23 Jan
2006
23 Jan
'06
11:46 a.m.
Yi Zheng wrote:
Hi,
I am wondering whether SER has any support for TLS as a security
mechanism? Thanks,
Yes. It is in the experimental tree:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version
1.0.0
regards
klaus
25 Jan
25 Jan
1:13 a.m.
New subject: [Serusers] TLS support in SER
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal sloutions I
am aware of such as STUN, nathelper+rtp proxy seem to work with UDP only.
- ming
Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Yi Zheng wrote:
Hi,
I am wondering whether SER has any support for TLS as a security
mechanism? Thanks,
Yes. It is in the experimental tree:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version
1.0.0
regards
klaus
27 Jan
27 Jan
9:18 a.m.
New subject: [Serusers] TLS support in SER
Mmm ... one comes to mind ...
ser/openser will close the tcp/tls connection after a couple minutes
of inactivity by the phone ... thus, you either change this in ser's
source code or you force your phone to re-register every 90 seconds or
so ... otherwise, the tcp/tls connection is closed, thus the phone
cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng <yizheng(a)sbcglobal.net> wrote:
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal
sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with
UDP only.
- ming
Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Yi Zheng wrote:
Hi,
I am wondering whether SER has any support for TLS as a security
mechanism? Thanks,
Yes. It is in the experimental tree:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version
1.0.0
regards
klaus
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
9:37 a.m.
New subject: [Serusers] TLS support in SER
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like
sending options requests every say 80 sec? (or even more if you adjust
it in the ser's source?)
-Atle
* Cesc <cesc.santa(a)gmail.com> [060127 09:19]:
Mmm ... one comes to mind ...
ser/openser will close the tcp/tls connection after a couple minutes
of inactivity by the phone ... thus, you either change this in ser's
source code or you force your phone to re-register every 90 seconds or
so ... otherwise, the tcp/tls connection is closed, thus the phone
cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng <yizheng(a)sbcglobal.net> wrote:
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal
sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with
UDP only.
- ming
Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Yi Zheng wrote:
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Hi,
I am wondering whether SER has any support for TLS as a security
mechanism? Thanks,
Yes. It is in the experimental tree:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version
1.0.0
regards
klaus
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
1:16 p.m.
New subject: [Serusers] TLS support in SER
I have never tried because we don't have nats in my project. Now, if
the natping thing updates de expire-timer that the ser tcp core keeps
(in the tcp_conn object list), then there is no problem.
I mean, the problem is not the nat machine closing the binding ... the
problem is ser executing a "close" on the socket. This may either then
shutdown the nat binding, or in most end-points mean that no incoming
connections can be accepted (most end-points do not support incoming
tls call establishment ... they can only connect to a tls server, that
is, a sip proxy).
Regards,
Cesc
On 1/27/06, Atle Samuelsen <clona(a)cyberhouse.no> wrote:
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like
sending options requests every say 80 sec? (or even more if you adjust
it in the ser's source?)
-Atle
* Cesc <cesc.santa(a)gmail.com> [060127 09:19]:
Mmm ... one comes to mind ...
ser/openser will close the tcp/tls connection after a couple minutes
of inactivity by the phone ... thus, you either change this in ser's
source code or you force your phone to re-register every 90 seconds or
so ... otherwise, the tcp/tls connection is closed, thus the phone
cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng <yizheng(a)sbcglobal.net> wrote:
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal
sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with
UDP only.
- ming
Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Yi Zheng wrote:
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Hi,
I am wondering whether SER has any support for TLS as a security
mechanism? Thanks,
Yes. It is in the experimental tree:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version
1.0.0
regards
klaus
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
1:40 p.m.
New subject: [Serusers] TLS support in SER
So the question is: Does natping also works with TCP and TLS? Has
someone ever tried this?
regards
klaus
Cesc wrote:
I have never tried because we don't have nats in
my project. Now, if
the natping thing updates de expire-timer that the ser tcp core keeps
(in the tcp_conn object list), then there is no problem.
I mean, the problem is not the nat machine closing the binding ... the
problem is ser executing a "close" on the socket. This may either then
shutdown the nat binding, or in most end-points mean that no incoming
connections can be accepted (most end-points do not support incoming
tls call establishment ... they can only connect to a tls server, that
is, a sip proxy).
Regards,
Cesc
On 1/27/06, Atle Samuelsen <clona(a)cyberhouse.no> wrote:
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like
sending options requests every say 80 sec? (or even more if you adjust
it in the ser's source?)
