Kamailio close the TCP connection whenever the client sends a request .i am observing two different behavior.
when I configure "listen=tls:10.66.60.190:5061 advertise 54.214.14.120:5061" in kamailio.cfg tcp connection closed immediately(RST,ACK) upon receiving of client TCP (SYN) message.
when I configured "listen=tcp:10.66.60.190:5061 advertise 54.214.14.120:5061" in kamailio.cfg tcp connection closed after "Client Hello" in TLSv1.
####### Global Parameters #########
### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR #!ifdef WITH_DEBUG debug=4 log_stderror=yes #!else debug=4 log_stderror=no #!endif
memdbg=5 memlog=5
log_facility=LOG_LOCAL0 log_prefix="{$mt $hdr(CSeq) $ci} "
/* number of SIP routing processes for each UDP socket * - value inherited by tcp_children and sctp_children when not set explicitely */ children=8
/* uncomment the next line to disable TCP (default on) */ # disable_tcp=yes
/* number of SIP routing processes for all TCP/TLS sockets */ tcp_children=8
/* uncomment the next line to disable the auto discovery of local aliases * based on reverse DNS on IPs (default on) */ # auto_aliases=no
/* add local domain aliases */ #alias="sip.mydomain.com"
/* uncomment and configure the following line if you want Kamailio to * bind on a specific interface/port/proto (default bind on all available) */ listen=tls:10.60.16.149:5061 advertise 54.204.184.189:5061 listen=udp:10.60.16.149:5070
/* life time of TCP connection when there is no traffic * - a bit higher than registration expires to cope with UA behind NAT */ tcp_connection_lifetime=3605
/* upper limit for TCP connections (it includes the TLS connections) */ tcp_max_connections=2048
#!ifdef WITH_TLS enable_tls=yes
/* upper limit for TLS connections */ tls_max_connections=2048 #!endif
#!ifdef WITH_TLS loadmodule "tls.so" #!endif #!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "config", "/etc/kamailio/tls.cfg") #!endif
tls.cfg:
[server:default] method = TLSv1.0 verify_certificate = no require_certificate = no private_key = /etc/kamailio/privkey.pem certificate = /etc/kamailio/kamailio1_cert.pem #ca_list = /etc/kamailio/calist.pem #crl = /etc/kamailio/tls/crl.pem
# --- # This is the default client domain profile. # Settings in this domain will be used for all outgoing # TLS connections that do not match any other # client domain in this configuration file. # We require that servers present valid certificate. # [client:default] #method = TLSv1.2+ verify_certificate = yes require_certificate = yes
Issue has been resolved..thanks
Closed #2357.