[Freeswitch-users] The SIPTLS/SRTP B2BUA saga continues

Anthony Minessale anthony.minessale at gmail.com
Wed Sep 3 21:14:29 MSD 2014 

The transport itself (tls) has no problem.  The call attempt was initiated
and terminated properly via SIP over TLS.
As Kristian says, the 477 Send Failed is a proxy specific error.  Google
for "477 Send Failed" or "477 Send Failed tls"  and find lots of info.

His suggestion to remove headers etc is based on trying to figure out
without any clues why its sending the 477.
Some devices on the other end of the router may have some crazy interop
issue (we've seen it over and over again) so that's why he suggests
removing non-std headers.

The provider is in a much better position to diagnose this because its
their router sending the 477 and they should easily be able to determine
why by tracing a call.
Most likely the call path taken by calls routed over TLS is configured
wrong or some other unknown element is in play.


In the future, please do not flame our volunteers.   It was clearly an
oversight and I'd hate to have people trying to help on the project have a
bad day and not want to help anymore because they get berated by the people
they are trying to help.  We don't tolerate that kind of exchange on this
list and we will moderate if need be.




On Wed, Sep 3, 2014 at 11:48 AM, Tim Smith <randomdev4 at gmail.com> wrote:

> Hi Kristian,
>
> >You could try removing the FreeSWITCH X- header (some providers don't
> > like those) and simplifying the User-Agent header (for kicks).
>
> Even if calls connect fine over TCP/UDP ?
>
> Literally the only change I need to make to break things is to set
> "<param name="register-transport" value="tls"/>" in their profile.
>
> On 3 September 2014 17:39, Kristian Kielhofner <kris at kriskinc.com> wrote:
> > All of that aside...
> >
> > Your provider is clearly using a SER proxy of some type (OpenSIPS,
> > Kamailio) and the TM module documentation seems to indicate that a 477
> > Send Failed is an upstream error of some sort.
> >
> > You could try removing the FreeSWITCH X- header (some providers don't
> > like those) and simplifying the User-Agent header (for kicks).
> >
> > On Wed, Sep 3, 2014 at 12:27 PM, Tim Smith <randomdev4 at gmail.com> wrote:
> >> Oh Russell !
> >>
> >> Are you deliberately trying to make me angry or something ?
> >>
> >> I'm sure you're a perfectly intelligent guy.  Playing the stupid card
> >> really doesn't suit you !
> >>
> >> Which part of "to protect the innocent, the following IP mappings have
> >> been applied"  do you fail to comprehend ?
> >>
> >> I don't think I could have made it any clearer ?
> >>
> >> But just to spell it out to you .....
> >>
> >> I
> >> took
> >> the
> >> original
> >> IP
> >> addresses
> >> and
> >> obfuscated
> >> them
> >> because
> >> I
> >> do
> >> not
> >> see
> >> why
> >> I
> >> should
> >> plaster
> >> the
> >> public
> >> IP
> >> addresses
> >> all
> >> over
> >> the
> >> internet
> >>
> >> The VoIP provider is a public IP
> >> The Freeswitch server is a public IP
> >> There is no NAT or any other funny business going on.  Not between the
> >> VOIP Provider and Freeswitch, and not between Freeswitch and the
> >> client phone.
> >>
> >> It is therefore none of your darn business what the real IP addresses
> >> are because it won't help your troubleshooting whatsoever !
> >>
> >>
> >>
> >>
> >> On 3 September 2014 17:18, Russell Treleaven <rtreleaven at bunnykick.ca>
> wrote:
> >>> I did read it.
> >>> What I mean is if the address of the server is rfc 1918 it is not
> routable
> >>> over the internet.
> >>>
> >>> Do you have a tunnel to the provider?
> >>>
> >>>
> >>>
> >>> On Wed, Sep 3, 2014 at 12:15 PM, Tim Smith <randomdev4 at gmail.com>
> wrote:
> >>>>
> >>>> Russell Treleaven,
> >>>>
> >>>> Please try reading my original post whereby I clearly said .......
> >>>>
> >>>>
> >>>>
> >>>> On 3 September 2014 17:08, Russell Treleaven <rtreleaven at bunnykick.ca
> >
> >>>> wrote:
> >>>> > 172.16.1.2 = VoIP Provider  (TLS/SRTP)
> >>>> >
> >>>> > Its interesting that your voip provider has a private ip address.
> >>>> >
> >>>> >
> >>>> > On Wed, Sep 3, 2014 at 11:28 AM, Tim Smith <randomdev4 at gmail.com>
> wrote:
> >>>> >>
> >>>> >> Siptrace at http://pastebin.freeswitch.org/pastebin.php?dl=23211
> >>>> >>
> >>>> >> To protect the innocent, the following IP mappings have been
> applied :
> >>>> >>