-Atle
* Cesc <cesc.santa(a)gmail.com> [060127 09:19]:
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Mmm ... one comes to mind ...
ser/openser will close the tcp/tls connection after a couple minutes
of inactivity by the phone ... thus, you either change this in ser's
source code or you force your phone to re-register every 90 seconds or
so ... otherwise, the tcp/tls connection is closed, thus the phone
cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng <yizheng(a)sbcglobal.net> wrote:
thanks for the pointer.
Are there known issues for TCP+TLS to work across NAT? The few NAT travesal
sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with
UDP only.
- ming
Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
Yi Zheng wrote:
>Hi,
>
>I am wondering whether SER has any support for TLS as a security
>mechanism? Thanks,
Yes. It is in the experimental tree:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
You can also try openser, which has TLS integrated in the stable version
1.0.0
regards
klaus
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
2:03 p.m.
New subject: [Serusers] TLS support in SER
Hi Klaus,
That's a good Question :p I've never tried it.. Hopefully it works :-)
Regarding Cesc's answer,, I dont have the slightest clue if it would
update the timer.. but, I guess it would :-)
-Atle
* Klaus Darilion <klaus.mailinglists(a)pernau.at> [060127 13:40]:
So the question is: Does natping also works with TCP
and TLS? Has someone ever tried this?
regards
klaus
Cesc wrote:
I have never tried because we don't have nats
in my project. Now, if
the natping thing updates de expire-timer that the ser tcp core keeps
(in the tcp_conn object list), then there is no problem.
I mean, the problem is not the nat machine closing the binding ... the
problem is ser executing a "close" on the socket. This may either then
shutdown the nat binding, or in most end-points mean that no incoming
connections can be accepted (most end-points do not support incoming
tls call establishment ... they can only connect to a tls server, that
is, a sip proxy).
Regards,
Cesc
On 1/27/06, Atle Samuelsen <clona(a)cyberhouse.no> wrote:
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like
sending options requests every say 80 sec? (or even more if you adjust
it in the ser's source?)
-Atle
* Cesc <cesc.santa(a)gmail.com> [060127 09:19]:
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers Mmm ... one comes to mind ...
ser/openser will close the tcp/tls connection after a couple minutes
of inactivity by the phone ... thus, you either change this in ser's
source code or you force your phone to re-register every 90 seconds or
so ... otherwise, the tcp/tls connection is closed, thus the phone
cannot be reached (for incoming calls).
Cesc
On 1/25/06, Yi Zheng <yizheng(a)sbcglobal.net> wrote:
>thanks for the pointer.
>
>Are there known issues for TCP+TLS to work across NAT? The few NAT travesal
>sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with
>UDP only.
>
>- ming
>
>Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
>Yi Zheng wrote:
>
>>Hi,
>>
>>I am wondering whether SER has any support for TLS as a security
>>mechanism? Thanks,
>
>Yes. It is in the experimental tree:
>http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
>
>You can also try openser, which has TLS integrated in the stable version
>1.0.0
>
>regards
>klaus
>
>
>_______________________________________________
>Serusers mailing list
>serusers(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
>
>
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
4:53 p.m.
New subject: [Serusers] TLS support in SER
Atle Samuelsen wrote:
Hi Klaus,
That's a good Question :p I've never tried it.. Hopefully it works :-)
Regarding Cesc's answer,, I dont have the slightest clue if it would
update the timer.. but, I guess it would :-)
I think any read/write on a TCP connection will update the timer.
regards
klaus
-Atle
* Klaus Darilion <klaus.mailinglists(a)pernau.at> [060127 13:40]:
So the question is: Does natping also works with
TCP and TLS? Has someone ever tried this?
regards
klaus
Cesc wrote:
I have never tried because we don't have nats
in my project. Now, if
the natping thing updates de expire-timer that the ser tcp core keeps
(in the tcp_conn object list), then there is no problem.
I mean, the problem is not the nat machine closing the binding ... the
problem is ser executing a "close" on the socket. This may either then
shutdown the nat binding, or in most end-points mean that no incoming
connections can be accepted (most end-points do not support incoming
tls call establishment ... they can only connect to a tls server, that
is, a sip proxy).
Regards,
Cesc
On 1/27/06, Atle Samuelsen <clona(a)cyberhouse.no> wrote:
Hi Cesc,
cant this be "fixed" with haveing the natping from server-side? (like
sending options requests every say 80 sec? (or even more if you adjust
it in the ser's source?)
