Yi Zheng wrote:
Hi,
I am wondering whether SER has any support for TLS as a security mechanism? Thanks,
Yes. It is in the experimental tree: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version 1.0.0
regards klaus
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with UDP only.
- ming
Klaus Darilion klaus.mailinglists@pernau.at wrote: Yi Zheng wrote:
Hi,
I am wondering whether SER has any support for TLS as a security mechanism? Thanks,
Yes. It is in the experimental tree: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version 1.0.0
regards klaus
Mmm ... one comes to mind ... ser/openser will close the tcp/tls connection after a couple minutes of inactivity by the phone ... thus, you either change this in ser's source code or you force your phone to re-register every 90 seconds or so ... otherwise, the tcp/tls connection is closed, thus the phone cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng yizheng@sbcglobal.net wrote:
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with UDP only.
- ming
Klaus Darilion klaus.mailinglists@pernau.at wrote: Yi Zheng wrote:
Hi,
I am wondering whether SER has any support for TLS as a security mechanism? Thanks,
Yes. It is in the experimental tree: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version 1.0.0
regards klaus
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like sending options requests every say 80 sec? (or even more if you adjust it in the ser's source?)
-Atle
* Cesc cesc.santa@gmail.com [060127 09:19]:
Mmm ... one comes to mind ... ser/openser will close the tcp/tls connection after a couple minutes of inactivity by the phone ... thus, you either change this in ser's source code or you force your phone to re-register every 90 seconds or so ... otherwise, the tcp/tls connection is closed, thus the phone cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng yizheng@sbcglobal.net wrote:
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with UDP only.
- ming
Klaus Darilion klaus.mailinglists@pernau.at wrote: Yi Zheng wrote:
Hi,
I am wondering whether SER has any support for TLS as a security mechanism? Thanks,
Yes. It is in the experimental tree: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version 1.0.0
regards klaus
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I have never tried because we don't have nats in my project. Now, if the natping thing updates de expire-timer that the ser tcp core keeps (in the tcp_conn object list), then there is no problem. I mean, the problem is not the nat machine closing the binding ... the problem is ser executing a "close" on the socket. This may either then shutdown the nat binding, or in most end-points mean that no incoming connections can be accepted (most end-points do not support incoming tls call establishment ... they can only connect to a tls server, that is, a sip proxy).
Regards,
Cesc
On 1/27/06, Atle Samuelsen clona@cyberhouse.no wrote:
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like sending options requests every say 80 sec? (or even more if you adjust it in the ser's source?)
-Atle
- Cesc cesc.santa@gmail.com [060127 09:19]:
Mmm ... one comes to mind ... ser/openser will close the tcp/tls connection after a couple minutes of inactivity by the phone ... thus, you either change this in ser's source code or you force your phone to re-register every 90 seconds or so ... otherwise, the tcp/tls connection is closed, thus the phone cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng yizheng@sbcglobal.net wrote:
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with UDP only.
- ming
Klaus Darilion klaus.mailinglists@pernau.at wrote: Yi Zheng wrote:
Hi,
I am wondering whether SER has any support for TLS as a security mechanism? Thanks,
Yes. It is in the experimental tree: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version 1.0.0
regards klaus
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
So the question is: Does natping also works with TCP and TLS? Has someone ever tried this?
regards klaus
Cesc wrote:
I have never tried because we don't have nats in my project. Now, if the natping thing updates de expire-timer that the ser tcp core keeps (in the tcp_conn object list), then there is no problem. I mean, the problem is not the nat machine closing the binding ... the problem is ser executing a "close" on the socket. This may either then shutdown the nat binding, or in most end-points mean that no incoming connections can be accepted (most end-points do not support incoming tls call establishment ... they can only connect to a tls server, that is, a sip proxy).
Regards,
Cesc
On 1/27/06, Atle Samuelsen clona@cyberhouse.no wrote:
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like sending options requests every say 80 sec? (or even more if you adjust it in the ser's source?)
-Atle
- Cesc cesc.santa@gmail.com [060127 09:19]:
Mmm ... one comes to mind ... ser/openser will close the tcp/tls connection after a couple minutes of inactivity by the phone ... thus, you either change this in ser's source code or you force your phone to re-register every 90 seconds or so ... otherwise, the tcp/tls connection is closed, thus the phone cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng yizheng@sbcglobal.net wrote:
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with UDP only.
