<p dir="ltr">I have found that some carriers trim the UDP packets to 512. This may be related.</p>
<p dir="ltr">There is an option in the Sophia profile to use short header names. That will help for sure</p>
<div class="gmail_quote">Le 19 janv. 2016 2:26 AM, "Emrah" <<a href="mailto:lists@kavun.ch">lists@kavun.ch</a>> a écrit :<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Hi there,<div>So what do we do of this?</div><div>I don’t have any TLS issues except with FreeSWITCH. And to everyone here, it’s an issue with the equipment or the soft phone.</div><div>I tried FS V1.2, 1.4, 1.6 and 1.7.</div><div>Now remember this is something that can be reproduced with Yealink, Polycom, an I recently found out that Counterpath Bria was in the same basket.</div><div><a href="https://support.counterpath.com/topic/intermittent-tls-403-forbidden-error" target="_blank">https://support.counterpath.com/topic/intermittent-tls-403-forbidden-error</a></div><div><br></div><div>We know what the problem is. When the TLS packet is too large, possibly because of a long list of codecs, the TLS thread crashes on the client.</div><div><br></div><div>The question is, how can this happen only when using FS? The same clients do OK with other TLS enabled PBXs.</div><div><br></div><div>Emrah<br><div><blockquote type="cite"><div>On Jan 14, 2016, at 1:09 PM, Emrah <<a href="mailto:lists@kavun.ch" target="_blank">lists@kavun.ch</a>> wrote:</div><br><div><div style="word-wrap:break-word"><div>I was certain that I’d fixe all my issues with an FS update to 1.6. </div>After much frustration and over a year of trial and error, I found out that the TLS session breaks if the content of the packet is too large.<div>This was also confirmed with the FS documentation that lists this issue as a generic Polycom issue: <a href="https://freeswitch.org/confluence/display/FREESWITCH/Polycom#Polycom-GenericPolycomissues" target="_blank">Generic Polycom issues</a></div><div><br></div><div>I can confirm that this also happens with Yealink phones and a couple of other Softphones including Blink Pro on Mac OS X.</div><div><br></div><div>So far, I’ve only experienced this with FS. I’ve not been able to replicate this with other SIP servers that can also transport and handle media.</div><div><br></div><div>Anyone else can relate to this?</div><div><br></div><div>Anyway, what’s worked for me is to make my packets as small as possible by reducing the number of offered codecs to the bare minimum. </div><div><br></div><div>Best,</div><div>E<br><div><blockquote type="cite"><div>On Mar 3, 2015, at 2:38 PM, Brian West <<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>> wrote:</div><br><div><div dir="ltr">sofia global siptrace on <div>sofia loglevel all 9</div><div><br></div><div>Then outline the scenario and config on the JIRA.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Mar 3, 2015 at 7:54 AM, Emrah <span dir="ltr"><<a href="mailto:lists@kavun.ch" target="_blank">lists@kavun.ch</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Hey Brian, just saw this message.<div>There is no other UA in between FS and the endpoint. There is a regular NAT, that's all.</div><div>What seems to happen is:</div><div>endpoint -> FS: invite = ok</div><div>FS -> endpoint: 407 = OK</div><div>Endpoint -> FS: invite = Fails with SSL error.</div><div><br></div><div>What are the components I should capture to open up a Jira? FS Logs, FS Siptrace, anything else?</div><div><br></div><div>Thanks!</div><div><div><div><div><div><blockquote type="cite"><div>On Feb 16, 2015, at 2:44 PM, Brian West <<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>> wrote:</div><br><div><div dir="ltr"><span style="font-family:Menlo;font-size:11px">Via: SIP/2.0/TLS 1.2.3.4:443;branch=</span><span style="font-family:Menlo;font-size:11px">z9hG4bK6Kv171Q3U5rrD</span><br><div><span style="font-family:Menlo;font-size:11px"><br></span></div><div><font face="Menlo"><span style="font-size:11px">Your issue is the contact has no port 443 or transport=tls right? What sits between FS and the endpoint?</span></font></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Feb 15, 2015 at 5:38 AM, Emrah <span dir="ltr"><<a href="mailto:lists@kavun.ch" target="_blank">lists@kavun.ch</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Thanks Ken. Is there a way to filter the SIP trace? It's a busy box.