Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[Freeswitch-users] all-reg-options-ping and tls issue


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users
View previous topic :: View next topic  
Author Message
Adam.Seeliger at qsc.de
Guest





PostPosted: Fri Feb 26, 2016 7:38 am    Post subject: [Freeswitch-users] all-reg-options-ping and tls issue Reply with quote

Hi and thanks for the feedback,

sry that I did not respond for a long time.

I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

I also tested all mentioned params below, nothing works.

When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:

User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure

When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.

Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?

Thanks in advance,
Adam

Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue



Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.

I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.

I found out that in my case, what works best even with TLS, is to use:

<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.

Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.



You could also look into:

<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->


<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->

<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->

<!-- additional bind parameters for TLS -->

<param name=“tls-bind-params" value="transport=tls"/>



I’ll leave it up to you to investigate those options more in details on the FS documentation.



Please keep us posted!



E


Quote:

On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:


Hi all,

I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.

I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?

Thanks in advance

- Adam


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
s.safarov at gmail.com
Guest





PostPosted: Fri Feb 26, 2016 8:00 am    Post subject: [Freeswitch-users] all-reg-options-ping and tls issue Reply with quote

If your phone has enabled SIPS uri please disable and use sip+tls.



On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Quote:

Hi and thanks for the feedback,
 
sry that I did not respond for a long time.
 
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
 
I also tested all mentioned params below, nothing works.
 
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
 
User                                        Server
13:09:33.311446:             REGISTER [TLS] ->
13:09:33.312552:             <- 401 UNAUTHORIZED [TLS]
13:09:33.331948:             REGISTER (AUTH) [TLS]  ->
13:09:33.336959:             <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
 
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
 
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
 
Thanks in advance,
Adam
 
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue


 
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.

I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.

I found out that in my case, what works best even with TLS, is to use:

<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.

Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.

 

You could also look into:

    <!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->


<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->   

<!— <param name="bind-params" value="transport=tcp,udp,tls"/>  -->

<!-- additional bind parameters for TLS -->

    <param name=“tls-bind-params" value="transport=tls"/>

 

I’ll leave it up to you to investigate those options more in details on the FS documentation.

 

Please keep us posted!

 

E


Quote:

On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:

 
Hi all,
 
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
 
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
 
Thanks in advance
 
- Adam
 

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


 





_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Adam.Seeliger at qsc.de
Guest





PostPosted: Fri Feb 26, 2016 8:23 am    Post subject: [Freeswitch-users] all-reg-options-ping and tls issue Reply with quote

Hi,

the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)

Regards

Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue


If your phone has enabled SIPS uri please disable and use sip+tls.




On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,

sry that I did not respond for a long time.

I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

I also tested all mentioned params below, nothing works.

When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:

User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure

When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.

Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?

Thanks in advance,
Adam

Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue



Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.

I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.

I found out that in my case, what works best even with TLS, is to use:

<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.

Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.



You could also look into:

<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->


<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->

<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->

<!-- additional bind parameters for TLS -->

<param name=“tls-bind-params" value="transport=tls"/>



I’ll leave it up to you to investigate those options more in details on the FS documentation.



Please keep us posted!



E


Quote:

On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:


Hi all,

I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.

I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?

Thanks in advance

- Adam


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org









_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
s.safarov at gmail.com
Guest





PostPosted: Fri Feb 26, 2016 9:46 am    Post subject: [Freeswitch-users] all-reg-options-ping and tls issue Reply with quote

Please send output of command "sofia status profile internal reg <exten_number>"

On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Quote:

Hi,
 
the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)
 
Regards
 
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue




 
If your phone has enabled SIPS uri please disable and use sip+tls.
 


 
On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,
 
sry that I did not respond for a long time.
 
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
 
I also tested all mentioned params below, nothing works.
 
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
 
User                                        Server
13:09:33.311446:             REGISTER [TLS] ->
13:09:33.312552:             <- 401 UNAUTHORIZED [TLS]
13:09:33.331948:             REGISTER (AUTH) [TLS]  ->
13:09:33.336959:             <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
 
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
 
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
 
Thanks in advance,
Adam
 
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue


 
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.

I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.

I found out that in my case, what works best even with TLS, is to use:

<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.

Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.

 

You could also look into:

    <!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->


<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->   

<!— <param name="bind-params" value="transport=tcp,udp,tls"/>  -->

<!-- additional bind parameters for TLS -->

    <param name=“tls-bind-params" value="transport=tls"/>

 

I’ll leave it up to you to investigate those options more in details on the FS documentation.

