[Freeswitch-users] [SOLVED] Re: Is it possible to force FreeSWITCH/Sofia to use only one port TLS?

Trever L. Adams trever at middleearth.sapphiresunday.org
Sat Jul 19 10:52:43 MSD 2014


On 07/18/2014 11:44 PM, Trever L. Adams wrote:
> On 07/18/2014 09:55 AM, Michael Jerris wrote:
>> A text sip trace of the whole thing would help in figure out what exactly is going on.
>>
>> On Jul 18, 2014, at 11:28 AM, Trever L. Adams <trever at middleearth.sapphiresunday.org> wrote:
>>
>>> https://wiki.freeswitch.org/wiki/SIP_TLS#Limitations_of_the_Freeswitch_TLS.2FSSLv23_Implementation_.28FS-3877.29
>>> mentions that lib_sofia and FreeSWITCH uses two ports, by default, for
>>> TLS (client -> server for registration and client to server signaling,
>>> and server->client for NOTIFYs, etc.).
>>>
>>> In one setup, I need to get CSIPSIMPLE (an Android SIP client with ZRTP
>>> support) working. It appears to accept the server->client connections,
>>> but will not ring, etc. for incoming calls. This does seem to be a bug
>>> there, and it only exists with TLS (not tcp/udp).
>>>
>>> So, is it possible to force FreeSWITCH/Sofia to use the client->server
>>> connection for server->client NOTIFYs?
>>>
>>> Thank you,
>>> Trever
> Hello Michael and Everyone,
>
> It appears I misread the tcpdump. The problem is csipsimple isn't even
> accepting the connection, at least if I am reading the higher sofia
> debug level (which I thought I had on yesterday) correctly:
>
> nua.c:633 nua_invite() nua: nua_invite: entering
> nua_stack.c:529 nua_signal() nua(0x7fcbf0025a50): sent signal r_invite
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:40
> sofia/internal/sip:2005 at 10.1.1.188:58647 Standard INIT
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:48
> (sofia/internal/sip:2005 at 10.1.1.188:58647) State Change CS_INIT ->
> CS_ROUTING
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_session.c:1387 Send
> signal sofia/internal/sip:2005 at 10.1.1.188:58647 [BREAK]
> nua_stack.c:569 nua_stack_signal() nua(0x7fcbf0025a50): recv signal r_invite
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:510
> (sofia/internal/sip:2005 at 10.1.1.188:58647) State INIT going to sleep
> nua_params.c:480 nua_stack_set_params() nua: nua_stack_set_params: entering
> soa.c:280 soa_clone() soa_clone(static::0x7fcbf8001930, 0x7fcbf8001130,
> 0x7fcbf0025a50) called
> soa.c:403 soa_set_params() soa_set_params(static::0x7fcbf80530e0, ...)
> called
> soa.c:403 soa_set_params() soa_set_params(static::0x7fcbf80530e0, ...)
> called
> soa.c:1052 soa_set_user_sdp() soa_set_user_sdp(static::0x7fcbf80530e0,
> (nil), 0x7fcbf00270bb, -1) called
> soa.c:890 soa_set_capability_sdp()
> soa_set_capability_sdp(static::0x7fcbf80530e0, (nil), 0x7fcbf00270bb,
> -1) called
> nua_dialog.c:338 nua_dialog_usage_add() nua(0x7fcbf0025a50): adding
> session usage
> nta.c:4415 nta_leg_tcreate() nta_leg_tcreate(0x7fcbf8040190)
> soa.c:1302 soa_init_offer_answer()
> soa_init_offer_answer(static::0x7fcbf80530e0) called
> soa.c:1426 soa_generate_offer()
> soa_generate_offer(static::0x7fcbf80530e0, 0) called
> soa_static.c:1137 offer_answer_step()
> soa_static_offer_answer_action(0x7fcbf80530e0, soa_generate_offer): called
> soa_static.c:1168 offer_answer_step() soa_static(0x7fcbf80530e0,
> soa_generate_offer): generating local description
> soa_static.c:1196 offer_answer_step() soa_static(0x7fcbf80530e0,
> soa_generate_offer): upgrade with local description
> soa_static.c:1020 soa_sdp_mode_set() soa_sdp_mode_set(0x7fcc202ce990,
> (nil), ""): called
> soa_static.c:1425 offer_answer_step() soa_static(0x7fcbf80530e0,
> soa_generate_offer): storing local description
> soa.c:1270 soa_get_local_sdp() soa_get_local_sdp(static::0x7fcbf80530e0,
> [(nil)], [0x7fcc202d0ab8], [0x7fcc202d0ab4]) called
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:470
> (sofia/internal/sip:2005 at 10.1.1.188:58647) Running State Change CS_ROUTING
> nta.c:2665 nta_tpn_by_url() nta: selecting scheme sip
> tport.c:3257 tport_tsend() tport_tsend(0x7fcbf8005110) tpn =
> TLS/10.1.1.188:58647
> tport.c:4046 tport_resolve() tport_resolve addrinfo = 10.1.1.188:58647
> tport.c:4680 tport_by_addrinfo() tport_by_addrinfo(0x7fcbf8005110): not
> found by name TLS/10.1.1.188:58647
> tport.c:862 tport_alloc_secondary()
> tport_alloc_secondary(0x7fcbf8005110): new secondary tport 0x7fcbf8010cb0
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:526
