I have the latest (as of oct '21) version of FreePBX running locally. I have number of softphones (Linphone) running on PCs, Mobiles, and its fine. I have set the configs to require encryption on all calls (both in the soft phone configs and the pbx). Calling with soft phones works flawlessly.
I started to add Sangoma phones P310 and sent one to someone out of state. Sent them the basic sip settings and they were able to connect no problem.
when I tried the same model phone internally with same config, it will not make a call. The only thing I get is a “fast busy”.
The asterisk logs show only:
ERROR[6453]: res_pjsip_session.c:937 handle_incoming_sdp: 1800: Couldn’t negotiate stream 0:audio-0:audio:sendrecv (nothing)
Which I know to be related to unable to handle/setup secure RTP, which lead me to focus on TLS.
The other soft phones connect via TLS both internally and externally, without issue. either on the local wifi or on the mobile network (LTS for example) they have zero problems connecting…
Free PBX - Internally hosted, ports forwarded and working internally and externally with a “lets encrypt” certs to FGDN… SSL verified with https connection to website both internally and externally. so when the internal clients connect the external DNS routes them to the external interface and SSL cert etc all is working. I thought maybe these phones didn’t want to handle coming in through the external addy, but only the internal one, so knowing that the cert needed a hostname to that internal IP, I setup an internal DNS bind9 and set the phones to use that to give the same hostname so it would pickup the cert and use ssl on the internal IP. This works fine with a web browser confirmed to connect the internal IP with the hostname and SSL checks out.
so any ideas?
softphones work internal and external, local wifi and internet
external P310 works fine.
compared the extension settings on the working and not working they are the same
checked the EPM settings though the other external phone worked without it…
ideas?
where to get DETAILED sip logs?
working with Wireshark, still trying to get them decoded, SSLKEYLOGGING seems not to work…
ive double checked the extension settings and sip settings and media encryption is required. I don’t see anywhere on the phone itself to force this. It only allows SIP addy, port and protocol… nothing about SRTP…
is there another place besides the web interface to check for this?
thanks for that, it is setup correctly according to this article. As my rather long (sorry for that) description states, its is working properly with soft phones… I did do some of the “D” series phones settings but it made no difference.
I’ve since configured the phones for Syslog so I can see them boot and noticed this in the messages…
> Oct 21 15:39:55 192.168.1.63 core[350]: middleman: processAccount: transport=tls media_encryption=no
> Oct 21 15:39:55 192.168.1.63 core[350]: middleman: processAccount: alt_transport=tls alt_media_encryption=no
> Oct 21 15:39:55 192.168.1.63 core[350]: middleman: Checking firmware for 3_5_1 P310
> Oct 21 15:39:55 192.168.1.63 core[350]: middleman: firmware_blacklist model=P310 minimum_version=3_2_7 specific_version=
> Oct 21 15:39:55 192.168.1.63 core[350]: middleman: firmware_blacklist model=P315 minimum_version=3_2_7 specific_version
You’ll notice that its showing “media_encryption=no” so Im looking for a setting to confirm this on the phone. Is it possible to set this via the web interface or is it only via the EPM?
I have 3 of these phones, haven’t been able to get a single one working with encryption. We originally thought an external one was working with encryption, but an audit (packet capture) showed it was NOT encrypted which turned out to be an issue in the extension config.
SO… I have a Freepbx system which works 100% perfectly with soft phones (Linphone) on OS X, Windows, iOS and Android, but my initial purchase of 3 Sangoma P310 phones all fail.
How can I enable SRTP on this phone?
Web interface has NO settings for SRTP, only TLS
is there a way to format the SIP (line settings) in the Web interface to force it to use SRTP?
No, media encryption is not one of the settings that’s exposed via the phone’s web interface.
SDES SRTP is controlled only via the media_encryption attribute of the host_primary and/or host_alternate children of the account object.
There is a better way. Configure the phones using the better method of feeding them a configuration file that contains the settings that they should use. Using the Web UI to configure the phones is the least preferred method and gets the least development attention, because the primary audience for these telephones is administrators who configure lots of them.
These administrators are configuring the phones via some sort of provisioning system: EPM provides one, Switchvox provides one, admins outside of those environments usually roll their own.
It’s not how you’re trying to configure the phone. If you’re using the phone with FreePBX and/or PBXact, you should probably use EPM to configure the phone. EPM should provide an option for most things; and for those that don’t appear as button controls, you’ve got access to edit the configuration templates themselves.