 

Please keep us posted!

 

E


Quote:

On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:

 
Hi all,
 
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
 
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
 
Thanks in advance
 
- Adam
 

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


 






_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

 





_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Adam.Seeliger at qsc.de
Guest





PostPosted: Fri Feb 26, 2016 10:00 am    Post subject: [Freeswitch-users] all-reg-options-ping and tls issue Reply with quote

Hi, here is the requested output.

I changed the real user, domain and ip address values into descriptions.
I guess the values are not necessary?

Both, FreeSWITCH and the phone are in the same network (no NAT involved here)

Registrations:
=================================================================================================
Call-ID: 3134353634383833373032323631-ncwgvit2obfp
User: user@domain
Contact: "User Name" <sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206>
Agent: snom715/8.7.5.35
Status: Registered(AUTO-NAT-2.0)(unknown) EXP(2016-02-26 16:21:32) EXPSECS(1912)
Ping-Status: Reachable
Host: hostname
IP: ip
Port: 60206
Auth-User: user
Auth-Realm: domain
MWI-Account: user@domain

Total items returned: 1
=================================================================================================
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5769 Sip user 'user@domain' is now Unreachable
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5780 Expire sip user 'user@domain' due to options failure

As you can see, the user immediately got unregistered again L

Best regards,
Adam

Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 15:45
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue


Please send output of command "sofia status profile internal reg <exten_number>"


On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi,

the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)

Regards

Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59

An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue




If your phone has enabled SIPS uri please disable and use sip+tls.




On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,

sry that I did not respond for a long time.

I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

I also tested all mentioned params below, nothing works.

When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:

User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure

When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.

Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?

Thanks in advance,
Adam

Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue



Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.

I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.

I found out that in my case, what works best even with TLS, is to use:

<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.

Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.



You could also look into:

<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->


<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->

<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->

<!-- additional bind parameters for TLS -->

<param name=“tls-bind-params" value="transport=tls"/>



I’ll leave it up to you to investigate those options more in details on the FS documentation.



Please keep us posted!



E


Quote:

On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:


Hi all,

I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.

I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?

Thanks in advance

- Adam


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org









_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org








_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
s.safarov at gmail.com
Guest





PostPosted: Fri Feb 26, 2016 10:54 am    Post subject: [Freeswitch-users] all-reg-options-ping and tls issue Reply with quote

Registration is correct.
Think it bug and requred to fill a jira tiket.
I use master 4 mouth old and it work correctly.
On Fri, Feb 26, 2016, 18:00 Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:

Quote:

Hi, here is the requested output.
 
I changed the real user, domain and ip address values into descriptions.
I guess the values are not necessary?
 
Both, FreeSWITCH and the phone are in the same network (no NAT involved here)
 
Registrations:
=================================================================================================
Call-ID:         3134353634383833373032323631-ncwgvit2obfp
User:            user@domain
Contact:       "User Name" <sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206>
Agent:          snom715/8.7.5.35
Status:         Registered(AUTO-NAT-2.0)(unknown) EXP(2016-02-26 16:21:32) EXPSECS(1912)
Ping-Status:   Reachable
Host:            hostname
IP:               ip
Port:            60206
Auth-User:    user
Auth-Realm: domain
MWI-Account:          user@domain
 
Total items returned: 1
=================================================================================================
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5769 Sip user 'user@domain' is now Unreachable
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5780 Expire sip user 'user@domain' due to options failure
 
As you can see, the user immediately got unregistered again L
 
Best regards,
Adam
 
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 15:45




An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue



 
Please send output of command "sofia status profile internal reg <exten_number>"

 
On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi,
 
the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)
 
Regards
 
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59

An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue



 
If your phone has enabled SIPS uri please disable and use sip+tls.
 


 
On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,
 
sry that I did not respond for a long time.
 
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
 
I also tested all mentioned params below, nothing works.
 
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
 
User                                        Server
13:09:33.311446:             REGISTER [TLS] ->
13:09:33.312552:             <- 401 UNAUTHORIZED [TLS]
13:09:33.331948:             REGISTER (AUTH) [TLS]  ->
13:09:33.336959:             <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
 
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
 
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
 
Thanks in advance,
Adam
 
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue


 
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.

I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.

