com
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
[hidden email]</user/SendEmail.jtp?type=node&node=152653&i=1>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
________________________________
If you reply to this email, your message will be added to the discussion below:
http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646p152653.html
To unsubscribe from TCP FIN after 10 minutes, click here<http://sip-router.1086192.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=152646&code=Z2lvdmFubmkubWVsZUBuYWdyYS5jb218MTUyNjQ2fC0xNzU2MDgyNTA0>.
NAML<http://sip-router.1086192.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
--
View this message in context: http://sip-router.1086192.n5.nabble.com/TCP-FIN-after-10-minutes-tp152646p152658.html
Sent from the Users mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20161020/6f0af0a8/attachment.html>
More information about the sr-users
mailing list