In preparation for the 5.3 release, I've been testing the following configuration change for TCP/TLS connections:
https://github.com/kamailio/kamailio/commit/ 8bba208fe6ae7ccb4c92362b8c33f1530b9f56da route[REQINIT] { # no connect for sending replies set_reply_no_connect(); if(has_totag()) { # no connect for requests within dialog set_forward_no_connect(); } This change creates issues when a UAC TLS INVITE routes to an upstream gateway using TLS to port 5061 (via the LCR module). Kamailio sends the initial outbound TLS connection from a local ephemeral port. The TCPOPS tcp_keepalive_enable function issues keepalives from the local ephemeral port to the gateway port 5061: https://kamailio.org/docs/modules/stable/modules/ tcpops#tcpops.f.tcp_keepalive_enable Even so, the TLS connection eventually times out, after which in-dialog requests from the UAC are no longer able to reach the upstream gateway. ERROR: tm [../../core/forward.h:293]: msg_send_buffer(): tcp_send failed WARNING: tm [t_fwd.c:1570]: t_send_branch(): sending request on branch 0 failed ERROR: sl [sl_funcs.c:372]: sl_reply_error(): stateless error reply used: Unfortunately error on sending to next hop occurred (477/SL) I figure I must be doing something wrong with my TCPOPS here. Is a TLS connection to an upstream gateway supposed to be maintained throughout the duration of a call? -- Anthony - https://messinet.com F9B6 560E 68EA 037D 8C3D D1C9 FF31 3BDB D9D8 99B6
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