-Atle
* Cesc <cesc.santa(a)gmail.com> [060127 09:19]:
>Mmm ... one comes to mind ...
>ser/openser will close the tcp/tls connection after a couple minutes
>of inactivity by the phone ... thus, you either change this in ser's
>source code or you force your phone to re-register every 90 seconds or
>so ... otherwise, the tcp/tls connection is closed, thus the phone
>cannot be reached (for incoming calls).
>
>Cesc
>
>On 1/25/06, Yi Zheng <yizheng(a)sbcglobal.net> wrote:
>
>
>>thanks for the pointer.
>>
>>Are there known issues for TCP+TLS to work across NAT? The few NAT travesal
>>sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with
>>UDP only.
>>
>>- ming
>>
>>Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
>>Yi Zheng wrote:
>>
>>
>>>Hi,
>>>
>>>I am wondering whether SER has any support for TLS as a security
>>>mechanism? Thanks,
>>
>>Yes. It is in the experimental tree:
>>http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
>>
>>You can also try openser, which has TLS integrated in the stable version
>>1.0.0
>>
>>regards
>>klaus
>>
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers(a)lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>>
>
>_______________________________________________
>Serusers mailing list
>serusers(a)lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers
>
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers 
28 Jan
28 Jan
1:06 a.m.
New subject: [Serusers] TLS support in SER
On Friday 27 January 2006 16:53, Klaus Darilion wrote:
Atle Samuelsen wrote:
Yes, from my own experience with TCP connections and SER I can report, that as
long as the re-registration time is below the TCP drop connection timeout the
connection will stay up (as long as the server does not run into other
resource problems I guess). Any other SIP request should do it as well. I'm
just not sure about the empty keep alive packets.
Nils
Hi Klaus,
That's a good Question :p I've never tried it.. Hopefully it works :-)
Regarding Cesc's answer,, I dont have the slightest clue if it would
update the timer.. but, I guess it would :-)
I think any read/write on a TCP connection will update the timer. regards
klaus
-Atle
* Klaus Darilion <klaus.mailinglists(a)pernau.at> [060127 13:40]:
>So the question is: Does natping also works with TCP and TLS? Has someone
> ever tried this?
>
>regards
>klaus
>
>Cesc wrote:
>>I have never tried because we don't have nats in my project. Now, if
>>the natping thing updates de expire-timer that the ser tcp core keeps
>>(in the tcp_conn object list), then there is no problem.
>>I mean, the problem is not the nat machine closing the binding ... the
>>problem is ser executing a "close" on the socket. This may either then
>>shutdown the nat binding, or in most end-points mean that no incoming
>>connections can be accepted (most end-points do not support incoming
>>tls call establishment ... they can only connect to a tls server, that
>>is, a sip proxy).
>>Regards,
>>Cesc
>>
>>On 1/27/06, Atle Samuelsen <clona(a)cyberhouse.no> wrote:
>>>Hi Cesc,
>>>
>>>cant this be "fixed" with haveing the natping from server-side?
(like
>>>sending options requests every say 80 sec? (or even more if you adjust
>>>it in the ser's source?)
>>>
>>>-Atle
>>>
>>>* Cesc <cesc.santa(a)gmail.com> [060127 09:19]:
>>>>Mmm ... one comes to mind ...
>>>>ser/openser will close the tcp/tls connection after a couple minutes
>>>>of inactivity by the phone ... thus, you either change this in ser's
>>>>source code or you force your phone to re-register every 90 seconds or
>>>>so ... otherwise, the tcp/tls connection is closed, thus the phone
>>>>cannot be reached (for incoming calls).
>>>>
>>>>Cesc
>>>>
>>>>On 1/25/06, Yi Zheng <yizheng(a)sbcglobal.net> wrote:
>>>>>thanks for the pointer.
>>>>>
>>>>>Are there known issues for TCP+TLS to work across NAT? The few NAT
>>>>> travesal sloutions I am aware of such as STUN, nathelper+rtp proxy
>>>>> seem to work with UDP only.
