VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
View previous topic :: View next topic |
Author |
Message |
Adam.Seeliger at qsc.de Guest
|
Posted: Fri Feb 26, 2016 7:38 am Post subject: [Freeswitch-users] all-reg-options-ping and tls issue |
|
|
Hi and thanks for the feedback,
sry that I did not respond for a long time.
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
I also tested all mentioned params below, nothing works.
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
Thanks in advance,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.
I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.
I found out that in my case, what works best even with TLS, is to use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.
Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.
You could also look into:
<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->
<!-- additional bind parameters for TLS -->
<param name=“tls-bind-params" value="transport=tls"/>
I’ll leave it up to you to investigate those options more in details on the FS documentation.
Please keep us posted!
E
Quote: |
On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi all,
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
Thanks in advance
- Adam
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
|
|
Back to top |
|
|
s.safarov at gmail.com Guest
|
Posted: Fri Feb 26, 2016 8:00 am Post subject: [Freeswitch-users] all-reg-options-ping and tls issue |
|
|
If your phone has enabled SIPS uri please disable and use sip+tls.
On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Quote: |
Hi and thanks for the feedback,
sry that I did not respond for a long time.
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
I also tested all mentioned params below, nothing works.
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
Thanks in advance,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.
I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.
I found out that in my case, what works best even with TLS, is to use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.
Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.
You could also look into:
<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->
<!-- additional bind parameters for TLS -->
<param name=“tls-bind-params" value="transport=tls"/>
I’ll leave it up to you to investigate those options more in details on the FS documentation.
Please keep us posted!
E
Quote: |
On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi all,
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
Thanks in advance
- Adam
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
|
|
Back to top |
|
|
Adam.Seeliger at qsc.de Guest
|
Posted: Fri Feb 26, 2016 8:23 am Post subject: [Freeswitch-users] all-reg-options-ping and tls issue |
|
|
Hi,
the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)
Regards
Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
If your phone has enabled SIPS uri please disable and use sip+tls.
On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,
sry that I did not respond for a long time.
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
I also tested all mentioned params below, nothing works.
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
Thanks in advance,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.
I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.
I found out that in my case, what works best even with TLS, is to use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.
Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.
You could also look into:
<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->
<!-- additional bind parameters for TLS -->
<param name=“tls-bind-params" value="transport=tls"/>
I’ll leave it up to you to investigate those options more in details on the FS documentation.
Please keep us posted!
E
Quote: |
On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi all,
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
Thanks in advance
- Adam
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org |
|
Back to top |
|
|
s.safarov at gmail.com Guest
|
Posted: Fri Feb 26, 2016 9:46 am Post subject: [Freeswitch-users] all-reg-options-ping and tls issue |
|
|
Please send output of command "sofia status profile internal reg <exten_number>"
On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Quote: |
Hi,
the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)
Regards
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
If your phone has enabled SIPS uri please disable and use sip+tls.
On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,
sry that I did not respond for a long time.
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
I also tested all mentioned params below, nothing works.
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
Thanks in advance,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.
I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.
I found out that in my case, what works best even with TLS, is to use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.
Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.
You could also look into:
<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->
<!-- additional bind parameters for TLS -->
<param name=“tls-bind-params" value="transport=tls"/>
I’ll leave it up to you to investigate those options more in details on the FS documentation.
Please keep us posted!
E
Quote: |
On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi all,
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
Thanks in advance
- Adam
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
|
|
Back to top |
|
|
Adam.Seeliger at qsc.de Guest
|
Posted: Fri Feb 26, 2016 10:00 am Post subject: [Freeswitch-users] all-reg-options-ping and tls issue |
|
|
Hi, here is the requested output.
I changed the real user, domain and ip address values into descriptions.
I guess the values are not necessary?
Both, FreeSWITCH and the phone are in the same network (no NAT involved here)
Registrations:
=================================================================================================
Call-ID: 3134353634383833373032323631-ncwgvit2obfp
User: user@domain
Contact: "User Name" <sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206>
Agent: snom715/8.7.5.35
Status: Registered(AUTO-NAT-2.0)(unknown) EXP(2016-02-26 16:21:32) EXPSECS(1912)
Ping-Status: Reachable
Host: hostname
IP: ip
Port: 60206
Auth-User: user
Auth-Realm: domain
MWI-Account: user@domain
Total items returned: 1
=================================================================================================
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5769 Sip user 'user@domain' is now Unreachable
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5780 Expire sip user 'user@domain' due to options failure
As you can see, the user immediately got unregistered again L
Best regards,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 15:45
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Please send output of command "sofia status profile internal reg <exten_number>"
On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi,
the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)
Regards
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
If your phone has enabled SIPS uri please disable and use sip+tls.
