In preparation for the 5.3 release, I've been testing the following 
configuration change for TCP/TLS connections:

https://github.com/kamailio/kamailio/commit/
8bba208fe6ae7ccb4c92362b8c33f1530b9f56da

route[REQINIT] {
        # no connect for sending replies
        set_reply_no_connect();
        if(has_totag()) {
                # no connect for requests within dialog
                set_forward_no_connect();
        }

This change creates issues when a UAC TLS INVITE routes to an upstream gateway 
using TLS to port 5061 (via the LCR module).  Kamailio sends the initial 
outbound TLS connection from a local ephemeral port.  The TCPOPS 
tcp_keepalive_enable function issues keepalives from the local ephemeral port 
to the gateway port 5061:

https://kamailio.org/docs/modules/stable/modules/
tcpops#tcpops.f.tcp_keepalive_enable

Even so, the TLS connection eventually times out, after which in-dialog 
requests from the UAC are no longer able to reach the upstream gateway.

ERROR: tm [../../core/forward.h:293]: msg_send_buffer(): tcp_send failed
WARNING: tm [t_fwd.c:1570]: t_send_branch(): sending request on branch 0 
failed
ERROR: sl [sl_funcs.c:372]: sl_reply_error(): stateless error reply used: 
Unfortunately error on sending to next hop occurred (477/SL)

I figure I must be doing something wrong with my TCPOPS here.  Is a TLS 
connection to an upstream gateway supposed to be maintained throughout the 
duration of a call?

-- 
Anthony - https://messinet.com
F9B6 560E 68EA 037D 8C3D  D1C9 FF31 3BDB D9D8 99B6

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to