<div><div><br><div><blockquote type="cite"><div>On Feb 14, 2015, at 3:35 AM, Ken Rice <<a href="mailto:krice@freeswitch.org" target="_blank">krice@freeswitch.org</a>> wrote:</div><br><div><div dir="auto"><div>Open a jire with a full debug login including sip tracing on<br><br>Sent from my iPhone</div><div><br>On Feb 13, 2015, at 7:57 PM, Emrah <<a href="mailto:lists@kavun.ch" target="_blank">lists@kavun.ch</a>> wrote:<br><br></div><blockquote type="cite"><div>Hi,<div>The issue is persistent. I am curious to know if anyone else on the list is experiencing this. It doesn't seem to have been reported before.</div><div>Should I dedicate a profile to TLS use only?</div><div>I also posted a message on the list about receiving options packet with the wrong transport. Are these 2 issues connected? Here is a copy paste of my message:</div><div><div><br></div><div>My experience with FS and TLS has been rather mixed so far. It's been a little inconsistent in keeping NAT sessions up and users discoverable.</div><div>One thing I've noticed is that FS advertises the wrong information in option packets. The following is what I receive over my TLS session which is working on port 443.</div><div><div style="margin:0px;font-size:11px;font-family:Menlo"><a href="http://1.2.3.4:443/" target="_blank">1.2.3.4:443</a> -(SIP over TLS)-> <a href="http://10.0.0.99:51132/" target="_blank">10.0.0.99:51132</a></div><div style="margin:0px;font-size:11px;font-family:Menlo">OPTIONS <a>sip:53178246@10.0.0.99:56494;transport=tls;received=5.6.7.8:51132</a> SIP/2.0</div><div style="margin:0px;font-size:11px;font-family:Menlo">Via: SIP/2.0/TLS 1.2.3.4:443;branch=z9hG4bK6Kv171Q3U5rrD</div><div style="margin:0px;font-size:11px;font-family:Menlo">Route: <<a>sip:53178246@5.6.7.8:51132</a>>;transport=tls</div><div style="margin:0px;font-size:11px;font-family:Menlo">Max-Forwards: 70</div><div style="margin:0px;font-size:11px;font-family:Menlo">From: <<a>sip:mod_sofia@1.2.3.4:5060</a>>;tag=Q6XDFHeUUrcHD</div><div style="margin:0px;font-size:11px;font-family:Menlo">To: <<a>sip:user@domain.com</a>></div><div style="margin:0px;font-size:11px;font-family:Menlo">Call-ID: 0a052f23-34a8-4158-8c88-fd2a70ffb561_c2RhaSoOYBR6jfJe4ndLoTTKJMrO2gMv</div><div style="margin:0px;font-size:11px;font-family:Menlo">CSeq: 71498568 OPTIONS</div><div style="margin:0px;font-size:11px;font-family:Menlo">Contact: <<a>sip:mod_sofia@1.2.3.4:5060</a>></div><div style="margin:0px;font-size:11px;font-family:Menlo">User-Agent: FreeSWITCH</div><div style="margin:0px;font-size:11px;font-family:Menlo">Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE</div><div style="margin:0px;font-size:11px;font-family:Menlo">Supported: timer, path, replaces</div><div style="margin:0px;font-size:11px;font-family:Menlo">Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer</div><div style="margin:0px;font-size:11px;font-family:Menlo">Content-Length: 0</div></div><div><br></div><div>As you can see FS stamps the packet with a port 5060... No reference to port 443 with a transport=tls.</div><div><br></div><div>What shall be done?</div><div><br></div><div><blockquote type="cite"><div>On Feb 5, 2015, at 3:18 PM, Emrah <<a href="mailto:lists@kavun.ch" target="_blank">lists@kavun.ch</a>> wrote:</div><br><div><div style="word-wrap:break-word">Hi there,<div>This issue is happening all around with devices using TLS. It's not very frequent with softphones, but not inexistant.</div><div>Any pointers would be greatly appreciated. Do you have best practice configs you'd like to share?</div><div><br></div><div>Thanks<br><div><blockquote type="cite"><div>On Jan 30, 2015, at 6:10 PM, Emrah <<a href="mailto:lists@kavun.ch" target="_blank">lists@kavun.ch</a>> wrote:</div><br><div><div style="word-wrap:break-word">Hi all,<div>I am facing a very frustrating issue. I often have to dial twice when using my Yealink phone with TLS because the first attempt times out.</div><div>The logs on the Yealink indicate that the first invite is successfully received, to which my FS sends a 100 trying and 407 proxy auth required. It is subsequently when my phone sends back the invite that the connection crashes with the following error:</div><div><div style="margin:0px;font-size:11px;font-family:Menlo">SSL ERROR SYSCALL</div></div><div style="margin:0px;font-size:11px;font-family:Menlo"><br></div><div style="margin:0px;font-size:11px;font-family:Menlo">Is this something common? Why does the SSL connection crashes when the phone attempts to send the second invite? My phone is behind NAT.