On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,
sry that I did not respond for a long time.
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
I also tested all mentioned params below, nothing works.
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
Thanks in advance,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.
I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.
I found out that in my case, what works best even with TLS, is to use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.
Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.
You could also look into:
<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->
<!-- additional bind parameters for TLS -->
<param name=“tls-bind-params" value="transport=tls"/>
I’ll leave it up to you to investigate those options more in details on the FS documentation.
Please keep us posted!
E
Quote: |
On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi all,
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
Thanks in advance
- Adam
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org |
|
Back to top |
|
|
s.safarov at gmail.com Guest
|
Posted: Fri Feb 26, 2016 10:54 am Post subject: [Freeswitch-users] all-reg-options-ping and tls issue |
|
|
Registration is correct.
Think it bug and requred to fill a jira tiket.
I use master 4 mouth old and it work correctly.
On Fri, Feb 26, 2016, 18:00 Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Quote: |
Hi, here is the requested output.
I changed the real user, domain and ip address values into descriptions.
I guess the values are not necessary?
Both, FreeSWITCH and the phone are in the same network (no NAT involved here)
Registrations:
=================================================================================================
Call-ID: 3134353634383833373032323631-ncwgvit2obfp
User: user@domain
Contact: "User Name" <sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206>
Agent: snom715/8.7.5.35
Status: Registered(AUTO-NAT-2.0)(unknown) EXP(2016-02-26 16:21:32) EXPSECS(1912)
Ping-Status: Reachable
Host: hostname
IP: ip
Port: 60206
Auth-User: user
Auth-Realm: domain
MWI-Account: user@domain
Total items returned: 1
=================================================================================================
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5769 Sip user 'user@domain' is now Unreachable
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5780 Expire sip user 'user@domain' due to options failure
As you can see, the user immediately got unregistered again L
Best regards,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 15:45
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Please send output of command "sofia status profile internal reg <exten_number>"
On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi,
the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)
Regards
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
If your phone has enabled SIPS uri please disable and use sip+tls.
On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,
sry that I did not respond for a long time.
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
I also tested all mentioned params below, nothing works.
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
Thanks in advance,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.
I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.
I found out that in my case, what works best even with TLS, is to use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.
Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.
You could also look into:
<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->
<!-- additional bind parameters for TLS -->
<param name=“tls-bind-params" value="transport=tls"/>
I’ll leave it up to you to investigate those options more in details on the FS documentation.
Please keep us posted!
E
Quote: |
On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi all,
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
Thanks in advance
- Adam
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org |
|
|
Back to top |
|
|
covici at ccs.covici.com Guest
|
Posted: Sat Feb 27, 2016 4:55 pm Post subject: [Freeswitch-users] all-reg-options-ping and tls issue |
|
|
Why use options ping at all -- I have never had good success with it, if
it fails then it causes lots of problems, more than its supposed
advantages.
Seeliger, Adam <Adam.Seeliger@qsc.de> wrote:
Quote: | Hi, here is the requested output.
I changed the real user, domain and ip address values into descriptions.
I guess the values are not necessary?
Both, FreeSWITCH and the phone are in the same network (no NAT involved here)
Registrations:
=================================================================================================
Call-ID: 3134353634383833373032323631-ncwgvit2obfp
User: user@domain
Contact: "User Name" <sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206>
Agent: snom715/8.7.5.35
Status: Registered(AUTO-NAT-2.0)(unknown) EXP(2016-02-26 16:21:32) EXPSECS(1912)
Ping-Status: Reachable
Host: hostname
IP: ip
Port: 60206
Auth-User: user
Auth-Realm: domain
MWI-Account: user@domain
Total items returned: 1
=================================================================================================
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5769 Sip user 'user@domain' is now Unreachable
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5780 Expire sip user 'user@domain' due to options failure
As you can see, the user immediately got unregistered again ☹
Best regards,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 15:45
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Please send output of command "sofia status profile internal reg <exten_number>"
On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de<mailto:Adam.Seeliger@qsc.de>> wrote:
Hi,
the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)
Regards
Von: freeswitch-users-bounces@lists.freeswitch.org<mailto:freeswitch-users-bounces@lists.freeswitch.org> [mailto:freeswitch-users-bounces@lists.freeswitch.org<mailto:freeswitch-users-bounces@lists.freeswitch.org>] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
If your phone has enabled SIPS uri please disable and use sip+tls.
On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de<mailto:Adam.Seeliger@qsc.de>> wrote:
Hi and thanks for the feedback,
sry that I did not respond for a long time.
