Best we can tell, something must have auto-updated on the server over the weekend (I think the server updated Friday Night) and it broke something… That or something expired on the phones (built-in firmware cert??)
Like I said, the T29G phones connect to the server with the latest Yealink Firmware and no issues.
As a “last ditch” effort we setup TLS on CHAN_SIP. We then converted the extensions to “CHAN_SIP” and pointed the non-working phones to the CHAN_SIP TLS port. They registered immediately.
We use a purchased Wildcard Cert from a major vendor for TLS.
Phone Server is currently running 184.108.40.206.
Current System Version is: 12.7.6-1910-1.sng7
This server and extensions have been running without issue since building it. All has been setup from beginning with PJSIP TLS and extension on TLS.
We were able to register the affected phone via PJSIP TLS with a server running 220.127.116.11 and PBX Firmware version 10.13.66-22
Any guidance on troubleshooting why PJSIP stopped working on these extensions would be greatly appreciated.
Can you post your phone config files (MAC.cfg and maybe y000xxx.cfg ) ?
It seems like some variable substitutions are missing ( PHONEIP:PHONEPORT instead of $PHONEIP:$PHONEPORT for instance).
Simply comparing those config files with successful ones would help.
Thanks so much for responding to my post. I had just replaced my actual IP from the log output with PHONEIP:PHONEPORT because it didn’t seem necessary to trouble shoot the issue and would potentially reveal my internal IP structure to the web, which we try not to do.
To help with confusion I will update the original post with 192.168.1.21:12702
Do you know how else I can trouble shoot this situation?
Just bumping this. I did a side by side config file comparison and see nothing that stands out.
Right now i’m not in a position where I can have 2 wiped out phones with default configs side by side, but that will be the next step.
Does anybody know how I can understand what the Server is telling me with the error? Is the phone sending the wrong version of TLS or something else?
It looks like the issue you are having is related to the digest algorithm or the hash functions being used. The Yealink T27Gs firmware was updated to support a newer Cipher Suite last year (Sep, 2018). The 84 version over 83. Yealink T27G Doc
If some phones dont have the update and the ones that do stopped working after a FreePBX update, something must be different with the ciphers the PBX is trying to decrypt from the newer firmware. ie the log message stating it doesnt know what algorithm is being used. Obviously the older firmware still works so the issue kinda points more in the direction of Yealink rather than FreePBX.
This may be a Yealink issue if their new cipher suites they added arent good somehow. Probably not likely.
You could also go back to the older firmware version that works on the phones. And maybe roll back any recent PBX module updates (those are easy). If you can live with the older firmware it doesnt look like there were any major bug fixes for the phones you use.