Hi,
thanks for you response. Do you think that kamailio does send sip-options-ping within TCP/TLS (instead of sending the dummy packets)?
Best regards, Bernhard
-----Ursprüngliche Nachricht----- Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at] Gesendet: Freitag, 11. Februar 2011 12:30 An: Bernhard Suttner Cc: sr-users@lists.sip-router.org Betreff: Re: [SR-Users] NAT, TLS and location table
Am 11.02.2011 12:15, schrieb Bernhard Suttner:
Hi,
I am using TLS and recognize the following problem:
The TLS connection are build up successfully but the natping (natping_interval = 10) does not send small dummy packets to the phones. The phones are behind a firewall with NAT. Registered phones with NAT but UDP do work correctly. They are getting the natping every 10 seconds. After 120 seconds (should be the tcp_connection_timeout) kamailio does send a FIN to the TLS phone to close the TLS connection.
IIRC the keep-alive code in nathelper module sends CRLF only on UDP. IMO it would be nice if it sends it also on TCP/TLS connections, at least as a config option. Of course the code should also take care of not setting up a new TCP connection if the old one is gone.
I once have seen a client which was confused by the CRLF and then closes the TCP connection, so there might be other problems as well.
Of course the proper solution (IETF view) is that the clients sends keep-alive (SIP outbound RFC).
Should I increase the tcp_connection_timeout to a value bigger than the registration timeout? I thought I do not need that, because of the natping_interval. Is it maybe better to use a SIP-Options Ping instead of the small dummy packets? I would prefer the dummy packets because they are much smaller.
http://www.kamailio.org/dokuwiki/doku.php/install:1.5.x-to-3.0.0#tcp_connect...
http://www.kamailio.org/dokuwiki/doku.php/core-cookbook:3.1.x#tcp_keepalive and http://www.kamailio.org/dokuwiki/doku.php/core-cookbook:3.1.x#set_forward_no... (to be used after lookup()) might be interesting too.
regards klaus