[Freeswitch-users] Random calls failing with WRONG_CALL_STATe when using TLS
Sergey Safarov
s.safarov at gmail.com
Tue Jan 26 06:55:56 MSK 2016
Please look contact string of registered client. If transport tcp, then
disable sips uri and enable sip+tls
On Mon, Jan 25, 2016, 23:39 Emrah <lists at kavun.ch> wrote:
> I have found that some carriers trim the UDP packets to 512. This may be
> related.
>
>
> How? TLS will force signaling in TCP.
> Compact headers don’t help much. In fact many client don’t offer it.
>
> More suggestions welcome.
>
>
>
> On Jan 19, 2016, at 3:43 PM, Luis Daniel Lucio Quiroz <
> luis.daniel.lucio at gmail.com> wrote:
>
> I have found that some carriers trim the UDP packets to 512. This may be
> related.
>
> There is an option in the Sophia profile to use short header names. That
> will help for sure
> Le 19 janv. 2016 2:26 AM, "Emrah" <lists at kavun.ch> a écrit :
>
>> Hi there,
>> So what do we do of this?
>> I don’t have any TLS issues except with FreeSWITCH. And to everyone here,
>> it’s an issue with the equipment or the soft phone.
>> I tried FS V1.2, 1.4, 1.6 and 1.7.
>> Now remember this is something that can be reproduced with Yealink,
>> Polycom, an I recently found out that Counterpath Bria was in the same
>> basket.
>> https://support.counterpath.com/topic/intermittent-tls-403-forbidden-error
>>
>> We know what the problem is. When the TLS packet is too large, possibly
>> because of a long list of codecs, the TLS thread crashes on the client.
>>
>> The question is, how can this happen only when using FS? The same clients
>> do OK with other TLS enabled PBXs.
>>
>> Emrah
>>
>> On Jan 14, 2016, at 1:09 PM, Emrah <lists at kavun.ch> wrote:
>>
>> I was certain that I’d fixe all my issues with an FS update to 1.6.
>> After much frustration and over a year of trial and error, I found out
>> that the TLS session breaks if the content of the packet is too large.
>> This was also confirmed with the FS documentation that lists this issue
>> as a generic Polycom issue: Generic Polycom issues
>> <https://freeswitch.org/confluence/display/FREESWITCH/Polycom#Polycom-GenericPolycomissues>
>>
>> I can confirm that this also happens with Yealink phones and a couple of
>> other Softphones including Blink Pro on Mac OS X.
>>
>> So far, I’ve only experienced this with FS. I’ve not been able to
>> replicate this with other SIP servers that can also transport and handle
>> media.
>>
>> Anyone else can relate to this?
>>
>> Anyway, what’s worked for me is to make my packets as small as possible
>> by reducing the number of offered codecs to the bare minimum.
>>
>> Best,
>> E
>>
>> On Mar 3, 2015, at 2:38 PM, Brian West <brian at freeswitch.org> wrote:
>>
>> sofia global siptrace on
>> sofia loglevel all 9
>>
>> Then outline the scenario and config on the JIRA.
>>
>> On Tue, Mar 3, 2015 at 7:54 AM, Emrah <lists at kavun.ch> wrote:
>>
>>> Hey Brian, just saw this message.
>>> There is no other UA in between FS and the endpoint. There is a regular
>>> NAT, that's all.
>>> What seems to happen is:
>>> endpoint -> FS: invite = ok
>>> FS -> endpoint: 407 = OK
>>> Endpoint -> FS: invite = Fails with SSL error.
>>>
>>> What are the components I should capture to open up a Jira? FS Logs, FS
>>> Siptrace, anything else?
>>>
>>> Thanks!
>>>
>>> On Feb 16, 2015, at 2:44 PM, Brian West <brian at freeswitch.org> wrote:
>>>
>>> Via: SIP/2.0/TLS 1.2.3.4:443;branch=z9hG4bK6Kv171Q3U5rrD
>>>
>>> Your issue is the contact has no port 443 or transport=tls right? What
>>> sits between FS and the endpoint?
>>>
>>> On Sun, Feb 15, 2015 at 5:38 AM, Emrah <lists at kavun.ch> wrote:
>>>
>>>> Thanks Ken. Is there a way to filter the SIP trace? It's a busy box.
