Re: [SR-Users] SRTP/TLS BYE Problem with One of the Legs of the Call

[conradcorde...@gmail.com]

Thank you very much Arsen.

Knowing that this was supposed to work was what I needed to know. I was 
only missing the NAT rule back to my phone system on the TLS port, which 
is where the BYE packet was being sent to.


All works perfectly now.

On 9/19/20 4:05 AM, Arsen Semenov wrote:

Hello Conrad,

Bit hard to say exactly without looking into logs/dumps but it seems 
like your call is long enough so router (if you have one) could 
timeout on nat tcp connection, thus the “bye” request can not reach 
uac. Just guessing.


Please check whether you have tcp keepalive enabled, example:
tcp_keepalive=yes
tcp_crlf_ping=yes
tcp_keepcnt=3
tcp_keepidle=30
tcp_keepintvl=30

Hope it helps.


On Sat, 19 Sep 2020 at 8:59 AM, conradcorde...@gmail.com 
 > wrote:


Hello,



Thank you for your reading this and for your help.



I'm a Kamailio newbie and managed to set up an edge proxy, which
works

perfectly on UDP traffic. I'm now attempting to deploy TLS/SRTP and

everything almost works perfectly. The single issue I'm having is
that

when either of the parties to an SRTP/TLS call disconnect, the other

party's call remains active. With UDP, when one of the parties

disconnects the call, the other leg of the call receives the BYE
command

and the call automatically disconnects.



This is how I have our infrastructure set up:



1. Twilio SIP Trunk with Secure Media enabled.



2. Kamailio 5.4.1 set up with TLS module, set to listen on TLS port

5061, SSL certificates from Let's Encrypt, route set to our phone
system.



3. Phone system is Asterisk.



As per above, everything works almost perfectly with TLS/SRTP. The
only

issue is that calls will not disconnect when one of the sides hang
up.

If I disable TLS/SRTP and use UDP only, everything works.



Audio is just fine with TLS/SRTP.



Does anyone know why calls with SRTP/TLS will not disconnect

automatically when one of the parties ends the call?



Thank you,



Conrad





___

Kamailio (SER) - Users Mailing List

sr-users@lists.kamailio.org 

https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users




--
Sent from Gmail Mobile

___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] SRTP/TLS BYE Problem with One of the Legs of the Call

[Arsen Semenov]

Hello Conrad,

Bit hard to say exactly without looking into logs/dumps but it seems like
your call is long enough so router (if you have one) could timeout on nat
tcp connection, thus the “bye” request can not reach uac. Just guessing.

Please check whether you have tcp keepalive enabled, example:
tcp_keepalive=yes
tcp_crlf_ping=yes
tcp_keepcnt=3
tcp_keepidle=30
tcp_keepintvl=30

Hope it helps.


On Sat, 19 Sep 2020 at 8:59 AM, conradcorde...@gmail.com <
conradcorde...@gmail.com> wrote:

> Hello,
>
>
>
> Thank you for your reading this and for your help.
>
>
>
> I'm a Kamailio newbie and managed to set up an edge proxy, which works
>
> perfectly on UDP traffic. I'm now attempting to deploy TLS/SRTP and
>
> everything almost works perfectly. The single issue I'm having is that
>
> when either of the parties to an SRTP/TLS call disconnect, the other
>
> party's call remains active. With UDP, when one of the parties
>
> disconnects the call, the other leg of the call receives the BYE command
>
> and the call automatically disconnects.
>
>
>
> This is how I have our infrastructure set up:
>
>
>
> 1. Twilio SIP Trunk with Secure Media enabled.
>
>
>
> 2. Kamailio 5.4.1 set up with TLS module, set to listen on TLS port
>
> 5061, SSL certificates from Let's Encrypt, route set to our phone system.
>
>
>
> 3. Phone system is Asterisk.
>
>
>
> As per above, everything works almost perfectly with TLS/SRTP. The only
>
> issue is that calls will not disconnect when one of the sides hang up.
>
> If I disable TLS/SRTP and use UDP only, everything works.
>
>
>
> Audio is just fine with TLS/SRTP.
>
>
>
> Does anyone know why calls with SRTP/TLS will not disconnect
>
> automatically when one of the parties ends the call?
>
>
>
> Thank you,
>
>
>
> Conrad
>
>
>
>
>
> ___
>
> Kamailio (SER) - Users Mailing List
>
> sr-users@lists.kamailio.org
>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>

-- 
Sent from Gmail Mobile
___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

[SR-Users] SRTP/TLS BYE Problem with One of the Legs of the Call

[conradcorde...@gmail.com]

Hello,

Thank you for your reading this and for your help.

I'm a Kamailio newbie and managed to set up an edge proxy, which works 
perfectly on UDP traffic. I'm now attempting to deploy TLS/SRTP and 
everything almost works perfectly. The single issue I'm having is that 
when either of the parties to an SRTP/TLS call disconnect, the other 
party's call remains active. With UDP, when one of the parties 
disconnects the call, the other leg of the call receives the BYE command 
and the call automatically disconnects.


This is how I have our infrastructure set up:

1. Twilio SIP Trunk with Secure Media enabled.

2. Kamailio 5.4.1 set up with TLS module, set to listen on TLS port 
5061, SSL certificates from Let's Encrypt, route set to our phone system.


3. Phone system is Asterisk.

As per above, everything works almost perfectly with TLS/SRTP. The only 
issue is that calls will not disconnect when one of the sides hang up. 
If I disable TLS/SRTP and use UDP only, everything works.


Audio is just fine with TLS/SRTP.

Does anyone know why calls with SRTP/TLS will not disconnect 
automatically when one of the parties ends the call?


Thank you,

Conrad


___
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users