[Freeswitch-users] Is it possible to force FreeSWITCH/Sofia to use only one port TLS?

Sat Jul 19 09:44:20 MSD 2014

On 07/18/2014 09:55 AM, Michael Jerris wrote:
> A text sip trace of the whole thing would help in figure out what exactly is going on.
>
> On Jul 18, 2014, at 11:28 AM, Trever L. Adams <trever at middleearth.sapphiresunday.org> wrote:
>
>> https://wiki.freeswitch.org/wiki/SIP_TLS#Limitations_of_the_Freeswitch_TLS.2FSSLv23_Implementation_.28FS-3877.29
>> mentions that lib_sofia and FreeSWITCH uses two ports, by default, for
>> TLS (client -> server for registration and client to server signaling,
>> and server->client for NOTIFYs, etc.).
>>
>> In one setup, I need to get CSIPSIMPLE (an Android SIP client with ZRTP
>> support) working. It appears to accept the server->client connections,
>> but will not ring, etc. for incoming calls. This does seem to be a bug
>> there, and it only exists with TLS (not tcp/udp).
>>
>> So, is it possible to force FreeSWITCH/Sofia to use the client->server
>> connection for server->client NOTIFYs?
>>
>> Thank you,
>> Trever
Hello Michael and Everyone,

It appears I misread the tcpdump. The problem is csipsimple isn't even
accepting the connection, at least if I am reading the higher sofia
debug level (which I thought I had on yesterday) correctly:

