hi, i have a distro install of 16 in production. I have built a new server with debian 12 and installed freepbx 17 on it, this all seemed to go smooth. i took a back of the old system and restored to the new system, again that seemed to go ok.
however, on the new system, none of the phones connect. my 2 SIP trunks seem to connect fine, but not the phones.
as a test, i disabled the firewalls but this did not help
where can i look to see why the phones are not connecting. tcpdump shows them attempting but i am using siptls so i cannot read the packets easily. is there a utility that can show me the conversation between the phone and server?
yes, that was it. when i used the util, i saw nothing. so i went back to wireshark and i see that there is a tls error and it fails to negotiate the tls connection. it is throwing an error 70, which seems to be this:
protocol_version The protocol version the client attempted to negotiate is recognized, but not supported. For example, old protocol versions might be avoided for security reasons. This message is always fatal.
anyone know where the protocols for siptls are set in freepbx?
FYI, i know about sip settings/pjsip settings/ssl method, but that just sets the default tls/ssl version. i have a feeling this is a cipher suite issue. and i am wondering if restoring the backup restored some old cipher suite settings that the new debian server will not tolerate?
you can use āasterisk -rx āpjsip set logger onāā and then watch asterisk -rvvvv to see the sip trace (asterisk -rx āpjsip set logger offā) afterwards.
That should show you normal sip messaging. If thereās nothing, you can do a tcpdump, but your certificate is probably not set up on that TLS interface, or, your device doesnāt trust the CA. Could also be the TLS version you are using your phone does not support depending on age of phone.
Eris,
Fyi Iām coming from a working config on a version 16 free PBX distro install. So all of this can works on the old server and when I power the old server back on all the phones connect immediately. Iāve double-checked and the cert came over in the backup on 17 so itās using the same cert. I donāt think thatās the issue. I keep coming back to the TCP dump error protocol 70 which seems to indicate that thereās a the client is requesting a protocol that the server canāt use