[Freeswitch-users] Yealink T48G and TLS

Tue Apr 29 11:37:29 MSD 2014

Hi,

A few questions/requests:

- What is the firmware version of the phone?
- Can you send me the configuration files you are using for the phone?
- Can you send a full debug from Freeswitch, not only the Tport one? Having
this interleaved with SIPTRACE can help correlating the events.

            Regards, __Yehavi:

2014-04-26 1:57 GMT+03:00 Iskren Hadzhinedev <iskren.hadzhinedev at ikiji.com>:

>  On Friday 25 April 2014 21:19:01 Yehavi Bourvine wrote:
>
> > Hi,
>
> Hello, thank you for the advice!
>
> >
>
> > There might be two issues here:
>
> >
>
> > 1. Yealink had a bug in TLS omplementation and FreeSwitch. This has been
>
> > fixed about a month ago, so make sure you are using the latest firmware.
>
> There was an update from 18 April that I just applied but it had no effect
> on the issue. I did a factory reset and reconfigured the phone after the
> update but nothing changed.
>
> > 2. Make sure you set:
>
> > <action application="set" data="sip_secure_media=true"/>
>
> > <action application="export" data="nolocal:sip_secure_media=true"/>
>
> > <action application="set" data="rtp_secure_media=true"/>
>
> > <action application="export" data="nolocal:rtp_secure_media=true"/>
>
> >
>
> I didn't have the ones with "nolocal". I added them however, but it still
> didn't make a difference. What I noticed is that the SRTP is working fine,
> even when I'm using TCP/UDP for SIP, it sends the correct messages and the
> audio is working just fine (all other phones are set to mandatory SRTP so
> they can't establish a call when SRTP is not working on the other end).
> However I tried TLS with unencrypted media and that one failed too. I
> thought it's a NAT issue so I enabled a stun server on the phone, but
> strangely enough, that had no effect either. I'll try updating to latest
> git as this installation is a bit outdated, but since everything else is
> working I'm pretty confident it's not FreeSWITCH's fault.
>
> Thanks for the tips!
>
>
>
> > before calling the phone (some of the above lines might be superfluous,
> but
>
> > I didn't bother to check it).
>
> >
>
> > Regards, __Yehavi:
>
> >
>
> >
>
> > 2014-04-25 16:38 GMT+03:00 Iskren Hadzhinedev <
> iskren.hadzhinedev at ikiji.com>
>
> > > Hello everyone,
>
> > >
>
> > > Just got a couple of new Yealink T48G phones and I am having a couple
> of
>
> > > rather weird (at least for me) issues with them.
>
> > >
>
> > >
>
> > >
>
> > > Whenever I enable TLS authentication on the phones, they register with
> the
>
> > > FreeSWITCH box but there's no media on the
>
> > >
>
> > > outbound calls and I'm unable to get any incoming calls at all. If I
>
> > > switch the authentication protocol to TCP or UDP it's all
>
> > >
>
> > > working good. I tried enabling/disabling SRTP for all 3 protocols and
> it
>
> > > kept the behaviour consistent.
>
> > >
>
> > >
>
> > >
>
> > > All calls made are local (registered to the same FreeSWITCH box) and
> only
>
> > > these phones have any issues with calls.
>
> > >
>
> > > I can call someone from the Yealink and then add another person in a
> 3-way
>
> > > conference.
>
> > >
>
> > > That way the two remote parties can hear eachother, but the Yealink is
>
> > > dead silent.
>
> > >
>
> > >
>
> > >
>
> > > Here's the profile on which all phones are connected:
>
> > >
>
> > >
>
> > >
>
> > > <profile name="local">
>
> > >
>
> > > <domains>
>
> > >
>
> > > <domain name="all" alias="true" parse="false"/>
>
> > >
>
> > > </domains>
>
> > >
>
> > > <settings>
>
> > >
>
> > > <param name="debug" value="0"/>
>
> > >
>
> > > <param name="sip-trace" value="no"/>
>
> > >
>
> > > <param name="sip-capture" value="no"/>
>
> > >
>
> > > <param name="watchdog-enabled" value="no"/>
>
> > >
>
> > > <param name="watchdog-step-timeout" value="30000"/>
>
> > >
>
> > > <param name="watchdog-event-timeout" value="30000"/>
>
> > >
>
> > > <param name="log-auth-failures" value="true"/>