- ming
Klaus Darilion klaus.mailinglists@pernau.at wrote: Yi Zheng wrote:
Hi,
I am wondering whether SER has any support for TLS as a security mechanism? Thanks,
Yes. It is in the experimental tree: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version 1.0.0
regards klaus
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi Klaus,
That's a good Question :p I've never tried it.. Hopefully it works :-)
Regarding Cesc's answer,, I dont have the slightest clue if it would update the timer.. but, I guess it would :-)
-Atle
* Klaus Darilion klaus.mailinglists@pernau.at [060127 13:40]:
So the question is: Does natping also works with TCP and TLS? Has someone ever tried this?
regards klaus
Cesc wrote:
I have never tried because we don't have nats in my project. Now, if the natping thing updates de expire-timer that the ser tcp core keeps (in the tcp_conn object list), then there is no problem. I mean, the problem is not the nat machine closing the binding ... the problem is ser executing a "close" on the socket. This may either then shutdown the nat binding, or in most end-points mean that no incoming connections can be accepted (most end-points do not support incoming tls call establishment ... they can only connect to a tls server, that is, a sip proxy). Regards, Cesc On 1/27/06, Atle Samuelsen clona@cyberhouse.no wrote:
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like sending options requests every say 80 sec? (or even more if you adjust it in the ser's source?)
-Atle
- Cesc cesc.santa@gmail.com [060127 09:19]:
Mmm ... one comes to mind ... ser/openser will close the tcp/tls connection after a couple minutes of inactivity by the phone ... thus, you either change this in ser's source code or you force your phone to re-register every 90 seconds or so ... otherwise, the tcp/tls connection is closed, thus the phone cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng yizheng@sbcglobal.net wrote:
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with UDP only.
- ming
Klaus Darilion klaus.mailinglists@pernau.at wrote: Yi Zheng wrote:
Hi,
I am wondering whether SER has any support for TLS as a security mechanism? Thanks,
Yes. It is in the experimental tree: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version 1.0.0
regards klaus
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Atle Samuelsen wrote:
Hi Klaus,
That's a good Question :p I've never tried it.. Hopefully it works :-)
Regarding Cesc's answer,, I dont have the slightest clue if it would update the timer.. but, I guess it would :-)
I think any read/write on a TCP connection will update the timer.
regards klaus
-Atle
- Klaus Darilion klaus.mailinglists@pernau.at [060127 13:40]:
So the question is: Does natping also works with TCP and TLS? Has someone ever tried this?
regards klaus
Cesc wrote:
I have never tried because we don't have nats in my project. Now, if the natping thing updates de expire-timer that the ser tcp core keeps (in the tcp_conn object list), then there is no problem. I mean, the problem is not the nat machine closing the binding ... the problem is ser executing a "close" on the socket. This may either then shutdown the nat binding, or in most end-points mean that no incoming connections can be accepted (most end-points do not support incoming tls call establishment ... they can only connect to a tls server, that is, a sip proxy). Regards, Cesc On 1/27/06, Atle Samuelsen clona@cyberhouse.no wrote:
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like sending options requests every say 80 sec? (or even more if you adjust it in the ser's source?)
-Atle
- Cesc cesc.santa@gmail.com [060127 09:19]:
Mmm ... one comes to mind ... ser/openser will close the tcp/tls connection after a couple minutes of inactivity by the phone ... thus, you either change this in ser's source code or you force your phone to re-register every 90 seconds or so ... otherwise, the tcp/tls connection is closed, thus the phone cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng yizheng@sbcglobal.net wrote:
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with UDP only.
- ming
Klaus Darilion klaus.mailinglists@pernau.at wrote: Yi Zheng wrote:
>Hi, > >I am wondering whether SER has any support for TLS as a security >mechanism? Thanks,
Yes. It is in the experimental tree: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version 1.0.0
regards klaus
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
On Friday 27 January 2006 16:53, Klaus Darilion wrote:
Atle Samuelsen wrote:
Hi Klaus,
That's a good Question :p I've never tried it.. Hopefully it works :-)
Regarding Cesc's answer,, I dont have the slightest clue if it would update the timer.. but, I guess it would :-)
I think any read/write on a TCP connection will update the timer.
Yes, from my own experience with TCP connections and SER I can report, that as long as the re-registration time is below the TCP drop connection timeout the connection will stay up (as long as the server does not run into other resource problems I guess). Any other SIP request should do it as well. I'm just not sure about the empty keep alive packets.
Nils
regards klaus
-Atle
- Klaus Darilion klaus.mailinglists@pernau.at [060127 13:40]:
So the question is: Does natping also works with TCP and TLS? Has someone ever tried this?
regards klaus
Cesc wrote:
I have never tried because we don't have nats in my project. Now, if the natping thing updates de expire-timer that the ser tcp core keeps (in the tcp_conn object list), then there is no problem. I mean, the problem is not the nat machine closing the binding ... the problem is ser executing a "close" on the socket. This may either then shutdown the nat binding, or in most end-points mean that no incoming connections can be accepted (most end-points do not support incoming tls call establishment ... they can only connect to a tls server, that is, a sip proxy). Regards, Cesc
On 1/27/06, Atle Samuelsen clona@cyberhouse.no wrote:
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like sending options requests every say 80 sec? (or even more if you adjust it in the ser's source?)