I found out that in my case, what works best even with TLS, is to use:

<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.

Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.

 

You could also look into:

    <!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->


<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->   

<!— <param name="bind-params" value="transport=tcp,udp,tls"/>  -->

<!-- additional bind parameters for TLS -->

    <param name=“tls-bind-params" value="transport=tls"/>

 

I’ll leave it up to you to investigate those options more in details on the FS documentation.

 

Please keep us posted!

 

E


Quote:

On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:

 
Hi all,
 
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
 
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
 
Thanks in advance
 
- Adam
 

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


 






_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

 






_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

 


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
covici at ccs.covici.com
Guest





PostPosted: Sat Feb 27, 2016 4:55 pm    Post subject: [Freeswitch-users] all-reg-options-ping and tls issue Reply with quote

Why use options ping at all -- I have never had good success with it, if
it fails then it causes lots of problems, more than its supposed
advantages.

Seeliger, Adam <Adam.Seeliger@qsc.de> wrote:

Quote:
Hi, here is the requested output.

I changed the real user, domain and ip address values into descriptions.
I guess the values are not necessary?

Both, FreeSWITCH and the phone are in the same network (no NAT involved here)

Registrations:
=================================================================================================
Call-ID: 3134353634383833373032323631-ncwgvit2obfp
User: user@domain
Contact: "User Name" <sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206>
Agent: snom715/8.7.5.35
Status: Registered(AUTO-NAT-2.0)(unknown) EXP(2016-02-26 16:21:32) EXPSECS(1912)
Ping-Status: Reachable
Host: hostname
IP: ip
Port: 60206
Auth-User: user
Auth-Realm: domain
MWI-Account: user@domain

Total items returned: 1
=================================================================================================
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5769 Sip user 'user@domain' is now Unreachable
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5780 Expire sip user 'user@domain' due to options failure

As you can see, the user immediately got unregistered again ☹

Best regards,
Adam

Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 15:45
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue

Please send output of command "sofia status profile internal reg <exten_number>"

On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de<mailto:Adam.Seeliger@qsc.de>> wrote:
Hi,

the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)

Regards

Von: freeswitch-users-bounces@lists.freeswitch.org<mailto:freeswitch-users-bounces@lists.freeswitch.org> [mailto:freeswitch-users-bounces@lists.freeswitch.org<mailto:freeswitch-users-bounces@lists.freeswitch.org>] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59

An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue

If your phone has enabled SIPS uri please disable and use sip+tls.


On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de<mailto:Adam.Seeliger@qsc.de>> wrote:
Hi and thanks for the feedback,

sry that I did not respond for a long time.

I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

I also tested all mentioned params below, nothing works.

When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:

User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure

When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.

Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?

Thanks in advance,
Adam

Von: freeswitch-users-bounces@lists.freeswitch.org<mailto:freeswitch-users-bounces@lists.freeswitch.org> [mailto:freeswitch-users-bounces@lists.freeswitch.org<mailto:freeswitch-users-bounces@lists.freeswitch.org>] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue

Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.
I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.
I found out that in my case, what works best even with TLS, is to use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.
Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.

You could also look into:
<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->
<!-- additional bind parameters for TLS -->
<param name=“tls-bind-params" value="transport=tls"/>

I’ll leave it up to you to investigate those options more in details on the FS documentation.

Please keep us posted!

E
On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de<mailto:Adam.Seeliger@qsc.de>> wrote:

Hi all,

I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.

I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?

Thanks in advance

- Adam

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org<mailto:consulting@freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org<mailto:FreeSWITCH-users@lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org<mailto:consulting@freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org<mailto:FreeSWITCH-users@lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org<mailto:consulting@freeswitch.org>
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org<mailto:FreeSWITCH-users@lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


----------------------------------------------------
Alternatives:

----------------------------------------------------
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?

John Covici
covici@ccs.covici.com

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Adam.Seeliger at qsc.de
Guest





PostPosted: Mon Feb 29, 2016 3:31 am    Post subject: [Freeswitch-users] all-reg-options-ping and tls issue Reply with quote

Hi,

I also tested it on latest master:
FreeSWITCH Version 1.7.0+git~20160227T004333Z~d89a0ad52d~64bit (git d89a0ad 2016-02-27 00:43:33Z 64bit)

FreeSWITCH still does not send OPTIONs to TLS registered Users and kills their Registration L

Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 16:53
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue


Registration is correct.
Think it bug and requred to fill a jira tiket.
I use master 4 mouth old and it work correctly.

