<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Open a jire with a full debug login including sip tracing on<br><br>Sent from my iPhone</div><div><br>On Feb 13, 2015, at 7:57 PM, Emrah <<a href="mailto:lists@kavun.ch">lists@kavun.ch</a>> wrote:<br><br></div><blockquote type="cite"><div><meta http-equiv="Content-Type" content="text/html charset=us-ascii">Hi,<div class="">The issue is persistent. I am curious to know if anyone else on the list is experiencing this. It doesn't seem to have been reported before.</div><div class="">Should I dedicate a profile to TLS use only?</div><div class="">I also posted a message on the list about receiving options packet with the wrong transport. Are these 2 issues connected? Here is a copy paste of my message:</div><div class=""><div class=""><br class=""></div><div class="">My experience with FS and TLS has been rather mixed so far. It's been a little inconsistent in keeping NAT sessions up and users discoverable.</div><div class="">One thing I've noticed is that FS advertises the wrong information in option packets. The following is what I receive over my TLS session which is working on port 443.</div><div class=""><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">1.2.3.4:443 -(SIP over TLS)-> 10.0.0.99:51132</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">OPTIONS <a href="sip:53178246@10.0.0.99:56494;transport=tls;received=5.6.7.8:51132" class="">sip:53178246@10.0.0.99:56494;transport=tls;received=5.6.7.8:51132</a> SIP/2.0</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Via: SIP/2.0/TLS 1.2.3.4:443;branch=z9hG4bK6Kv171Q3U5rrD</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Route: <<a href="sip:53178246@5.6.7.8:51132" class="">sip:53178246@5.6.7.8:51132</a>>;transport=tls</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Max-Forwards: 70</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">From: <<a href="sip:mod_sofia@1.2.3.4:5060" class="">sip:mod_sofia@1.2.3.4:5060</a>>;tag=Q6XDFHeUUrcHD</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">To: <<a href="sip:user@domain.com" class="">sip:user@domain.com</a>></div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Call-ID: 0a052f23-34a8-4158-8c88-fd2a70ffb561_c2RhaSoOYBR6jfJe4ndLoTTKJMrO2gMv</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">CSeq: 71498568 OPTIONS</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Contact: <<a href="sip:mod_sofia@1.2.3.4:5060" class="">sip:mod_sofia@1.2.3.4:5060</a>></div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">User-Agent: FreeSWITCH</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Supported: timer, path, replaces</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Content-Length: 0</div></div><div class=""><br class=""></div><div class="">As you can see FS stamps the packet with a port 5060... No reference to port 443 with a transport=tls.</div><div class=""><br class=""></div><div class="">What shall be done?</div><div class=""><br class=""></div><div><blockquote type="cite" class=""><div class="">On Feb 5, 2015, at 3:18 PM, Emrah <<a href="mailto:lists@kavun.ch" class="">lists@kavun.ch</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html charset=us-ascii" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi there,<div class="">This issue is happening all around with devices using TLS. It's not very frequent with softphones, but not inexistant.</div><div class="">Any pointers would be greatly appreciated. Do you have best practice configs you'd like to share?</div><div class=""><br class=""></div><div class="">Thanks<br class=""><div class=""><blockquote type="cite" class=""><div class="">On Jan 30, 2015, at 6:10 PM, Emrah <<a href="mailto:lists@kavun.ch" class="">lists@kavun.ch</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html charset=us-ascii" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi all,<div class="">I am facing a very frustrating issue. I often have to dial twice when using my Yealink phone with TLS because the first attempt times out.</div><div class="">The logs on the Yealink indicate that the first invite is successfully received, to which my FS sends a 100 trying and 407 proxy auth required. It is subsequently when my phone sends back the invite that the connection crashes with the following error:</div><div class=""><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">SSL ERROR SYSCALL</div></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">Is this something common? Why does the SSL connection crashes when the phone attempts to send the second invite? My phone is behind NAT.</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">It is going to be a crazy expedition to collect the logs and Pastebin them, so I am tempting my luck on the list first to see if you have any pointers.</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">As a last piece, my Bria on my iPHone, among other clients, never had this issue. I did experience it from time to time with Blink on Mac OS X.</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">Any help appreciated.</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">Emrah</div></div></div></blockquote></div><br class=""></div></div></div></blockquote></div><br class=""></div></div></blockquote><blockquote type="cite"><div><span>_________________________________________________________________________</span><br><span>Professional FreeSWITCH Consulting Services: </span><br><span><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a></span><br><span><a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a></span><br><span></span><br><span>Official FreeSWITCH Sites</span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br><span><a href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a></span><br><span><a href="http://www.cluecon.com">http://www.cluecon.com</a></span><br><span></span><br><span>FreeSWITCH-users mailing list</span><br><span><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a></span><br><span><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br><span>UNSUBSCRIBE:http://<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br><span><a href="http://www.freeswitch.org">http://www.freeswitch.org</a></span></div></blockquote></body></html>