>
> > >
>
> > > <param name="forward-unsolicited-mwi-notify" value="false"/>
>
> > >
>
> > > <param name="rfc2833-pt" value="101"/>
>
> > >
>
> > > <param name="sip-port" value="5060"/>
>
> > >
>
> > > <param name="dialplan" value="XML"/>
>
> > >
>
> > > <param name="liberal-dtmf" value="true"/>
>
> > >
>
> > > <param name="dtmf-duration" value="2000"/>
>
> > >
>
> > > <param name="inbound-codec-prefs"
> value="SILK,OPUS,G722,PCMU,PCMA,GSM"/>
>
> > >
>
> > > <param name="outbound-codec-prefs" value="PCMU,PCMA,GSM"/>
>
> > >
>
> > > <param name="rtp-timer-name" value="soft"/>
>
> > >
>
> > > <param name="rtp-ip" value="$${local_ip_v4}"/>
>
> > >
>
> > > <param name="sip-ip" value="$${local_ip_v4}"/>
>
> > >
>
> > > <param name="hold-music" value="local_stream://moh"/>
>
> > >
>
> > > <param name="record-path" value="$${base_dir}/recordings"/>
>
> > >
>
> > > <param name="record-template"
>
> > >
> value="${caller_id_number}.${target_domain}.${strftime(%Y-%m-%d-%H-%M-%S)}
>
> > > .wav"/>
>
> > >
>
> > > <param name="manage-presence" value="true"/>
>
> > >
>
> > > <param name="inbound-codec-negotiation" value="generous"/>
>
> > >
>
> > > <param name="tls" value="true"/>
>
> > >
>
> > > <param name="tls-only" value="false"/>
>
> > >
>
> > > <param name="tls-version" value="tlsv1"/>
>
> > >
>
> > > <param name="tls-bind-params" value="transport=tls"/>
>
> > >
>
> > > <param name="tls-sip-port" value="5061"/>
>
> > >
>
> > > <param name="tls-cert-dir" value="$${base_dir}/conf/ssl"/>
>
> > >
>
> > > <param name="tls-verify-date" value="true"/>
>
> > >
>
> > > <param name="inbound-late-negotiation" value="true"/>
>
> > >
>
> > > <param name="inbound-zrtp-passthru" value="true"/>
>
> > >
>
> > > <param name="nonce-ttl" value="60"/>
>
> > >
>
> > > <param name="auth-calls" value="yes"/>
>
> > >
>
> > > <param name="inbound-reg-force-matching-username" value="true"/>
>
> > >
>
> > > <param name="auth-all-packets" value="false"/>
>
> > >
>
> > > <param name="ext-rtp-ip" value="$${local_ip_v4}"/>
>
> > >
>
> > > <param name="ext-sip-ip" value="$${local_ip_v4}"/>
>
> > >
>
> > > <param name="challenge-realm" value="auto_from"/>
>
> > >
>
> > > </settings>
>
> > >
>
> > > </profile>
>
> > >
>
> > >
>
> > >
>
> > > and (due to their sizes) a tport log, a siptrace for an outgoing call
> from
>
> > > the Yealink and an incoming call (that never rings the phone) with TLS
>
> > > enabled.
>
> > >
>
> > >
>
> > >
>
> > > The whole setup is:
>
> > >
>
> > > FreeSWITCH -- Internet -- NAT Router -- Yealink and Android phone (in
>
> > > different subnets so no direct LAN communication between them)
>
> > >
>
> > >
>
> > >
>
> > > Any thoughts are greatly appreciated.
>
> > >
>
> > > Thanks in advance!
>
> > >
>
> > >
>
> > >
>
> > > Kind regards,
>
> > > --
>
> > >
>
> > > Iskren Hadzhinedev
>
> > >
>
> > >
> _________________________________________________________________________
>
> > > Professional FreeSWITCH Consulting Services:
>
> > > consulting at freeswitch.org
>
> > > http://www.freeswitchsolutions.com
>
> > >
>
> > > 
>
> > > 
>
> > >
>
> > > Official FreeSWITCH Sites
>
> > > http://www.freeswitch.org
>
> > > http://wiki.freeswitch.org
>
> > > http://www.cluecon.com
>
> > >
>
> > > FreeSWITCH-users mailing list
>
> > > FreeSWITCH-users at lists.freeswitch.org
>
> > > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>
> > > UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
>
> > > http://www.freeswitch.org
>
>
> --
>
> Iskren Hadzhinedev
>
> System Administrator
>
> The Idea Factory | 20 Mearns Street | Aberdeen | AB11 5AT | UK
>
> T: 01224 607500
>
> VAT Reg No: 982 4936 74. Company registered in Scotland, SC237116
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140429/a530aa50/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sign_logo.png
Type: image/png
Size: 4641 bytes
Desc: not available
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140429/a530aa50/attachment-0001.png 