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
I also tested all mentioned params below, nothing works.
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
Thanks in advance,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org<mailto:freeswitch-users-bounces@lists.freeswitch.org> [mailto:freeswitch-users-bounces@lists.freeswitch.org<mailto:freeswitch-users-bounces@lists.freeswitch.org>] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.
I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.
I found out that in my case, what works best even with TLS, is to use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.
Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.
You could also look into:
<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->
<!-- additional bind parameters for TLS -->
<param name=“tls-bind-params" value="transport=tls"/>
I’ll leave it up to you to investigate those options more in details on the FS documentation.
Please keep us posted!
E
On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de<mailto:Adam.Seeliger@qsc.de>> wrote:
Hi all,
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
Thanks in advance
- Adam
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org<mailto:consulting@freeswitch.org>
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org<mailto:FreeSWITCH-users@lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org<mailto:consulting@freeswitch.org>
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org<mailto:FreeSWITCH-users@lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org<mailto:consulting@freeswitch.org>
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org<mailto:FreeSWITCH-users@lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
----------------------------------------------------
Alternatives:
----------------------------------------------------
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici
covici@ccs.covici.com
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org |
|
Back to top |
|
|
Adam.Seeliger at qsc.de Guest
|
Posted: Mon Feb 29, 2016 3:31 am Post subject: [Freeswitch-users] all-reg-options-ping and tls issue |
|
|
Hi,
I also tested it on latest master:
FreeSWITCH Version 1.7.0+git~20160227T004333Z~d89a0ad52d~64bit (git d89a0ad 2016-02-27 00:43:33Z 64bit)
FreeSWITCH still does not send OPTIONs to TLS registered Users and kills their Registration L
Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 16:53
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Registration is correct.
Think it bug and requred to fill a jira tiket.
I use master 4 mouth old and it work correctly.
On Fri, Feb 26, 2016, 18:00 Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Quote: |
Hi, here is the requested output.
I changed the real user, domain and ip address values into descriptions.
I guess the values are not necessary?
Both, FreeSWITCH and the phone are in the same network (no NAT involved here)
Registrations:
=================================================================================================
Call-ID: 3134353634383833373032323631-ncwgvit2obfp
User: user@domain
Contact: "User Name" <[url=sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206]sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206[/url]>
Agent: snom715/8.7.5.35
Status: Registered(AUTO-NAT-2.0)(unknown) EXP(2016-02-26 16:21:32) EXPSECS(1912)
Ping-Status: Reachable
Host: hostname
IP: ip
Port: 60206
Auth-User: user
Auth-Realm: domain
MWI-Account: user@domain
Total items returned: 1
=================================================================================================
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5769 Sip user 'user@domain' is now Unreachable
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5780 Expire sip user 'user@domain' due to options failure
As you can see, the user immediately got unregistered again L
Best regards,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 15:45
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Please send output of command "sofia status profile internal reg <exten_number>"
On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi,
the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)
Regards
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
If your phone has enabled SIPS uri please disable and use sip+tls.
On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,
sry that I did not respond for a long time.
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
I also tested all mentioned params below, nothing works.
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
Thanks in advance,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.
I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.
I found out that in my case, what works best even with TLS, is to use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.
Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.
You could also look into:
<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->
<!-- additional bind parameters for TLS -->
<param name=“tls-bind-params" value="transport=tls"/>
I’ll leave it up to you to investigate those options more in details on the FS documentation.
Please keep us posted!
E
Quote: |
On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi all,
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
Thanks in advance
- Adam
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org |
|
|
Back to top |
|
|
Adam.Seeliger at qsc.de Guest
|
Posted: Wed Mar 02, 2016 3:10 am Post subject: [Freeswitch-users] all-reg-options-ping and tls issue |
|
|
Sergey, so you have a version of FS where the options ping feature and TLS are working.
Could you please provide the required parameters in your freeswitch config and the version you are using?
I opened a jira ticket FS-8885 and attached logs there.
Thanks,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 16:53
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Registration is correct.
Think it bug and requred to fill a jira tiket.
I use master 4 mouth old and it work correctly.
On Fri, Feb 26, 2016, 18:00 Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Quote: |
Hi, here is the requested output.
I changed the real user, domain and ip address values into descriptions.
I guess the values are not necessary?
