Yealink T46s registration issues

Greetings those wiser than me.
After updating my Asterisk box - which was previously running Asterisk 16, to 21, and now with the FreePBX GUI, I find my two Yealink T46s phones won’t register.
Everything, PBX, and phones are on my internal network (192.168.x.x). I have Yealink W60 DECT phones that are all working happily, I have a Zoiper softphone running on a laptop, which is also happy.
My T46s phones are not.

Using a combination of tcpdump and sngrep I have deduced that the handshake beween the two is not correct.

As you see from the screenshot, the PBX is not reponding with the normal 401, it’s just ignoring it.

As it’s all internal, NAT is not playing a part.
The phones worked fine with my old Asterisk server (running v16)
I don’t appear to be the only one who has suffered this issue. Much web searching has not found a solution as yet.

The T46s has the latest/last version of firmware in it : 66.86.0.160

Any clues would be gratefully received.

Rob.

Just guessing:

Running FreePBX Firewall or other software firewall? If so, check if 192.168.106.176 somehow got banned by fail2ban or is not trusted.

iptables -vL
may show whether the address is blocked.

Confirm that pjsip Port to Listen On for the udp transport is 5060 and the transport is enabled.

If no luck, at the Asterisk command prompt type
pjsip set logger on
and see whether anything appears there when the Yealinks try to register. If nothing, as a test try disabling whatever software firewall you’re running.

Thanks for those tips.
Fail2ban is not running. That address has not been banned or excluded by the firewall as I can ping it from the phone.

Pjsip logger shows the same as tcpdump -n -vvv etc …

I’ve tried setting the phone to connect on a different port, just as the Zoiper softphone does - no difference.

The register frame is seen at the server end using sngrep, it’s just not responding to it.

I’m not the only one to have issues with these phones.

I put these phones in the field all over the place with no issues so I dont think its the phones. These extensions, are they PJSIP or Chansip and can you verify that PJSIP is in fact running on 5060? Are you manually programming them or using Endpoint Manager?

Pjsip logger is after the firewall for incoming packets (sngrep and tcpdump are before), so this is not a firewall issue.

What, if anything, appears in the Asterisk log (/var/log/asterisk/full) after the pjsip logger entry for attempted registration?

Hi Jeremy

There are only two of them here and they “hand crafted”.

Using PJSIP rather than ChanSIP as per FreePBX 17.

My W60s worked no problem, the T46s’ both worked OK with the vanilla Asterisk V16 PBX that’s now been replaced.

Most of the cries for help I have found on the net tend to point to NAT issues, with the phones on an external network. Mine are all on the same VLAN as the PBX, so NAT is not in play.

I’ll double check when I get home / back in the office.

Nothing in the logs for the T46s IP addresses.

Even though F2B isn’t supposed to be running (I said no at installation) it’s gathered some info, and that has no sign of the IP addresses at all.

I’ll do some more debugging.

Please confirm that you meant nothing following the entries created by pjsip logger.
If the pjsip logger entries are also absent, what do you think is different from when you observed them?

No nothing was seen other than what sngrep saw.

After some debugging, even though I told it not to install F2B, it did, and because those phones were configured last F2B decided they should be banned as no extensions existed in FreePBX for them. Oddly unbanning them made no difference. So F2B is removed, and the PBX is running without it’s own firewall. It doesn’t need one as it’s behind a very secure double firewall setup.

Thanks for all of your help, I couldn’t see the wood for trees

@RobCompton If working

From web browser go to GUI for ip phone and From

Security–> Trusted Certificates → only Accept Trusted Certification change it to [Disabled]

I guess our posts crossed like ships in the night… it’s all sorted, it WAS Fail2Ban which shouldn’t have been installed, let alone running.