[SR-Users] SRTP/TLS BYE Problem with One of the Legs of the Call

conradcordeiro at gmail.com conradcordeiro at gmail.com
Sun Sep 20 17:53:15 CEST 2020 

Thank you very much Arsen.

Knowing that this was supposed to work was what I needed to know. I was 
only missing the NAT rule back to my phone system on the TLS port, which 
is where the BYE packet was being sent to.

All works perfectly now.

On 9/19/20 4:05 AM, Arsen Semenov wrote:
> Hello Conrad,
>
> Bit hard to say exactly without looking into logs/dumps but it seems 
> like your call is long enough so router (if you have one) could 
> timeout on nat tcp connection, thus the “bye” request can not reach 
> uac. Just guessing.
>
> Please check whether you have tcp keepalive enabled, example:
> tcp_keepalive=yes
> tcp_crlf_ping=yes
> tcp_keepcnt=3
> tcp_keepidle=30
> tcp_keepintvl=30
>
> Hope it helps.
>
>
> On Sat, 19 Sep 2020 at 8:59 AM, conradcordeiro at gmail.com 
> <mailto:conradcordeiro at gmail.com> <conradcordeiro at gmail.com 
> <mailto:conradcordeiro at gmail.com>> wrote:
>
>     Hello,
>
>
>
>     Thank you for your reading this and for your help.
>
>
>
>     I'm a Kamailio newbie and managed to set up an edge proxy, which
>     works
>
>     perfectly on UDP traffic. I'm now attempting to deploy TLS/SRTP and
>
>     everything almost works perfectly. The single issue I'm having is
>     that
>
>     when either of the parties to an SRTP/TLS call disconnect, the other
>
>     party's call remains active. With UDP, when one of the parties
>
>     disconnects the call, the other leg of the call receives the BYE
>     command
>
>     and the call automatically disconnects.
>
>
>
>     This is how I have our infrastructure set up:
>
>
>
>     1. Twilio SIP Trunk with Secure Media enabled.
>
>
>
>     2. Kamailio 5.4.1 set up with TLS module, set to listen on TLS port
>
>     5061, SSL certificates from Let's Encrypt, route set to our phone
>     system.
>
>
>
>     3. Phone system is Asterisk.
>
>
>
>     As per above, everything works almost perfectly with TLS/SRTP. The
>     only
>
>     issue is that calls will not disconnect when one of the sides hang
>     up.
>
>     If I disable TLS/SRTP and use UDP only, everything works.
>
>
>
>     Audio is just fine with TLS/SRTP.
>
>
>
>     Does anyone know why calls with SRTP/TLS will not disconnect
>
>     automatically when one of the parties ends the call?
>
>
>
>     Thank you,
>
>
>
>     Conrad
>
>
>
>
>
>     _______________________________________________
>
>     Kamailio (SER) - Users Mailing List
>
>     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>
>     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>     <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>
>
>
> -- 
> Sent from Gmail Mobile
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200920/628c26ad/attachment.htm>

More information about the sr-users mailing list