>>>>>
>>>>>- ming
>>>>>
>>>>>Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
>>>>>
>>>>>Yi Zheng wrote:
>>>>>>Hi,
>>>>>>
>>>>>>I am wondering whether SER has any support for TLS as a security
>>>>>>mechanism? Thanks,
>>>>>
>>>>>Yes. It is in the experimental tree:
>>>>>http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
>>>>>
>>>>>You can also try openser, which has TLS integrated in the stable
>>>>> version 1.0.0
>>>>>
>>>>>regards
>>>>>klaus
>>>>>
>>>>>
>>>>>_______________________________________________
>>>>>Serusers mailing list
>>>>>serusers(a)lists.iptel.org
>>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>>_______________________________________________
>>>>Serusers mailing list
>>>>serusers(a)lists.iptel.org
>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers(a)lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
11:25 a.m.
New subject: [Serusers] TLS support in SER
Hi Nils,
* Nils Ohlmeier <lists(a)ohlmeier.org> [060128 01:06]:
On Friday 27 January 2006 16:53, Klaus Darilion
wrote:
In CVS ser, you have a new natping function, that will build
sip-requests instead of the old emty keep alive packets.
So, if that functionality works, it should be very cool :D
- Atle
Atle Samuelsen wrote:
Yes, from my own experience with TCP connections and SER I can report, that as
long as the re-registration time is below the TCP drop connection timeout the
connection will stay up (as long as the server does not run into other
resource problems I guess). Any other SIP request should do it as well. I'm
just not sure about the empty keep alive packets.
Hi Klaus,
That's a good Question :p I've never tried it.. Hopefully it works :-)
Regarding Cesc's answer,, I dont have the slightest clue if it would
update the timer.. but, I guess it would :-)
I think any read/write on a TCP connection will update the timer. Nils
regards
klaus
-Atle
* Klaus Darilion <klaus.mailinglists(a)pernau.at> [060127 13:40]:
>So the question is: Does natping also works with TCP and TLS? Has someone
> ever tried this?
>
>regards
>klaus
>
>Cesc wrote:
>>I have never tried because we don't have nats in my project. Now, if
>>the natping thing updates de expire-timer that the ser tcp core keeps
>>(in the tcp_conn object list), then there is no problem.
>>I mean, the problem is not the nat machine closing the binding ... the
>>problem is ser executing a "close" on the socket. This may either then
>>shutdown the nat binding, or in most end-points mean that no incoming
>>connections can be accepted (most end-points do not support incoming
>>tls call establishment ... they can only connect to a tls server, that
>>is, a sip proxy).
>>Regards,
>>Cesc
>>
>>On 1/27/06, Atle Samuelsen <clona(a)cyberhouse.no> wrote:
>>>Hi Cesc,
>>>
>>>cant this be "fixed" with haveing the natping from server-side?
(like
>>>sending options requests every say 80 sec? (or even more if you adjust
>>>it in the ser's source?)
>>>
>>>-Atle
>>>
>>>* Cesc <cesc.santa(a)gmail.com> [060127 09:19]:
>>>>Mmm ... one comes to mind ...
>>>>ser/openser will close the tcp/tls connection after a couple minutes
>>>>of inactivity by the phone ... thus, you either change this in ser's
>>>>source code or you force your phone to re-register every 90 seconds or
>>>>so ... otherwise, the tcp/tls connection is closed, thus the phone
>>>>cannot be reached (for incoming calls).
>>>>
>>>>Cesc
>>>>
>>>>On 1/25/06, Yi Zheng <yizheng(a)sbcglobal.net> wrote:
>>>>>thanks for the pointer.
>>>>>
>>>>>Are there known issues for TCP+TLS to work across NAT? The few NAT
>>>>> travesal sloutions I am aware of such as STUN, nathelper+rtp proxy
>>>>> seem to work with UDP only.
>>>>>
>>>>>- ming
>>>>>
>>>>>Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
>>>>>
>>>>>Yi Zheng wrote:
>>>>>>Hi,
>>>>>>
>>>>>>I am wondering whether SER has any support for TLS as a security
>>>>>>mechanism? Thanks,
>>>>>
>>>>>Yes. It is in the experimental tree:
>>>>>http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
>>>>>
>>>>>You can also try openser, which has TLS integrated in the stable
>>>>> version 1.0.0
>>>>>
>>>>>regards
>>>>>klaus
>>>>>
>>>>>
>>>>>_______________________________________________
>>>>>Serusers mailing list
>>>>>serusers(a)lists.iptel.org
>>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>>_______________________________________________
>>>>Serusers mailing list
>>>>serusers(a)lists.iptel.org
>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers(a)lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
6881
days inactive
6886
days old
9 comments
5 participants
participants (5)
-
Atle Samuelsen -
Cesc -
Klaus Darilion -
Nils Ohlmeier -
Yi Zheng