> >>>> >> 10.1.2.3 = SIP Phone (no TLS/SRTP support)
> >>>> >> 172.16.1.2 = VoIP Provider  (TLS/SRTP)
> >>>> >> 192.168.1.11 = Freeswitch B2BUA
> >>>> >>
> >>>> >> The VoIP provider has had sight of this siptrace and flatly denies
> its
> >>>> >> a problem on their side and says its a problem on my side.
> >>>> >>
> >>>> >>
> >>>> >> There are millions of Freeswitch XML configuration files and I'd
> >>>> >> really appreciate a pointer in the right direction !
> >>>> >>
> >>>> >>
> >>>> >>
> _________________________________________________________________________
> >>>> >> Professional FreeSWITCH Consulting Services:
> >>>> >> consulting at freeswitch.org
> >>>> >> http://www.freeswitchsolutions.com
> >>>> >>
> >>>> >> Official FreeSWITCH Sites
> >>>> >> http://www.freeswitch.org
> >>>> >> http://confluence.freeswitch.org
> >>>> >> http://www.cluecon.com
> >>>> >>
> >>>> >> 
> >>>> >> 
> >>>> >>
> >>>> >> FreeSWITCH-users mailing list
> >>>> >> FreeSWITCH-users at lists.freeswitch.org
> >>>> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>> >>
> >>>> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>> >> http://www.freeswitch.org
> >>>> >
> >>>> >
> >>>> >
> >>>> >
> >>>> >
> _________________________________________________________________________
> >>>> > Professional FreeSWITCH Consulting Services:
> >>>> > consulting at freeswitch.org
> >>>> > http://www.freeswitchsolutions.com
> >>>> >
> >>>> > Official FreeSWITCH Sites
> >>>> > http://www.freeswitch.org
> >>>> > http://confluence.freeswitch.org
> >>>> > http://www.cluecon.com
> >>>> >
> >>>> > 
> >>>> > 
> >>>> >
> >>>> > FreeSWITCH-users mailing list
> >>>> > FreeSWITCH-users at lists.freeswitch.org
> >>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>> > UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>> > http://www.freeswitch.org
> >>>>
> >>>>
> _________________________________________________________________________
> >>>> Professional FreeSWITCH Consulting Services:
> >>>> consulting at freeswitch.org
> >>>> http://www.freeswitchsolutions.com
> >>>>
> >>>> Official FreeSWITCH Sites
> >>>> http://www.freeswitch.org
> >>>> http://confluence.freeswitch.org
> >>>> http://www.cluecon.com
> >>>>
> >>>> 
> >>>> 
> >>>>
> >>>> FreeSWITCH-users mailing list
> >>>> FreeSWITCH-users at lists.freeswitch.org
> >>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>>> http://www.freeswitch.org
> >>>
> >>>
> >>>
> >>>
> _________________________________________________________________________
> >>> Professional FreeSWITCH Consulting Services:
> >>> consulting at freeswitch.org
> >>> http://www.freeswitchsolutions.com
> >>>
> >>> Official FreeSWITCH Sites
> >>> http://www.freeswitch.org
> >>> http://confluence.freeswitch.org
> >>> http://www.cluecon.com
> >>>
> >>> 
> >>> 
> >>>
> >>> FreeSWITCH-users mailing list
> >>> FreeSWITCH-users at lists.freeswitch.org
> >>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >>> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >>> http://www.freeswitch.org
> >>
> >>
> _________________________________________________________________________
> >> Professional FreeSWITCH Consulting Services:
> >> consulting at freeswitch.org
> >> http://www.freeswitchsolutions.com
> >>
> >> Official FreeSWITCH Sites
> >> http://www.freeswitch.org
> >> http://confluence.freeswitch.org
> >> http://www.cluecon.com
> >>
> >> 
> >> 
> >>
> >> FreeSWITCH-users mailing list
> >> FreeSWITCH-users at lists.freeswitch.org
> >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> >> UNSUBSCRIBE:
> http://lists.freeswitch.org/mailman/options/freeswitch-users
> >> http://www.freeswitch.org
> >
> >
> >
> > --
> > Kristian Kielhofner
> >
> > _________________________________________________________________________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://confluence.freeswitch.org
> > http://www.cluecon.com
> >
> > 
> > 
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> 
> 
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Anthony Minessale II       ♬ @anthmfs  ♬ @FreeSWITCH  ♬

☞ http://freeswitch.org/http://cluecon.com/http://twitter.com/FreeSWITCH
☞ irc.freenode.net #freeswitch ☞ *http://freeswitch.org/g+
<http://freeswitch.org/g+>*

ClueCon Weekly Development Call
☎ sip:888 at conference.freeswitch.org  ☎ +19193869900
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140903/2a15c63c/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list