Hello - I have FreePBX on Raspberry Pi (raspbx) with latest upgrades using PJSIP. The device is a Yealink SIP-T40G set up for encrypted communications (TLS and SRTP). The wireshark shows what appears to be a successful TLS handshake. After but then the the FreePBX sends TLS “Finished” message it then sends TCP FIN and appears to end the connection.
One known issue with my setup is that the framework module is disabled. I am having difficulty getting it upgraded and I am hoping it is not the source of the problem.
I have rechecked many points of my SIP and TLS configuration. I am not seeing any error messages or any useful log data. Can someone please steer me at some first steps at finding where the failure is?
Many Yealink models do not work with the LE cert that FreePBX 14 gets. I’ve a thread somewhere about it.
I also had a ticket open with Yealink support, but they basically wanted me to spend all my own time doing their testing for them so I never went farther with it.
Thank you for this! In a small deployment where I will be doing manual configuration do you see any possibility of getting the T4xG phones being made to work in encrypted mode with LE certs?
As you can see from the other thread, nothing really changed on the FreePBX side from 13 (works) to 14 (does not work). Obviously something in the libraries changed, but that is all upstream.
On the Yealink side, they specifically had a firmware update change log mention updating the valid CAs. But the older G models did not get that update.
Why it worked on FreePBX 13 and not 14 if it was a CA issue is beyond me.
The T40G has the updated firmware. It should work.
That said, it is not the “consolidated” firmware that the S line uses, so who knows.
How about a proper Asterisk level debug to see what is happening. The pcap shows that the handshake happened but since Asterisk is running over TLS that means it happened by Asterisk. So do you see REGISTER messages happen in the Asterisk console with the proper driver debug/logger on?
Is this a case of Asterisk not getting it, not replying to it, not sending a proper message back? Sending back a valid error because of an issue with the packet or request?
Thank you Jared that gives me some idea that maybe the TLS can be debugged with this particular Yealink before I abandon it and get a known working model.
Tom here is the only evidence I have that the phone is seeking a connection to the FreePBX. These debug lines are being read into the logs every 31 seconds or so:
PJSIP logging is enabled and shows no SIP messages of any type reaching Asterisk. The wireshark shows none either.
From the wireshark it appears that the FreePBX chooses to close the connection immediately after the TLS handshake. I am hoping someone can steer me toward whatever linux logs would show any error messages resulting from the TLS handshake.
Ignoring SIP TLS/SRTP, when a Yealink phone does not work with the certificate, a simple XML company address book accessed over HTTPS will not work either.
If I understand you, an address book request from the Yealink to the FreePBX would get the same TLS stacks talking to each other as if it were a SIP message. And the web servers on each side might provide some useful error messages?
Here’s a question, what does the Alert message right above your red highlighted message in the original screen cap show? That might shed some light on this.
