[Freeswitch-users] Yealink T48G and TLS

Yehavi Bourvine yehavi.bourvine at gmail.com
Fri Apr 25 22:19:01 MSD 2014


Hi,

  There might be two issues here:

1. Yealink had a bug in TLS omplementation and FreeSwitch. This has been
fixed about a month ago, so make sure you are using the latest firmware.
2. Make sure you set:
        <action application="set" data="sip_secure_media=true"/>
        <action application="export" data="nolocal:sip_secure_media=true"/>
        <action application="set" data="rtp_secure_media=true"/>
        <action application="export" data="nolocal:rtp_secure_media=true"/>

before calling the phone (some of the above lines might be superfluous, but
I didn't bother to check it).

                        Regards, __Yehavi:


2014-04-25 16:38 GMT+03:00 Iskren Hadzhinedev <iskren.hadzhinedev at ikiji.com>
:

>  Hello everyone,
>
> Just got a couple of new Yealink T48G phones and I am having a couple of
> rather weird (at least for me) issues with them.
>
>
>
> Whenever I enable TLS authentication on the phones, they register with the
> FreeSWITCH box but there's no media on the
>
> outbound calls and I'm unable to get any incoming calls at all. If I
> switch the authentication protocol to TCP or UDP it's all
>
> working good. I tried enabling/disabling SRTP for all 3 protocols and it
> kept the behaviour consistent.
>
>
>
> All calls made are local (registered to the same FreeSWITCH box) and only
> these phones have any issues with calls.
>
> I can call someone from the Yealink and then add another person in a 3-way
> conference.
>
> That way the two remote parties can hear eachother, but the Yealink is
> dead silent.
>
>
>
> Here's the profile on which all phones are connected:
>
>
>
> <profile name="local">
>
> <domains>
>
> <domain name="all" alias="true" parse="false"/>
>
> </domains>
>
> <settings>
>
> <param name="debug" value="0"/>
>
> <param name="sip-trace" value="no"/>
>
> <param name="sip-capture" value="no"/>
>
> <param name="watchdog-enabled" value="no"/>
>
> <param name="watchdog-step-timeout" value="30000"/>
>
> <param name="watchdog-event-timeout" value="30000"/>
>
> <param name="log-auth-failures" value="true"/>
>
> <param name="forward-unsolicited-mwi-notify" value="false"/>
>
> <param name="rfc2833-pt" value="101"/>
>
> <param name="sip-port" value="5060"/>
>
> <param name="dialplan" value="XML"/>
>
> <param name="liberal-dtmf" value="true"/>
>
> <param name="dtmf-duration" value="2000"/>
>
> <param name="inbound-codec-prefs" value="SILK,OPUS,G722,PCMU,PCMA,GSM"/>
>
> <param name="outbound-codec-prefs" value="PCMU,PCMA,GSM"/>
>
> <param name="rtp-timer-name" value="soft"/>
>
> <param name="rtp-ip" value="$${local_ip_v4}"/>
>
> <param name="sip-ip" value="$${local_ip_v4}"/>
>
> <param name="hold-music" value="local_stream://moh"/>
>
> <param name="record-path" value="$${base_dir}/recordings"/>
>
> <param name="record-template"
> value="${caller_id_number}.${target_domain}.${strftime(%Y-%m-%d-%H-%M-%S)}.wav"/>
>
> <param name="manage-presence" value="true"/>
>
> <param name="inbound-codec-negotiation" value="generous"/>
>
> <param name="tls" value="true"/>
>
> <param name="tls-only" value="false"/>
>
> <param name="tls-version" value="tlsv1"/>
>
> <param name="tls-bind-params" value="transport=tls"/>
>
> <param name="tls-sip-port" value="5061"/>
>
> <param name="tls-cert-dir" value="$${base_dir}/conf/ssl"/>
>
> <param name="tls-verify-date" value="true"/>
>
> <param name="inbound-late-negotiation" value="true"/>
>
> <param name="inbound-zrtp-passthru" value="true"/>
>
> <param name="nonce-ttl" value="60"/>
>
> <param name="auth-calls" value="yes"/>
>
> <param name="inbound-reg-force-matching-username" value="true"/>
>
> <param name="auth-all-packets" value="false"/>
>
> <param name="ext-rtp-ip" value="$${local_ip_v4}"/>
>
> <param name="ext-sip-ip" value="$${local_ip_v4}"/>
>
> <param name="challenge-realm" value="auto_from"/>
>
> </settings>
>
> </profile>
>
>
>
> and (due to their sizes) a tport log, a siptrace for an outgoing call from
> the Yealink and an incoming call (that never rings the phone) with TLS
> enabled.
>
>
>
> The whole setup is:
>
> FreeSWITCH -- Internet -- NAT Router -- Yealink and Android phone (in
> different subnets so no direct LAN communication between them)
>
>
>
> Any thoughts are greatly appreciated.
>
> Thanks in advance!
>
>
>
> Kind regards,
> --
>
> Iskren Hadzhinedev
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140425/b4e4ec68/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list