Need to clarify my previous message on opensips TLS problems: * The problems I described were with 1.6.4 * for 1.7 I didn't manage to get one registration through before the TCP connection was dropped
So may be worth keeping an eye on your syslog for 'bad record mac' error, esp if you have many users on TLS. As once this error has occurred, opensips will be dragging on with reduced TCP handling capacity until it is completely unusable on TCP but seemed still OK for UDP. Yufei ---------------------------------------------------------------------- Message: 1 Date: Thu, 13 Oct 2011 17:20:03 +0200 From: "Jarle Lervik" <[email protected]> Subject: [OpenSIPS-Users] opensips 1.7+tls problems To: <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Haven't tested Kamailio, but my solution was to downgrade to 1.6.4. It worked well there. Thanks for the info. BR, Jarle > > Message: 2 > > Date: Thu, 13 Oct 2011 10:38:24 +0100 > > From: "yufei.tao" <[email protected]> > > Subject: Re: [OpenSIPS-Users] opensips 1.7+tls problems > > To: [email protected] > > Message-ID: <[email protected]> > > Content-Type: text/plain; charset=ISO-8859-1 > > > > Hi > > > > As I've got no help on this since I posted this problem, I've been assuming > > that opensips users are mostly on UDP and TLS problems are known but not > > shared by many. > > > > For your information, I've been looking at Kamailio (3.1.5), which is supposed > > to have better TLS support (non-blocking TCP). Initial stress tests did suggest > > that it is far better in handling TLS connections, especially when you have > > many of them coming in at the same time, which could get opensips into the > > unrecoverable 'bad record mac' errors easily, while Kamailio had no problem > > at all. So we are moving to Kamailio. By the way, this 'bad record mac' > > problem has made me to write a script that looks out for this error and > > restart opensips automatically when that happens. But after a restart, > > opensips may get into the errors again. So we've seen that it's been > > restarted non-stop when we had many sip clients. So we had to turn off > > some of them so the restarting cycle could eventually stop. > > > > As far as my very limited experience on Kamailio is concerned, it has a better > > organized config file supporting 'defines' which I like very much. You don't > > need to compile the TLS support as the debian packages already have it in, > > which is very convenient as TLS is a 'must' for us. I do realize its dialog module > > is not as advanced as opensips's in terms of calculating call durations etc, so > > you'll have to use the mysql procedure to handle this as what you used to do > > with opensips. > > > > That's what I've been doing to 'solve' this problem. But I'd very much > > appreciate it if you could share your experience, or any good/bad things you > > know about Kamailio, or any other open source sip servers. > > > > Yufei > > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