nua.c:633 nua_invite() nua: nua_invite: entering
nua_stack.c:529 nua_signal() nua(0x7fcbf0025a50): sent signal r_invite
2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:40
sofia/internal/sip:2005 at 10.1.1.188:58647 Standard INIT
2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:48
(sofia/internal/sip:2005 at 10.1.1.188:58647) State Change CS_INIT ->
CS_ROUTING
2014-07-18 23:37:39.368722 [DEBUG] switch_core_session.c:1387 Send
signal sofia/internal/sip:2005 at 10.1.1.188:58647 [BREAK]
nua_stack.c:569 nua_stack_signal() nua(0x7fcbf0025a50): recv signal r_invite
2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:510
(sofia/internal/sip:2005 at 10.1.1.188:58647) State INIT going to sleep
nua_params.c:480 nua_stack_set_params() nua: nua_stack_set_params: entering
soa.c:280 soa_clone() soa_clone(static::0x7fcbf8001930, 0x7fcbf8001130,
0x7fcbf0025a50) called
soa.c:403 soa_set_params() soa_set_params(static::0x7fcbf80530e0, ...)
called
soa.c:403 soa_set_params() soa_set_params(static::0x7fcbf80530e0, ...)
called
soa.c:1052 soa_set_user_sdp() soa_set_user_sdp(static::0x7fcbf80530e0,
(nil), 0x7fcbf00270bb, -1) called
soa.c:890 soa_set_capability_sdp()
soa_set_capability_sdp(static::0x7fcbf80530e0, (nil), 0x7fcbf00270bb,
-1) called
nua_dialog.c:338 nua_dialog_usage_add() nua(0x7fcbf0025a50): adding
session usage
nta.c:4415 nta_leg_tcreate() nta_leg_tcreate(0x7fcbf8040190)
soa.c:1302 soa_init_offer_answer()
soa_init_offer_answer(static::0x7fcbf80530e0) called
soa.c:1426 soa_generate_offer()
soa_generate_offer(static::0x7fcbf80530e0, 0) called
soa_static.c:1137 offer_answer_step()
soa_static_offer_answer_action(0x7fcbf80530e0, soa_generate_offer): called
soa_static.c:1168 offer_answer_step() soa_static(0x7fcbf80530e0,
soa_generate_offer): generating local description
soa_static.c:1196 offer_answer_step() soa_static(0x7fcbf80530e0,
soa_generate_offer): upgrade with local description
soa_static.c:1020 soa_sdp_mode_set() soa_sdp_mode_set(0x7fcc202ce990,
(nil), ""): called
soa_static.c:1425 offer_answer_step() soa_static(0x7fcbf80530e0,
soa_generate_offer): storing local description
soa.c:1270 soa_get_local_sdp() soa_get_local_sdp(static::0x7fcbf80530e0,
[(nil)], [0x7fcc202d0ab8], [0x7fcc202d0ab4]) called
2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:470
(sofia/internal/sip:2005 at 10.1.1.188:58647) Running State Change CS_ROUTING
nta.c:2665 nta_tpn_by_url() nta: selecting scheme sip
tport.c:3257 tport_tsend() tport_tsend(0x7fcbf8005110) tpn =
TLS/10.1.1.188:58647
tport.c:4046 tport_resolve() tport_resolve addrinfo = 10.1.1.188:58647
tport.c:4680 tport_by_addrinfo() tport_by_addrinfo(0x7fcbf8005110): not
found by name TLS/10.1.1.188:58647
tport.c:862 tport_alloc_secondary()
tport_alloc_secondary(0x7fcbf8005110): new secondary tport 0x7fcbf8010cb0
2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:526
(sofia/internal/sip:2005 at 10.1.1.188:58647) State ROUTING
tport_type_tcp.c:203 tport_tcp_init_secondary()
tport_tcp_init_secondary(0x7fcbf8010cb0): Setting TCP_KEEPIDLE to 30
tport_type_tcp.c:209 tport_tcp_init_secondary()
tport_tcp_init_secondary(0x7fcbf8010cb0): Setting TCP_KEEPINTVL to 30
2014-07-18 23:37:39.368722 [DEBUG] mod_sofia.c:123
sofia/internal/sip:2005 at 10.1.1.188:58647 SOFIA ROUTING
2014-07-18 23:37:39.368722 [DEBUG] switch_ivr_originate.c:67
(sofia/internal/sip:2005 at 10.1.1.188:58647) State Change CS_ROUTING ->
CS_CONSUME_MEDIA
2014-07-18 23:37:39.368722 [DEBUG] switch_core_session.c:1387 Send
signal sofia/internal/sip:2005 at 10.1.1.188:58647 [BREAK]
2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:526
(sofia/internal/sip:2005 at 10.1.1.188:58647) State ROUTING going to sleep
tport_type_tls.c:683 tport_tls_connect()
tport_tls_connect(0x7fcbf8010cb0): connecting to tls/10.1.1.188:58647/sips
tport.c:2296 tport_set_secondary_timer() tport(0x7fcbf8010cb0): reset timer
tport.c:3782 tport_queue() tport_queue(0x7fcbf8010cb0): queueing
0x7fcbf8014a50 for tls/10.1.1.188:58647
nta.c:8302 outgoing_send() nta: sent INVITE (62538065) to
TLS/10.1.1.188:58647
tport.c:4160 tport_pend() tport_pend(0x7fcbf8010cb0): pending
0x7fcbf8014a50 for tls/10.1.1.188:58647 (already 0)
nua_session.c:4137 signal_call_state_change() nua(0x7fcbf0025a50): call
state changed: init -> calling, sent offer
soa.c:1270 soa_get_local_sdp() soa_get_local_sdp(static::0x7fcbf80530e0,
[0x7fcc202d0aa8], [0x7fcc202d0ab0], [(nil)]) called
2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:470
(sofia/internal/sip:2005 at 10.1.1.188:58647) Running State Change
CS_CONSUME_MEDIA
nua_stack.c:269 nua_stack_event() nua(0x7fcbf0025a50): event i_state
INVITE sent
nua_stack.c:359 nua_application_event() nua: nua_application_event: entering
2014-07-18 23:37:39.368722 [DEBUG] switch_core_session.c:1052 Send
signal sofia/internal/sip:2005 at 10.1.1.188:58647 [BREAK]
nua.c:366 nua_handle_magic() nua: nua_handle_magic: entering
2014-07-18 23:37:39.368722 [DEBUG] sofia.c:6364 Channel
sofia/internal/sip:2005 at 10.1.1.188:58647 entering state [calling][0]
nua.c:366 nua_handle_magic() nua: nua_handle_magic: entering
2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:545
(sofia/internal/sip:2005 at 10.1.1.188:58647) State CONSUME_MEDIA
2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:545
(sofia/internal/sip:2005 at 10.1.1.188:58647) State CONSUME_MEDIA going to
sleep
tport_tls.c:919 tls_connect() tls_connect(0x7fcbf8010cb0): events CONNECTING
tport_tls.c:919 tls_connect() tls_connect(0x7fcbf8010cb0): events
NEGOTIATING
tport_tls.c:1008 tls_connect() tls_connect(0x7fcbf8010cb0): TLS setup
failed (error:00000001:lib(0):func(0):reason(1))
tport.c:2090 tport_close() tport_close(0x7fcbf8010cb0):
tls/10.1.1.188:58647/sips
tport.c:4222 tport_release() tport_release(0x7fcbf8010cb0):
0x7fcbf8014a50 by 0x7fcbf800d940 with (nil)
nta.c:9099 outgoing_timer_dk() nta: timer D fired, terminate INVITE
(62538034)
tport.c:2263 tport_set_secondary_timer() tport(0x7fcbf8036b10): set
timer at 0 ms because zap
nta.c:8797 outgoing_reclaim_queued() outgoing_reclaim_all((nil), (nil),
0x7fcc202d0c80)
nta.c:8927 _nta_outgoing_timer() nta_outgoing_timer: 0/0 resent, 0/1
tout, 1/1 term, 1/2 free
nta.c:1296 agent_timer() nta: timer set next to 29920 ms

So, it does indeed appear to be the two port issue that is a problem.
So, is there anyway to force FreeSWITCH/Sofia to use only one port for
TLS? I imagine this is a huge problem with NAT and many other firewall
setups as well.

Any help could be greatly appreciated. It appears I am not the only one
(http://www.marshut.com/iwtiyt/tls-not-work-after-update.html)

Thank you,
Trever

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140718/7fb3e671/attachment.bin 