In preparation for the 5.3 release, I've been testing the following 
configuration change for TCP/TLS connections:

route[REQINIT] {
        # no connect for sending replies
        if(has_totag()) {
                # no connect for requests within dialog

This change creates issues when a UAC TLS INVITE routes to an upstream gateway 
using TLS to port 5061 (via the LCR module).  Kamailio sends the initial 
outbound TLS connection from a local ephemeral port.  The TCPOPS 
tcp_keepalive_enable function issues keepalives from the local ephemeral port 
to the gateway port 5061:

Even so, the TLS connection eventually times out, after which in-dialog 
requests from the UAC are no longer able to reach the upstream gateway.

ERROR: tm [../../core/forward.h:293]: msg_send_buffer(): tcp_send failed
WARNING: tm [t_fwd.c:1570]: t_send_branch(): sending request on branch 0 
ERROR: sl [sl_funcs.c:372]: sl_reply_error(): stateless error reply used: 
Unfortunately error on sending to next hop occurred (477/SL)

I figure I must be doing something wrong with my TCPOPS here.  Is a TLS 
connection to an upstream gateway supposed to be maintained throughout the 
duration of a call?

Anthony -
F9B6 560E 68EA 037D 8C3D  D1C9 FF31 3BDB D9D8 99B6

Attachment: signature.asc
Description: This is a digitally signed message part.

Kamailio (SER) - Users Mailing List

Reply via email to