-Atle
- Cesc cesc.santa@gmail.com [060127 09:19]:
Mmm ... one comes to mind ... ser/openser will close the tcp/tls connection after a couple minutes of inactivity by the phone ... thus, you either change this in ser's source code or you force your phone to re-register every 90 seconds or so ... otherwise, the tcp/tls connection is closed, thus the phone cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng yizheng@sbcglobal.net wrote: >thanks for the pointer. > >Are there known issues for TCP+TLS to work across NAT? The few NAT > travesal sloutions I am aware of such as STUN, nathelper+rtp proxy > seem to work with UDP only. > >- ming > >Klaus Darilion klaus.mailinglists@pernau.at wrote: > >Yi Zheng wrote: >>Hi, >> >>I am wondering whether SER has any support for TLS as a security >>mechanism? Thanks, > >Yes. It is in the experimental tree: >http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/ > >You can also try openser, which has TLS integrated in the stable > version 1.0.0 > >regards >klaus > > >_______________________________________________ >Serusers mailing list >serusers@lists.iptel.org >http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi Nils,
* Nils Ohlmeier lists@ohlmeier.org [060128 01:06]:
On Friday 27 January 2006 16:53, Klaus Darilion wrote:
Atle Samuelsen wrote:
Hi Klaus,
That's a good Question :p I've never tried it.. Hopefully it works :-)
Regarding Cesc's answer,, I dont have the slightest clue if it would update the timer.. but, I guess it would :-)
I think any read/write on a TCP connection will update the timer.
Yes, from my own experience with TCP connections and SER I can report, that as long as the re-registration time is below the TCP drop connection timeout the connection will stay up (as long as the server does not run into other resource problems I guess). Any other SIP request should do it as well. I'm just not sure about the empty keep alive packets.
In CVS ser, you have a new natping function, that will build sip-requests instead of the old emty keep alive packets.
So, if that functionality works, it should be very cool :D
- Atle
Nils
regards klaus
-Atle
- Klaus Darilion klaus.mailinglists@pernau.at [060127 13:40]:
So the question is: Does natping also works with TCP and TLS? Has someone ever tried this?
regards klaus
Cesc wrote:
I have never tried because we don't have nats in my project. Now, if the natping thing updates de expire-timer that the ser tcp core keeps (in the tcp_conn object list), then there is no problem. I mean, the problem is not the nat machine closing the binding ... the problem is ser executing a "close" on the socket. This may either then shutdown the nat binding, or in most end-points mean that no incoming connections can be accepted (most end-points do not support incoming tls call establishment ... they can only connect to a tls server, that is, a sip proxy). Regards, Cesc
On 1/27/06, Atle Samuelsen clona@cyberhouse.no wrote:
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like sending options requests every say 80 sec? (or even more if you adjust it in the ser's source?)
-Atle
- Cesc cesc.santa@gmail.com [060127 09:19]:
>Mmm ... one comes to mind ... >ser/openser will close the tcp/tls connection after a couple minutes >of inactivity by the phone ... thus, you either change this in ser's >source code or you force your phone to re-register every 90 seconds or >so ... otherwise, the tcp/tls connection is closed, thus the phone >cannot be reached (for incoming calls). > >Cesc > >On 1/25/06, Yi Zheng yizheng@sbcglobal.net wrote: >>thanks for the pointer. >> >>Are there known issues for TCP+TLS to work across NAT? The few NAT >> travesal sloutions I am aware of such as STUN, nathelper+rtp proxy >> seem to work with UDP only. >> >>- ming >> >>Klaus Darilion klaus.mailinglists@pernau.at wrote: >> >>Yi Zheng wrote: >>>Hi, >>> >>>I am wondering whether SER has any support for TLS as a security >>>mechanism? Thanks, >> >>Yes. It is in the experimental tree: >>http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/ >> >>You can also try openser, which has TLS integrated in the stable >> version 1.0.0 >> >>regards >>klaus >> >> >>_______________________________________________ >>Serusers mailing list >>serusers@lists.iptel.org >>http://lists.iptel.org/mailman/listinfo/serusers > >_______________________________________________ >Serusers mailing list >serusers@lists.iptel.org >http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Atle Samuelsen -
Cesc -
Klaus Darilion -
Nils Ohlmeier -
Yi Zheng