[Freeswitch-users] all-reg-options-ping and tls issue

Seeliger, Adam Adam.Seeliger at qsc.de
Mon Feb 29 11:29:11 MSK 2016


Hi,

I also tested it on latest master:
FreeSWITCH Version 1.7.0+git~20160227T004333Z~d89a0ad52d~64bit (git d89a0ad 2016-02-27 00:43:33Z 64bit)

FreeSWITCH still does not send OPTIONs to TLS registered Users and kills their Registration ☹

Von: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 16:53
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue


Registration is correct.
Think it bug and requred to fill a jira tiket.
I use master 4 mouth old and it work correctly.

On Fri, Feb 26, 2016, 18:00 Seeliger, Adam <Adam.Seeliger at qsc.de<mailto:Adam.Seeliger at qsc.de>> wrote:
Hi, here is the requested output.

I changed the real user, domain and ip address values into descriptions.
I guess the values are not necessary?

Both, FreeSWITCH and the phone are in the same network (no NAT involved here)

Registrations:
=================================================================================================
Call-ID:         3134353634383833373032323631-ncwgvit2obfp
User:            user at domain
Contact:       "User Name" <sip:user at ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206>
Agent:          snom715/8.7.5.35<http://8.7.5.35>
Status:         Registered(AUTO-NAT-2.0)(unknown) EXP(2016-02-26 16:21:32) EXPSECS(1912)
Ping-Status:   Reachable
Host:            hostname
IP:               ip
Port:            60206
Auth-User:    user
Auth-Realm: domain
MWI-Account:          user at domain

Total items returned: 1
=================================================================================================
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5769 Sip user 'user at domain' is now Unreachable
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5780 Expire sip user 'user at domain' due to options failure

As you can see, the user immediately got unregistered again ☹

Best regards,
Adam

Von: freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org> [mailto:freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org>] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 15:45

An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue

Please send output of command "sofia status profile internal reg <exten_number>"

On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger at qsc.de<mailto:Adam.Seeliger at qsc.de>> wrote:
Hi,

the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)

Regards

Von: freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org> [mailto:freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org>] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59

An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue

If your phone has enabled SIPS uri please disable and use sip+tls.


On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger at qsc.de<mailto:Adam.Seeliger at qsc.de>> wrote:
Hi and thanks for the feedback,

sry that I did not respond for a long time.

I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

I also tested all mentioned params below, nothing works.

When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:

User                                        Server
13:09:33.311446:             REGISTER [TLS] ->
13:09:33.312552:             <- 401 UNAUTHORIZED [TLS]
13:09:33.331948:             REGISTER (AUTH) [TLS]  ->
13:09:33.336959:             <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user at host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user at host' due to options failure

When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.

Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?

Thanks in advance,
Adam

Von: freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org> [mailto:freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org>] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue

Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.
I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.
I found out that in my case, what works best even with TLS, is to use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.
Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.

You could also look into:
    <!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
<!— <param name="bind-params" value="transport=tcp,udp,tls"/>  -->
<!-- additional bind parameters for TLS -->
    <param name=“tls-bind-params" value="transport=tls"/>

I’ll leave it up to you to investigate those options more in details on the FS documentation.

Please keep us posted!

E
On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger at qsc.de<mailto:Adam.Seeliger at qsc.de>> wrote:

Hi all,

I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.

I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?

Thanks in advance

- Adam

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160229/5430e10e/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list