>>>>
>>>> On Feb 14, 2015, at 3:35 AM, Ken Rice <krice at freeswitch.org> wrote:
>>>>
>>>> Open a jire with a full debug login including sip tracing on
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On Feb 13, 2015, at 7:57 PM, Emrah <lists at kavun.ch> wrote:
>>>>
>>>> Hi,
>>>> The issue is persistent. I am curious to know if anyone else on the
>>>> list is experiencing this. It doesn't seem to have been reported before.
>>>> Should I dedicate a profile to TLS use only?
>>>> I also posted a message on the list about receiving options packet with
>>>> the wrong transport. Are these 2 issues connected? Here is a copy paste of
>>>> my message:
>>>>
>>>> My experience with FS and TLS has been rather mixed so far. It's been a
>>>> little inconsistent in keeping NAT sessions up and users discoverable.
>>>> One thing I've noticed is that FS advertises the wrong information in
>>>> option packets. The following is what I receive over my TLS session which
>>>> is working on port 443.
>>>> 1.2.3.4:443 -(SIP over TLS)-> 10.0.0.99:51132
>>>> OPTIONS
>>>> sip:53178246 at 10.0.0.99:56494;transport=tls;received=5.6.7.8:51132
>>>> SIP/2.0
>>>> Via: SIP/2.0/TLS 1.2.3.4:443;branch=z9hG4bK6Kv171Q3U5rrD
>>>> Route: <sip:53178246 at 5.6.7.8:51132>;transport=tls
>>>> Max-Forwards: 70
>>>> From: <sip:mod_sofia at 1.2.3.4:5060>;tag=Q6XDFHeUUrcHD
>>>> To: <sip:user at domain.com>
>>>> Call-ID:
>>>> 0a052f23-34a8-4158-8c88-fd2a70ffb561_c2RhaSoOYBR6jfJe4ndLoTTKJMrO2gMv
>>>> CSeq: 71498568 OPTIONS
>>>> Contact: <sip:mod_sofia at 1.2.3.4:5060>
>>>> User-Agent: FreeSWITCH
>>>> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE,
>>>> REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE
>>>> Supported: timer, path, replaces
>>>> Allow-Events: talk, hold, conference, presence, as-feature-event,
>>>> dialog, line-seize, call-info, sla, include-session-description,
>>>> presence.winfo, message-summary, refer
>>>> Content-Length: 0
>>>>
>>>> As you can see FS stamps the packet with a port 5060... No reference to
>>>> port 443 with a transport=tls.
>>>>
>>>> What shall be done?
>>>>
>>>> On Feb 5, 2015, at 3:18 PM, Emrah <lists at kavun.ch> wrote:
>>>>
>>>> Hi there,
>>>> This issue is happening all around with devices using TLS. It's not
>>>> very frequent with softphones, but not inexistant.
>>>> Any pointers would be greatly appreciated. Do you have best practice
>>>> configs you'd like to share?
>>>>
>>>> Thanks
>>>>
>>>> On Jan 30, 2015, at 6:10 PM, Emrah <lists at kavun.ch> wrote:
>>>>
>>>> Hi all,
>>>> I am facing a very frustrating issue. I often have to dial twice when
>>>> using my Yealink phone with TLS because the first attempt times out.
>>>> The logs on the Yealink indicate that the first invite is successfully
>>>> received, to which my FS sends a 100 trying and 407 proxy auth required. It
>>>> is subsequently when my phone sends back the invite that the connection
>>>> crashes with the following error:
>>>> SSL ERROR SYSCALL
>>>>
>>>> Is this something common? Why does the SSL connection crashes when the
>>>> phone attempts to send the second invite? My phone is behind NAT.
>>>>
>>>> It is going to be a crazy expedition to collect the logs and Pastebin
>>>> them, so I am tempting my luck on the list first to see if you have any
>>>> pointers.
>>>>
>>>> As a last piece, my Bria on my iPHone, among other clients, never had
>>>> this issue. I did experience it from time to time with Blink on Mac OS X.
>>>>
>>>> Any help appreciated.
>>>>
>>>> Emrah
>>>>
>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://
>>>> lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> *Brian West*
>>> brian at freeswitch.org
>>>
>>>
>>> *Twitter: @FreeSWITCH , @briankwest*
>>> http://www.freeswitchbook.com
>>> http://www.freeswitchcookbook.com
>>>
>>> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
>>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>>
>> *Brian West*
>> brian at freeswitch.org
>>
>>
>> *Twitter: @FreeSWITCH , @briankwest*
>> http://www.freeswitchbook.com
>> http://www.freeswitchcookbook.com
>>
>> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160126/0a3ba98c/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list