[SR-Users] TLS in-dialog set_forward_no_connect()and upstream TLS LCR gateway

Daniel-Constantin Mierla miconda at gmail.com
Mon Sep 9 09:12:07 CEST 2019


Hello,

I relaxed that condition to not connect on forwarding only for initial
requests going though nat. Can you test with latest master and see how
is going for your use case?

Cheers,
Daniel

On 09.09.19 02:00, Anthony Joseph Messina wrote:
> In preparation for the 5.3 release, I've been testing the following 
> configuration change for TCP/TLS connections:
>
> https://github.com/kamailio/kamailio/commit/
> 8bba208fe6ae7ccb4c92362b8c33f1530b9f56da
>
> route[REQINIT] {
>         # no connect for sending replies
>         set_reply_no_connect();
>         if(has_totag()) {
>                 # no connect for requests within dialog
>                 set_forward_no_connect();
>         }
>
> This change creates issues when a UAC TLS INVITE routes to an upstream gateway 
> using TLS to port 5061 (via the LCR module).  Kamailio sends the initial 
> outbound TLS connection from a local ephemeral port.  The TCPOPS 
> tcp_keepalive_enable function issues keepalives from the local ephemeral port 
> to the gateway port 5061:
>
> https://kamailio.org/docs/modules/stable/modules/
> tcpops#tcpops.f.tcp_keepalive_enable
>
> Even so, the TLS connection eventually times out, after which in-dialog 
> requests from the UAC are no longer able to reach the upstream gateway.
>
> ERROR: tm [../../core/forward.h:293]: msg_send_buffer(): tcp_send failed
> WARNING: tm [t_fwd.c:1570]: t_send_branch(): sending request on branch 0 
> failed
> ERROR: sl [sl_funcs.c:372]: sl_reply_error(): stateless error reply used: 
> Unfortunately error on sending to next hop occurred (477/SL)
>
> I figure I must be doing something wrong with my TCPOPS here.  Is a TLS 
> connection to an upstream gateway supposed to be maintained throughout the 
> duration of a call?
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190909/d4f85006/attachment.html>


More information about the sr-users mailing list