[Serusers] TLS support in SER

Cesc cesc.santa at gmail.com
Fri Jan 27 13:16:00 CET 2006 

I have never tried because we don't have nats in my project. Now, if
the natping thing updates de expire-timer that the ser tcp core keeps
(in the tcp_conn object list), then there is no problem.
I mean, the problem is not the nat machine closing the binding ... the
problem is ser executing a "close" on the socket. This may either then
shutdown the nat binding, or in most end-points mean that no incoming
connections can be accepted (most end-points do not support incoming
tls call establishment ... they can only connect to a tls server, that
is, a sip proxy).

Regards,

Cesc

On 1/27/06, Atle Samuelsen <clona at cyberhouse.no> wrote:
> Hi Cesc,
>
> cant this be "fixed" with haveing the natping from server-side? (like
> sending options requests every say 80 sec? (or even more if you adjust
> it in the ser's source?)
>
> -Atle
>
> * Cesc <cesc.santa at gmail.com> [060127 09:19]:
> > Mmm ... one comes to mind ...
> > ser/openser will close the tcp/tls connection after a couple minutes
> > of inactivity by the phone ... thus, you either change this in ser's
> > source code or you force your phone to re-register every 90 seconds or
> > so ... otherwise, the tcp/tls connection is closed, thus the phone
> > cannot be reached (for incoming calls).
> >
> > Cesc
> >
> > On 1/25/06, Yi Zheng <yizheng at sbcglobal.net> wrote:
> > > thanks for the pointer.
> > >
> > > Are there known issues for TCP+TLS to work across NAT? The few NAT travesal
> > > sloutions I am aware of such as STUN, nathelper+rtp proxy seem to work with
> > > UDP only.
> > >
> > > - ming
> > >
> > > Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
> > > Yi Zheng wrote:
> > > > Hi,
> > > >
> > > > I am wondering whether SER has any support for TLS as a security
> > > > mechanism? Thanks,
> > >
> > > Yes. It is in the experimental tree:
> > > http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/experimental/tls/
> > >
> > > You can also try openser, which has TLS integrated in the stable version
> > > 1.0.0
> > >
> > > regards
> > > klaus
> > >
> > >
> > > _______________________________________________
> > > Serusers mailing list
> > > serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> > >
> > >
> > >
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
> >
>

More information about the sr-users mailing list