<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello,</p>
<p>if it happens also between INVITE and 200ok or between 200ok and
the ACK, then very likely sending the OPTIONS will not help.
Probably the far end routers have a broken implementation of NAT.</p>
<p>Is this happening only for a specific group of users, or happens
randomly for different users?</p>
<p>Cheers,<br>
Daniel<br>
</p>
<br>
<div class="moz-cite-prefix">On 05.04.17 14:25, Abdoul Osséni wrote:<br>
</div>
<blockquote
cite="mid:CABc7nxtKC9Y7BgKJGWuTV-9PS3Mjot+Emt2_Ew+qxLx6E__G5w@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>Hello,</div>
<div><br>
</div>
<div>Thanks for this feedback.</div>
<div><br>
</div>
<div>Here the description of the issue I am trying to solve.</div>
<div><br>
</div>
<div>I use already tcp_keepalive.</div>
<div><br>
</div>
<div>Call flow is:</div>
<div>UACs --> Nat device --> Kamailio</div>
<div><br>
</div>
<div>Transport protocol is TLS.</div>
<div><br>
</div>
<div>Kamailio sends TCPs keepalive (tcp_keepalive option) to the
softphone located behind the nat devices in order to prevent
disconnection due to network inactivity.</div>
<div>In most cases I have the expected behavior, I do not have
any problems.</div>
<div><br>
</div>
<div>I think somes NAT devices don't properly handle TCPs
keepalive because they close the connection after TCP
keepalives.</div>
<div>I have always this issue with NAT devices using
VSS-Monitoring protocol.</div>
<div><br>
</div>
<div>A network capture shows:</div>
<div>- Kamailio sends a tcp keepalive </div>
<div>- The NAT device sends a tck keepalive ACK to Kamailio with
a new filed : vss-monitoring</div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Frame
70: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)</div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Linux
cooked capture</div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Internet
Protocol Version 4, Src: x.x.x.x, Dst: x.x.x.x</div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Transmission
Control Protocol, Src Port: 13178, Dst Port: 443, Seq: 2752,
Ack: 6214, Len: 0</div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span><font
color="#ff0000"><b>VSS-Monitoring ethernet trailer, Source
Port: 0</b></font></div>
<div><font color="#ff0000"><b><span class="gmail-Apple-tab-span" style="white-space:pre"> </span>Src
Port: 0</b></font></div>
<div><br>
</div>
<div>- Kamailio received then a TCP from the NAT device that
notifies the closure of the connection.</div>
<div><br>
</div>
<div>Frame 73: 87 bytes on wire (696 bits), 87 bytes captured
(696 bits)</div>
<div>Linux cooked capture</div>
<div>Internet Protocol Version 4, Src: x.x.x.x, Dst: x.x.x.x</div>
<div>Transmission Control Protocol, Src Port: 13178, Dst Port:
443, Seq: 3436, Ack: 6214, Len: 31</div>
<div>Secure Sockets Layer</div>
<div><font color="#ff0000"> TLSv1.2 Record Layer: Alert
(Level: Warning, Description: Close Notify)</font></div>
<div><font color="#ff0000"> Content Type: Alert (21)</font></div>
<div><font color="#ff0000"> Version: TLS 1.2 (0x0303)</font></div>
<div><font color="#ff0000"> Length: 26</font></div>
<div><font color="#ff0000"> Alert Message</font></div>
<div><font color="#ff0000"> Level: Warning (1)</font></div>
<div><font color="#ff0000"> Description: Close Notify
(0)</font></div>
<div><span class="gmail-Apple-tab-span" style="white-space:pre"> </span></div>
<div>
<div>- After a FIN ACK sent to Kamailio by the NAT device, a
new tcp three-way handshake is made again.</div>
</div>
<div><br>
</div>
<div>Sometimes, I have this issue during the connection
establishment that cause a problem of sending or receiving SIP
messages (for examples 200 OK and ACK).</div>
<div><br>
</div>
<div><br>
</div>
<div>The advantage of the SIP ping options is a bidirectional
traffic through NAT. I think in this case, my issue will be
solved.</div>
<div><br>
</div>
<div>Regards</div>
<div>Abdoul OSSENI<span class="gmail-Apple-tab-span" style="white-space:pre"> </span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2017-04-05 12:48 GMT+02:00
Daniel-Constantin Mierla <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:miconda@gmail.com"
target="_blank">miconda@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hello,</p>
<p>nathelper module does ping OPTIONS only for UDP.</p>
<p>For tcp/tls, there is transport layer keepalive:</p>
<p> - <a moz-do-not-send="true"
class="m_7231374981887589031moz-txt-link-freetext"
href="https://www.kamailio.org/wiki/cookbooks/5.0.x/core#tcp_keepalive"
target="_blank">https://www.kamailio.org/wiki/<wbr>cookbooks/5.0.x/core#tcp_<wbr>keepalive</a><br>
</p>
What is the problem you are trying to solve with this?
Maybe there are some other options for it.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<div class="m_7231374981887589031moz-cite-prefix">On
31.03.17 13:03, Abdoul Osséni wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>Is it possible to send ping OPTIONS over tcp or
tls?</div>
<div><br>
</div>
<div>If yes, could you me how?</div>
<div><br>
</div>
<div>Regards</div>
<div>Abdoul.</div>
</div>
<br>
<fieldset
class="m_7231374981887589031mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a moz-do-not-send="true" class="m_7231374981887589031moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a>
<a moz-do-not-send="true" class="m_7231374981887589031moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/<wbr>cgi-bin/mailman/listinfo/sr-<wbr>users</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<pre class="m_7231374981887589031moz-signature" cols="72">--
Daniel-Constantin Mierla
<a moz-do-not-send="true" class="m_7231374981887589031moz-txt-link-abbreviated" href="http://www.twitter.com/miconda" target="_blank">www.twitter.com/miconda</a> -- <a moz-do-not-send="true" class="m_7231374981887589031moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda" target="_blank">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - May 22-24 (USA) - <a moz-do-not-send="true" class="m_7231374981887589031moz-txt-link-abbreviated" href="http://www.asipto.com" target="_blank">www.asipto.com</a>
Kamailio World Conference - May 8-10, 2017 - <a moz-do-not-send="true" class="m_7231374981887589031moz-txt-link-abbreviated" href="http://www.kamailioworld.com" target="_blank">www.kamailioworld.com</a></pre>
</font></span></div>
</blockquote></div>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - May 22-24 (USA) - <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
Kamailio World Conference - May 8-10, 2017 - <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a></pre></body></html>