<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Thanks Ken. Is there a way to filter the SIP trace? It's a busy box.<br class=""><div><blockquote type="cite" class=""><div class="">On Feb 14, 2015, at 3:35 AM, Ken Rice &lt;<a href="mailto:krice@freeswitch.org" class="">krice@freeswitch.org</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="content-type" content="text/html; charset=utf-8" class=""><div dir="auto" class=""><div class="">Open a jire with a full debug login including sip tracing on<br class=""><br class="">Sent from my iPhone</div><div class=""><br class="">On Feb 13, 2015, at 7:57 PM, Emrah &lt;<a href="mailto:lists@kavun.ch" class="">lists@kavun.ch</a>&gt; wrote:<br class=""><br class=""></div><blockquote type="cite" class=""><div class=""><meta http-equiv="Content-Type" content="text/html charset=us-ascii" class="">Hi,<div class="">The issue is persistent. I am curious to know if anyone else on the list is experiencing this. It doesn't seem to have been reported before.</div><div class="">Should I dedicate a profile to TLS use only?</div><div class="">I also posted a message on the list about receiving options packet with the wrong transport. Are these 2 issues connected? Here is a copy paste of my message:</div><div class=""><div class=""><br class=""></div><div class="">My experience with FS and TLS has been rather mixed so far. It's been a little inconsistent in keeping NAT sessions up and users discoverable.</div><div class="">One thing I've noticed is that FS advertises the wrong information in option packets. The following is what I receive over my TLS session which is working on port 443.</div><div class=""><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">1.2.3.4:443 -(SIP over TLS)-&gt; 10.0.0.99:51132</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">OPTIONS&nbsp;<a href="sip:53178246@10.0.0.99:56494;transport=tls;received=5.6.7.8:51132" class="">sip:53178246@10.0.0.99:56494;transport=tls;received=5.6.7.8:51132</a>&nbsp;SIP/2.0</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Via: SIP/2.0/TLS 1.2.3.4:443;branch=z9hG4bK6Kv171Q3U5rrD</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Route: &lt;<a href="sip:53178246@5.6.7.8:51132" class="">sip:53178246@5.6.7.8:51132</a>&gt;;transport=tls</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Max-Forwards: 70</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">From: &lt;<a href="sip:mod_sofia@1.2.3.4:5060" class="">sip:mod_sofia@1.2.3.4:5060</a>&gt;;tag=Q6XDFHeUUrcHD</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">To: &lt;<a href="sip:user@domain.com" class="">sip:user@domain.com</a>&gt;</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Call-ID: 0a052f23-34a8-4158-8c88-fd2a70ffb561_c2RhaSoOYBR6jfJe4ndLoTTKJMrO2gMv</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">CSeq: 71498568 OPTIONS</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Contact: &lt;<a href="sip:mod_sofia@1.2.3.4:5060" class="">sip:mod_sofia@1.2.3.4:5060</a>&gt;</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">User-Agent: FreeSWITCH</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Supported: timer, path, replaces</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer</div><div class="" style="margin: 0px; font-size: 11px; font-family: Menlo;">Content-Length: 0</div></div><div class=""><br class=""></div><div class="">As you can see FS stamps the packet with a port 5060... No reference to port 443 with a transport=tls.</div><div class=""><br class=""></div><div class="">What shall be done?</div><div class=""><br class=""></div><div class=""><blockquote type="cite" class=""><div class="">On Feb 5, 2015, at 3:18 PM, Emrah &lt;<a href="mailto:lists@kavun.ch" class="">lists@kavun.ch</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html charset=us-ascii" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi there,<div class="">This issue is happening all around with devices using TLS. It's not very frequent with softphones, but not inexistant.</div><div class="">Any pointers would be greatly appreciated. Do you have &nbsp;best practice configs you'd like to share?</div><div class=""><br class=""></div><div class="">Thanks<br class=""><div class=""><blockquote type="cite" class=""><div class="">On Jan 30, 2015, at 6:10 PM, Emrah &lt;<a href="mailto:lists@kavun.ch" class="">lists@kavun.ch</a>&gt; wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html charset=us-ascii" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Hi all,<div class="">I am facing a very frustrating issue. I often have to dial twice when using my Yealink phone with TLS because the first attempt times out.</div><div class="">The logs on the Yealink indicate that the first invite is successfully received, to which my FS sends a 100 trying and 407 proxy auth required. It is subsequently when my phone sends back the invite that the connection crashes with the following error:</div><div class=""><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">SSL ERROR SYSCALL</div></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">Is this something common? Why does the SSL connection crashes when the phone attempts to send the second invite? My phone is behind NAT.</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">It is going to be a crazy expedition to collect the logs and Pastebin them, so I am tempting my luck on the list first to see if you have any pointers.</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">As a last piece, my Bria on my iPHone, among other clients, never had this issue. I did experience it from time to time with Blink on Mac OS X.</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">Any help appreciated.</div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; font-family: Menlo;" class="">Emrah</div></div></div></blockquote></div><br class=""></div></div></div></blockquote></div><br class=""></div></div></blockquote><blockquote type="cite" class=""><div class=""><span class="">_________________________________________________________________________</span><br class=""><span class="">Professional FreeSWITCH Consulting Services: </span><br class=""><span class=""><a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a></span><br class=""><span class=""><a href="http://www.freeswitchsolutions.com/" class="">http://www.freeswitchsolutions.com</a></span><br class=""><span class=""></span><br class=""><span class="">Official FreeSWITCH Sites</span><br class=""><span class=""><a href="http://www.freeswitch.org/" class="">http://www.freeswitch.org</a></span><br class=""><span class=""><a href="http://confluence.freeswitch.org/" class="">http://confluence.freeswitch.org</a></span><br class=""><span class=""><a href="http://www.cluecon.com/" class="">http://www.cluecon.com</a></span><br class=""><span class=""></span><br class=""><span class="">FreeSWITCH-users mailing list</span><br class=""><span class=""><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="">FreeSWITCH-users@lists.freeswitch.org</a></span><br class=""><span class=""><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br class=""><span class="">UNSUBSCRIBE:http://<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" class="">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br class=""><span class=""><a href="http://www.freeswitch.org/" class="">http://www.freeswitch.org</a></span></div></blockquote></div>_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">http://www.freeswitchsolutions.com<br class=""><br class="">Official FreeSWITCH Sites<br class="">http://www.freeswitch.org<br class="">http://confluence.freeswitch.org<br class="">http://www.cluecon.com<br class=""><br class="">FreeSWITCH-users mailing list<br class="">FreeSWITCH-users@lists.freeswitch.org<br class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br class="">UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br class="">http://www.freeswitch.org</div></blockquote></div><br class=""></body></html>