</div><div style="margin:0px;font-size:11px;font-family:Menlo"><br></div><div style="margin:0px;font-size:11px;font-family:Menlo">It is going to be a crazy expedition to collect the logs and Pastebin them, so I am tempting my luck on the list first to see if you have any pointers.</div><div style="margin:0px;font-size:11px;font-family:Menlo"><br></div><div style="margin:0px;font-size:11px;font-family:Menlo">As a last piece, my Bria on my iPHone, among other clients, never had this issue. I did experience it from time to time with Blink on Mac OS X.</div><div style="margin:0px;font-size:11px;font-family:Menlo"><br></div><div style="margin:0px;font-size:11px;font-family:Menlo">Any help appreciated.</div><div style="margin:0px;font-size:11px;font-family:Menlo"><br></div><div style="margin:0px;font-size:11px;font-family:Menlo">Emrah</div></div></div></blockquote></div><br></div></div></div></blockquote></div><br></div></div></blockquote><blockquote type="cite"><div><span>_________________________________________________________________________</span><br><span>Professional FreeSWITCH Consulting Services: </span><br><span><a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a></span><br><span><a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a></span><br><span></span><br><span>Official FreeSWITCH Sites</span><br><span><a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a></span><br><span><a href="http://confluence.freeswitch.org/" target="_blank">http://confluence.freeswitch.org</a></span><br><span><a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a></span><br><span></span><br><span>FreeSWITCH-users mailing list</span><br><span><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a></span><br><span><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br><span>UNSUBSCRIBE:http://<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br><span><a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a></span></div></blockquote></div>_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services: <br><a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br><a href="http://confluence.freeswitch.org/" target="_blank">http://confluence.freeswitch.org</a><br><a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a></div></blockquote></div><br></div></div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org/" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr"><p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p><p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com/" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com/" target="_blank">http://www.freeswitchcookbook.com</a></font></p><p><font face="courier new, monospace"><b>T:</b><a href="tel:%2B19184209001" value="+19184209001" target="_blank">+19184209001</a> | <b>F:</b><a href="tel:%2B19184209002" value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div>
</div>
_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services: <br><a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br><a href="http://confluence.freeswitch.org/" target="_blank">http://confluence.freeswitch.org</a><br><a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a></div></blockquote></div><br></div></div></div></div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org/" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr"><p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p><p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com/" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com/" target="_blank">http://www.freeswitchcookbook.com</a></font></p><p><font face="courier new, monospace"><b>T:</b><a href="tel:%2B19184209001" value="+19184209001" target="_blank">+19184209001</a> | <b>F:</b><a href="tel:%2B19184209002" value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div>
</div>
_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services: <br><a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br><a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br><a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></div></blockquote></div><br></div></div></div></blockquote></div><br></div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div>