[asterisk-bugs] [JIRA] (ASTERISK-27001) PJSIP TLS connection not stable
Ian Gilmour (JIRA)
noreply at issues.asterisk.org
Tue May 16 06:05:57 CDT 2017
Ian Gilmour created ASTERISK-27001:
--------------------------------------
Summary: PJSIP TLS connection not stable
Key: ASTERISK-27001
URL: https://issues.asterisk.org/jira/browse/ASTERISK-27001
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: pjproject/pjsip
Affects Versions: 13.15.0
Environment: centos 6.8(64-bit)
Reporter: Ian Gilmour
Hi,
I have a development Asterisk 13.15.0 test setup (uses the bundled pjsip-2.6).
On startup Asterisk registers 1 Asterisk users with a remote OpenSIPS server, over TLS, using the PJSIP stack. As part of the test this Asterisk PJSIP user is reregistered with OpenSIPS Server every couple of mins.
All outgoing/incoming pjsip call media is encrypted using SRTP and via an external RTPPROXY running alongside the external OpenSIPS Server.
Asterisk is additionally configured to use PJSIP on 127.0.0.1:5060 to allow calls from a locally run SIPp process. All SIPp calls are TCP+RTP.
I use SIPp to run multiple concurrent loopback calls (calls vary in
duration) through Asterisk to the OpenSIPS server and back to an echo() service running on the same Asterisk).
i.e.
{noformat}
SIPp <-TCP/RTP-> Asterisk <-TLS/SRTP->
OpenSIPS server (+ rtpproxy) <-TLS/SRTP-> Asterisk (echo service).
{noformat}
With no calls running the PJSIP TLS connection stays up and I see it reregistering the user every ~2mins.
When I start to run the SIPp test I start seeing the PJSIP stack having TLS issues - closing the current TCP port as a result, in this state outgoing SIPp calls obviously start failing.
A few seconds later Asterisk (PJSIP) opens a new port, reregistering with the OpenSIPS server, and the calls continue.
If I switch Asterisk to use the chan_sip stack rather than the PJSIP stack for the TLS connection to the OpenSIPS server the connection stays up with no call failures.
I patched a couple of PJSIP files to help me see what's going on and I have played with the PJSIP TLS code. I can improve the reliability of the connection by ignoring a specific error condition (see the code within #if EXPERIMENTAL...#endif in the attached patch).
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list