Both, FreeSWITCH and the phone are in the same network (no NAT involved here)
Registrations:
=================================================================================================
Call-ID: 3134353634383833373032323631-ncwgvit2obfp
User: user@domain
Contact: "User Name" <[url=sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206]sip:user@ip:60206;transport=tls;line=gvg9q8jh;fs_nat=yes;fs_path=sip%3Auser%40ip%3A60206[/url]>
Agent: snom715/8.7.5.35
Status: Registered(AUTO-NAT-2.0)(unknown) EXP(2016-02-26 16:21:32) EXPSECS(1912)
Ping-Status: Reachable
Host: hostname
IP: ip
Port: 60206
Auth-User: user
Auth-Realm: domain
MWI-Account: user@domain
Total items returned: 1
=================================================================================================
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5769 Sip user 'user@domain' is now Unreachable
2016-02-26 15:50:09.326648 [WARNING] sofia.c:5780 Expire sip user 'user@domain' due to options failure
As you can see, the user immediately got unregistered again L
Best regards,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 15:45
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Please send output of command "sofia status profile internal reg <exten_number>"
On Fri, Feb 26, 2016 at 4:21 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi,
the phone uses sip+tls.
I test using a snom715, got plenty other phones here, but I guess they will behave the same way.
It really looks like FreeSWITCH is doing something wrong (or is wrongly configured – if there are any parameters for options ping supporting both, udp and tls)
Regards
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Sergey Safarov
Gesendet: Freitag, 26. Februar 2016 13:59
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
If your phone has enabled SIPS uri please disable and use sip+tls.
On Fri, Feb 26, 2016 at 3:37 PM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi and thanks for the feedback,
sry that I did not respond for a long time.
I already use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
I also tested all mentioned params below, nothing works.
When I register a User via TLS FreeSWITCH does not even try to ping the user.
I turned sofia global siptrace on and watched the flow:
User Server
13:09:33.311446: REGISTER [TLS] ->
13:09:33.312552: <- 401 UNAUTHORIZED [TLS]
13:09:33.331948: REGISTER (AUTH) [TLS] ->
13:09:33.336959: <- 200 OK [TLS]
Nothing happens
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5769 Sip user 'user@host' is now Unreachable
2016-02-26 13:10:00.619525 [WARNING] sofia.c:5780 Expire sip user 'user@host' due to options failure
When I REGISTER the User via UDP FreeSWITCH starts to ping (OPTIONS) the user as soon as he is registered.
Is there any way to force FreeSWITCH to send OPTIONs in both, udp and tls, depending on the registration?
Thanks in advance,
Adam
Von: freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org) [mailto:freeswitch-users-bounces@lists.freeswitch.org (freeswitch-users-bounces@lists.freeswitch.org)] Im Auftrag von Emrah
Gesendet: Freitag, 29. Januar 2016 09:25
An: FreeSWITCH Users Help
Betreff: Re: [Freeswitch-users] all-reg-options-ping and tls issue
Hi!
This is interesting. I experienced something rather similar where calls would drop because FS would timeout on certain packets sent over UDP instead of TLS.
I assume you mean FS exits with port 5060 instead of port 5061? Because the port on the remote end should be dynamically set.
I found out that in my case, what works best even with TLS, is to use:
<variable name=“sip-force-contact” value="NDLB-connectile-dysfunction-2.0"/>
This goes as far as it can to lay out the path to contacting the client with all consideration in regards to NAT and dynamic ports.
Not sure if it will help you. I’ve personally disabled options-ping an let my clients deal with keep-alive instead.
You could also look into:
<!-- add a ;received="<ip>:<port>" to the contact when replying to register for nat handling -->
<!— <param name="NDLB-received-in-nat-reg-contact" value="true"/> -->
<!— <param name="bind-params" value="transport=tcp,udp,tls"/> -->
<!-- additional bind parameters for TLS -->
<param name=“tls-bind-params" value="transport=tls"/>
I’ll leave it up to you to investigate those options more in details on the FS documentation.
Please keep us posted!
E
Quote: |
On Jan 28, 2016, at 11:48 AM, Seeliger, Adam <Adam.Seeliger@qsc.de (Adam.Seeliger@qsc.de)> wrote:
Hi all,
I have a problem, when I enable TLS and register a phone using TLS on Port 5061.
FreeSWITCH still tries to “ping” the phone using Port 5060 using UDP, which is ignored by the phone.
Moments later FreeSWITCH deletes the registration, because “unregister-on-options-fail” is set to “true”.
I already figured out, that you can set “all-reg-options-ping” to “udp-only”, but this would completely disable this feature for TLS.
Is there any way to ping TLS registered using TLS?
Thanks in advance
- Adam
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
|
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting@freeswitch.org (consulting@freeswitch.org)
http://www.freeswitchsolutions.com
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org (FreeSWITCH-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org |
|
|
Back to top |
|
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|