> (sofia/internal/sip:2005 at 10.1.1.188:58647) State ROUTING
> tport_type_tcp.c:203 tport_tcp_init_secondary()
> tport_tcp_init_secondary(0x7fcbf8010cb0): Setting TCP_KEEPIDLE to 30
> tport_type_tcp.c:209 tport_tcp_init_secondary()
> tport_tcp_init_secondary(0x7fcbf8010cb0): Setting TCP_KEEPINTVL to 30
> 2014-07-18 23:37:39.368722 [DEBUG] mod_sofia.c:123
> sofia/internal/sip:2005 at 10.1.1.188:58647 SOFIA ROUTING
> 2014-07-18 23:37:39.368722 [DEBUG] switch_ivr_originate.c:67
> (sofia/internal/sip:2005 at 10.1.1.188:58647) State Change CS_ROUTING ->
> CS_CONSUME_MEDIA
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_session.c:1387 Send
> signal sofia/internal/sip:2005 at 10.1.1.188:58647 [BREAK]
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:526
> (sofia/internal/sip:2005 at 10.1.1.188:58647) State ROUTING going to sleep
> tport_type_tls.c:683 tport_tls_connect()
> tport_tls_connect(0x7fcbf8010cb0): connecting to tls/10.1.1.188:58647/sips
> tport.c:2296 tport_set_secondary_timer() tport(0x7fcbf8010cb0): reset timer
> tport.c:3782 tport_queue() tport_queue(0x7fcbf8010cb0): queueing
> 0x7fcbf8014a50 for tls/10.1.1.188:58647
> nta.c:8302 outgoing_send() nta: sent INVITE (62538065) to
> TLS/10.1.1.188:58647
> tport.c:4160 tport_pend() tport_pend(0x7fcbf8010cb0): pending
> 0x7fcbf8014a50 for tls/10.1.1.188:58647 (already 0)
> nua_session.c:4137 signal_call_state_change() nua(0x7fcbf0025a50): call
> state changed: init -> calling, sent offer
> soa.c:1270 soa_get_local_sdp() soa_get_local_sdp(static::0x7fcbf80530e0,
> [0x7fcc202d0aa8], [0x7fcc202d0ab0], [(nil)]) called
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:470
> (sofia/internal/sip:2005 at 10.1.1.188:58647) Running State Change
> CS_CONSUME_MEDIA
> nua_stack.c:269 nua_stack_event() nua(0x7fcbf0025a50): event i_state
> INVITE sent
> nua_stack.c:359 nua_application_event() nua: nua_application_event: entering
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_session.c:1052 Send
> signal sofia/internal/sip:2005 at 10.1.1.188:58647 [BREAK]
> nua.c:366 nua_handle_magic() nua: nua_handle_magic: entering
> 2014-07-18 23:37:39.368722 [DEBUG] sofia.c:6364 Channel
> sofia/internal/sip:2005 at 10.1.1.188:58647 entering state [calling][0]
> nua.c:366 nua_handle_magic() nua: nua_handle_magic: entering
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:545
> (sofia/internal/sip:2005 at 10.1.1.188:58647) State CONSUME_MEDIA
> 2014-07-18 23:37:39.368722 [DEBUG] switch_core_state_machine.c:545
> (sofia/internal/sip:2005 at 10.1.1.188:58647) State CONSUME_MEDIA going to
> sleep
> tport_tls.c:919 tls_connect() tls_connect(0x7fcbf8010cb0): events CONNECTING
> tport_tls.c:919 tls_connect() tls_connect(0x7fcbf8010cb0): events
> NEGOTIATING
> tport_tls.c:1008 tls_connect() tls_connect(0x7fcbf8010cb0): TLS setup
> failed (error:00000001:lib(0):func(0):reason(1))
> tport.c:2090 tport_close() tport_close(0x7fcbf8010cb0):
> tls/10.1.1.188:58647/sips
> tport.c:4222 tport_release() tport_release(0x7fcbf8010cb0):
> 0x7fcbf8014a50 by 0x7fcbf800d940 with (nil)
> nta.c:9099 outgoing_timer_dk() nta: timer D fired, terminate INVITE
> (62538034)
> tport.c:2263 tport_set_secondary_timer() tport(0x7fcbf8036b10): set
> timer at 0 ms because zap
> nta.c:8797 outgoing_reclaim_queued() outgoing_reclaim_all((nil), (nil),
> 0x7fcc202d0c80)
> nta.c:8927 _nta_outgoing_timer() nta_outgoing_timer: 0/0 resent, 0/1
> tout, 1/1 term, 1/2 free
> nta.c:1296 agent_timer() nta: timer set next to 29920 ms
>
> So, it does indeed appear to be the two port issue that is a problem.
> So, is there anyway to force FreeSWITCH/Sofia to use only one port for
> TLS? I imagine this is a huge problem with NAT and many other firewall
> setups as well.
>
> Any help could be greatly appreciated. It appears I am not the only one
> (http://www.marshut.com/iwtiyt/tls-not-work-after-update.html)
>
> Thank you,
> Trever
>
>
I saw someone else ask an unrelated question, but it got me looking in
the correct place.

      <variable name="sip-force-contact"
value="NDLB-tls-connectile-dysfunction"/>


keywords: csipsimple tls FreeSwitch

Thank you to the person who posted. I erased the post. Your question got
me looking in the right place and trying things out.

Trever

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
Url : http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140719/bc8a16a2/attachment-0001.bin 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list