To be honest I never got around to understand how that even works , on any application or IP phone you have the registration string , you set the port for registration( I set it as TCP I don;t know how it get managed … from that point foreword ) , I don’t know how to set to let the control ( SIP traffic) on TCP and UDP the RTP data.
so if you know can you enlighten me please … because i really want to make TLS work , for the signaling for the time being
Step 1 - buy a book. I’m not trying to be curt or mean, but this is not a project for someone that isn’t well versed in telephony.
Step 2 - get everything working in the normal UDP SIP. From there, you can ‘step-wise’ refine the rest. At this point, there are so many things not working that there’s no effective way to respond in a forum post.
There is a FreePBX Wiki. Have you reviewed the documentation there?
Setting up TCP settings on the server is fairly straight-forward and is documented on the Wiki pages. Setting up TLS is more challenging, since it requires you to make sure that several pieces (in the phone and in the server) are all set correctly. Unless you are doing this for some really specific purpose, I’d recommend you stick with UDP, at least in the short term. Examine your needs and see if encrypted traffic is really that important.
Finally, the FreePBX GUI is there as a tool for you to use, but like any other tool, you need to read the instructions first. I’m pretty sure no one has ever cut off a finger using FreePBX, so I’d hate for you to be the first…
Dear Cynjut ,
Yes I got everything working with UDP ,
yes I reviewed the documentation ,
I know is very straight-foreword that why this is mind boggling.
Yes TLS is even worse I had my fair troubles with it ,
Book … well do you recommend something ? that is worth the time , I did read some parts of
"SIP: Understanding the Session Initiation Protocol" but it was way back , like the invite packets and the flow of data bla bla… but is being a while , Something Freepbx oriented would be helpful , if you know something with this requirements I would be grateful
Yes TCP and Encryption is necessary because everything will fly “naked” on the internet so yes is very important (to me to say the least)
instead of using some VPN and then the user forgets to connect on the VPN and then everything turns to shit(no registration no phone no nothing ). …
so yeah …
anyway , Thank you for your time , I will try to look up some more literature , if you have any other pointers I would be grateful ,
Search through this forum for “TLS” and follow those threads. There have been several discussions in the past couple of months about getting TLS to work. Things like root certificates and proper “Let’s Encrypt” (or other real certificates) are key to getting this to work.
I think there’s something about using TCP and TLS at the same time that’s a problem, but I don’t remember any of the details. If you have the UDP connections working, trying adding the TLS certificates and configuration next. If that works, you’re data will be properly protected, so that should get you where you want to go.
Also, there are some phones that will connect with ‘per phone’ VPN connections, which is another way to solve this specific problem. Once again, there is a lot of good information in the forums, especially over the past six months or so.
Many phones (Sangoma, for example) have the capability to set up a point-to-point VPN connection from the phone itself to the PBX. It’s more a function of the phone than anything else, but it is a possibility.
oh okay , I thought you wore talking about (mobile apps) yeah okay , but some of them need there own hardware to make the VPN work like cisco for example … Sangoma ( i’ve never worked with them , also VPN PPTP is quite obsolete even for this job(and vulnerable , broken protocol , so many backdoors :D,if this is the VPN type you are talking about ) )
Also the main problem i encouter is this "
[2018-03-06 20:19:57] WARNING: chan_sip.c:4077 retrans_pkt: Retransmission timeout reached on transmission XXXXXXXXXXXXXXX. for seqno 2 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 6400ms with no response
and I don’t know how to fix it …
Do you have any idea ?