On Fri, Feb 26, 2016, 18:00 Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Quote:

Hi, here is the requested output.

I changed the real user, domain and ip address values into descriptions.
I guess the values are not necessary?

Both, FreeSWITCH and the phone are in the same network (no NAT involved here)

Registrations:
=================================================================================================
Call-ID: 3134353634383833373032323631-ncwgvit2obfp
User: user@domain
Contact: "User Name" <[url=sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206]sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206[/url]>
Agent: snom715/8.7.5.35
Status: Registered(AUTO-NAT-2.0)(unknown) EXP(2016-02-26 16:21:32) EXPSECS(1912)
Ping-Status: Reachable
Host: hostname
IP: ip
Port: 60206
Auth-User: user
Auth-Realm: domain
MWI-Account: user@domain

Total items returned: 1
=================================================================================================
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5769 Sip user 'user@domain' is now Unreachable
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5780 Expire sip user 'user@domain' due to options failure

As you can see, the user immediately got unregistered again L

Best regards,
Adam

Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 15:45




An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue




Please send output of command "sofia status profile internal reg <exten_number>"


On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi,

the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)

Regards

Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59

An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue




If your phone has enabled SIPS uri please disable and use sip+tls.




On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,

sry that I did not respond for a long time.

I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

I also tested all mentioned params below, nothing works.

When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:

User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure

When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.

Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?

Thanks in advance,
Adam

Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue



Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.

I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.

I found out that in my case, what works best even with TLS, is to use:

<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.

Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.



You could also look into:

<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->


<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->

<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->

<!-- additional bind parameters for TLS -->

<param name=“tls-bind-params" value="transport=tls"/>



I’ll leave it up to you to investigate those options more in details on the FS documentation.



Please keep us posted!



E


Quote:

On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:


Hi all,

I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.

I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?

Thanks in advance

- Adam


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org









_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org








_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org





_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Adam.Seeliger at qsc.de
Guest





PostPosted: Wed Mar 02, 2016 3:10 am    Post subject: [Freeswitch-users] all-reg-options-ping and tls issue Reply with quote

Sergey, so you have a version of FS where the options ping feature and TLS are working.
Could you please provide the required parameters in your freeswitch config and the version you are using?
I opened a jira ticket FS-8885 and attached logs there.

Thanks,
Adam

Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 16:53
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue


Registration is correct.
Think it bug and requred to fill a jira tiket.
I use master 4 mouth old and it work correctly.

On Fri, Feb 26, 2016, 18:00 Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Quote:

Hi, here is the requested output.

I changed the real user, domain and ip address values into descriptions.
I guess the values are not necessary?

Both, FreeSWITCH and the phone are in the same network (no NAT involved here)

Registrations:
=================================================================================================
Call-ID: 3134353634383833373032323631-ncwgvit2obfp
User: user@domain
Contact: "User Name" <[url=sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206]sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206[/url]>
Agent: snom715/8.7.5.35
Status: Registered(AUTO-NAT-2.0)(unknown) EXP(2016-02-26 16:21:32) EXPSECS(1912)
Ping-Status: Reachable
Host: hostname
IP: ip
Port: 60206
Auth-User: user
Auth-Realm: domain
MWI-Account: user@domain

Total items returned: 1
=================================================================================================
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5769 Sip user 'user@domain' is now Unreachable
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5780 Expire sip user 'user@domain' due to options failure

As you can see, the user immediately got unregistered again L

Best regards,
Adam

Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 15:45




An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue




Please send output of command "sofia status profile internal reg <exten_number>"


On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi,

the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)

Regards

Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59

An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue




If your phone has enabled SIPS uri please disable and use sip+tls.




On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,

sry that I did not respond for a long time.

I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

I also tested all mentioned params below, nothing works.

When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:

User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure

When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.

Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?

Thanks in advance,
Adam

Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue



Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.

I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.

I found out that in my case, what works best even with TLS, is to use:

<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>

This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.

Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.



You could also look into:

<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->


<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->

<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->

<!-- additional bind parameters for TLS -->

<param name=“tls-bind-params" value="transport=tls"/>



I’ll leave it up to you to investigate those options more in details on the FS documentation.



Please keep us posted!



E


Quote:

On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:


Hi all,

I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.

I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?

Thanks in advance

- Adam


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org









_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org








_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org





_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services