Page Index Toggle Pages: 1 Send TopicPrint
Normal Topic Issue with FreeSWITCH + Would like to contribute (Read 6999 times)
Ivan Tazelaar
YaBB Newbies
*
Offline


Phoner is great!

Posts: 3
Joined: 12. Aug 2015
Issue with FreeSWITCH + Would like to contribute
12. Aug 2015 at 07:30
Print Post  
Hi,

First of all, let me thank you for taking the time to build and update such a complete softphone client.

I have been trying multiple SIP solutions and your seems to be the best I've found. At first, I thought it was an open source solution, but after reading through your website now I clearly understand it's licensed.

And now comes the part when I ask you for your help:

Sadly, I haven't been able to make it work fine with FreeSWITCH under my environment.

I am experiencing a very odd behavior that can be descrived as follows:

REGISTRATION works as Expected. (I am using TLS so capturing the SIP traces becomes complex)

But one of the thing's I've noticed, that looks very odd, is that your REGISTER appears to be sending the wrong port on the "contact:" section. For example, I have 5080 set as the local port, and the contact I am capturing on the PBX looks like this:

Contact: <sip:itazelaar@XXX.XXX.XXX.XXX:5081;transport=tls>;+sip.instance="<urn:uuid:005EFB22-E53E-E511-8ACC-C27007967A46>"

(if I set the port to 5081, then 5082 shows as the contact, etc. looks like there's always 1 added to the original port number)

Anyway, when I try to place a call the PBX gets the INVITE, it forwards the request to the called extension, the phone rings, and I am able to answer. The inbound RTP stream seems to be established fine, but the outbound is never established for some reason.

I am worried about the contact, because I noticed my PBX is trying to send some SIP messages back to that port and, of course, as I am behind a NAT, and firewall, and as your client sets the original port forwarding using UpnP, the port+1 never reaches me.

Let me know if there's anything else you may need to understand this problem properly.

Thanks!
Ivan
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11527
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Issue with FreeSWITCH + Would like to contribute
Reply #1 - 12. Aug 2015 at 08:32
Print Post  
Thanks for your comments.

The default ports for SIP are 5060 (UDP and TCP) and 5061 (TLS). In PhonerLite you can only configure this base port (UDP, TCP), but the TLS port is always one up. I don't see this as a problem.

For TLS typically the client (PhonerLite) establishes the TLS connection and keeps this connection open. The peer has to reuse this connection to send any SIP messages to the client.
If this is not done and the SIP server (Freeswitch) establish a TLS connection the client has to send a server certificate. That can't be checked for validity because the client typically uses a dynamic IP address and the certificate can't contain this address/domain. So this certificate check will always fail. Therefore all my known SIP providers supporting TLS reuse the established TLS connection opened by the client.

If you have problems with RTP - it is something complete different. If the client (PhonerLite) is behind NAT there are several ways to handle this.
1) The client uses STUN, but this is only possible if the router doesn't use symmetric NAT
2) The client uses UPnP but this is only possible of this is enabled in the router
3) The peer (Freeswitch) is configured to send RTP to that address where it receives RTP from
  
Back to top
WWW  
IP Logged
 
Ivan Tazelaar
YaBB Newbies
*
Offline


Phoner is great!

Posts: 3
Joined: 12. Aug 2015
Re: Issue with FreeSWITCH + Would like to contribute
Reply #2 - 12. Aug 2015 at 22:30
Print Post  
My router supports UPnP, it's currently accepting the Phoner Lite commands and it shows all the port mappings. 

My concern comes from the way FreeSWITCH works for TLS (or the way I believe it works, which may be wrong). I've read somewhere on their doc. that their SIP implementation sometimes establishes a secondary TLS channel (PBX to Client) - probably when they need to send something like an INVITE? (I've noticed PhonerLite doesn't ring when I call).
 
Anyway, for these specific situations (PBX-to-Client), the PBX won't validate the client certificate because this is the way I have it configured. Of course, I can set it to validate the client certificate as well but, as you've just said... this has proven to be problematic.

So, first of all, can I confirm you are sending "port + 1" in the contact info? Was this done by design? Is PhonerLite actually listening on that port?

