Forum Discussion
John_Krum
Cirrus
CirrusCan you stop RST from being sent by VIP
I work for a large regional public transportation company. We are in the beginning process of rolling out phones with a VoIP over the top application on them. This will eliminate the need for radios ...
Kevin_Stewart
Employee
EmployeeTCP port 853 is usually DNS-over-TLS (DoT).
- Are you handling DNS at the BIG-IP?
- Are you attempting to decrypt this DoT at the VIP? And proxy to another DoT, or pure DNS resolver?
John_KrumKevin,
I have 3 DNS servers in a pool, that sit behind a VIP 10.0.12.14. The VIP is UDP port 53. In trouble shooting these Sonim cell phones running an Over the Top VoIP application for some reason try and do DoT to the VIP. The VIP sends a RST, the phone drops the cell connection (really it swaps virtual nics, which in the cell world is miliseconds) but with that the application waits 30 seconds and reconnects. This is all over a private cellular network (an APN) so I can pcap ingress cell traffic and have a phone sitting next to me, and when the phone beeps a warning that it is offline, seconds before this RST is sent from the vip to my phone.
With this information I wondered if I could instruct the VIP to just ignore, vs sending a RST to the device.
After posting the initial question I have learned additional information regarding the phone and qualicom chip set. Once this trouble happens I have to pull the battery to start a fresh VoIP session, otherwise every 3 to 5 min. this disconnect happens. (and the TCP over 853 to the VIP as well) So this really isn't and never intended to be a fix, just maybe used to help roll out the phones.
- Kevin_Stewart
Yes, but is it doing a RST after trying and failing to establish a TLS handshake? You should see a ClientHello coming from the client after 3WHS, and the probably failure after that.