If this is the case... it looks like you are not issuing a UPnP command for the specific "port + 1" (UDP/TCP - depending on the protocol), so any attempts from the outside using the contact info. provided won't make it to PhonerLite... and the original port you have configured will only work for UDP, so in this case, for TLS, it won't work either even if you send the same port on the contact info.

Please let me know if I am wrong or if I have misunderstood something. I know that FreeSWITCH's TLS implementation isn't very standard on this particular aspect (or at least I've understood that), but I guess it should still work... what do you think?

So, going back to PhonerLite not ringing, I guess it's probably caused by FreeSWITCH's implementation trying to open a new TLS TCP stream to the port you are sending. But RTP should still be working, which is odd... 

So as for the RTP, I am not sure why the outbound stream is not being established properly. I don't have a way to log the IP's that are being used other than your own debug window and the SIP traces that I am sending.

Any Ideas on how to trace this? I have tried to configure Wireshark with the keys to decrypt TLS, but I haven't been lucky.

BTW, I am also interested in collaborating with you if you want, first of all to get these specific issues figured out and solved, if needed, through code. I am a skilled dev, with experience in low level programming in assembler (mainly for automation but I've done some interesting things with 8086 embedded on C), C/C++, C#, Java, scripting, among other technologies. 

I would also love to work on the phone UI if you are interested, I am not sure if you are interested, but it will be great to update it's look & feel to a more modern type of UI, but of course, this is only wishfull thinking, I am not sure if I'll have the time, but if you are open to at least give it a try... just let me know.

And hey, thanks for you great support! Smiley
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11527
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Issue with FreeSWITCH + Would like to contribute
Reply #3 - 14. Aug 2015 at 08:45
Print Post  
If you have configured port 5060 in PhonerLite, The TLS port 5061 is opened for listening. So if Freeswitch really uses this not common way of establishing a new TLS connection to the client, you have to find a way to forward this port in your router configuration (TCP port 5061).
When Freeswitch connects to PhonerLite then PhonerLite acts as a server. PhonerLite offers a server certificate. Client certificates are not used here!

When TLS is used for SIP signaling - do you use SRTP for encrypting audio data too?
  
Back to top
WWW  
IP Logged
 
Ivan Tazelaar
YaBB Newbies
*
Offline


Phoner is great!

Posts: 3
Joined: 12. Aug 2015
Re: Issue with FreeSWITCH + Would like to contribute
Reply #4 - 14. Aug 2015 at 22:23
Print Post  
No, I am only using TLS for signaling. Haven't set SRTP yet, I am considering it, but haven't done it yet because my PBX's in production now and need to carefully pick the windows to attempt the changes. 

So it is traditional unencrypted RTP for the media streams.

I have made some progress on the wireshark end, for the TLS traces, but it's only bad news, I've confirmed why it's not working Sad 

It looks like FreeSWITCH uses Diffie-Hellman to exchange the secret and therefore, wireshark has no way to decrypt the TLS traffic as it doesn't know the "K" value.

I'll work on having that port forwarding set and let you know how that works, but it will be ideal to have PhonerLite set it using UPnP. Is this something you can consider adding to your solution?

On the RTP, Do you have some recomendations on how to diagnose this? Maybe if I send you the traces on your debug window? I'll dedicate some time to try to diagnose it this monday.

Regarding the collaboration, as you haven't said anything, I'll assume you prefer not to get any more people involved. But if you do, and can use some help, please let me know, it will be great to collaborate on this project!

Thanks!
  
Back to top
 
IP Logged
 
Phoner Admin
YaBB Administrator
*****
Offline



Posts: 11527
Location: Germany
Joined: 12. Oct 2003
Gender: Male
Re: Issue with FreeSWITCH + Would like to contribute
Reply #5 - 17. Aug 2015 at 08:08
Print Post  
PhonerLite opens the TLS port by UpNP. Start PhonerLite and you will see the following lines:
Code
Select All
-------------------------------------------
08:04:55,983: T: UPnP for Port=5070 -> 91.61.248.74
OK
-------------------------------------------
08:04:55,984: R: open TCP port (TLS listen): 5071

-------------------------------------------
08:04:55,995: T: UPnP for Port=5071 -> TLS listen
OK
-------------------------------------------
08:04:55,995: R: open TCP port (TCP listen): 5070
OK
 



In my case the port 5070 is configured as base port.
  
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: 1
Send TopicPrint