Hangup() Not Working For Handsets Using Pls Transport?
Hi all,
I managed to get tls transport going with asterisk 16.14.0, and set one handset (SOFTPHONE_B) to use the transport. I have set up a few other handsets (both soft and hard) to use udp and tcp transports:
voip1*CLI> pjsip show endpoints
Endpoint:
I/OAuth:
Aor:
Contact:
Transport:
Identify:
Match:
Channel:
Exten:
=========================================================================================
Endpoint: 0000f30A0A01 Not in use 0 of inf
InAuth: 0000f30A0A01/0000f30A0A01
Aor: 0000f30A0A01 1
Contact: 0000f30A0A01/sip:0000f30A0A01@128.171.77.1 4800418965
NonQual nan
Transport: transport-udp udp 0 0 0.0.0.0:5060
Endpoint: 0000f30B0B02 Not in use 0 of inf
InAuth: 0000f30B0B02/0000f30B0B02
Aor: 0000f30B0B02 1
Contact: 0000f30B0B02/sip:0000f30B0B02@128.171.77.4 615cc2a2c6
NonQual nan
Transport: transport-udp udp 0 0 0.0.0.0:5060
Endpoint: SOFTPHONE_A
Unavailable 0 of inf
InAuth: SOFTPHONE_A/SOFTPHONE_A
Aor: SOFTPHONE_A 2
Transport: transport-tcp tcp 0 0 0.0.0.0:5060
Endpoint: SOFTPHONE_B Not in use 0 of inf
InAuth: SOFTPHONE_B/SOFTPHONE_B
Aor: SOFTPHONE_B 2
Contact: SOFTPHONE_B/sip:SOFTPHONE_B@128.171.168.23 78257ab30a NonQual nan
Transport: transport-tls tls 0 0 0.0.0.0:5061
Objects found: 4
voip1*CLI>
For testing, I have the following in /etc/asterisk/extensions.conf:
[globals]
; General internal dialing options used in context Dial-Users.
; Only the timeout is defined here. See the Dial app documentation for
; additional options.
INTERNAL_DIAL_OPT=,30
RP_Yealink = PJSIP/0000f30A0A01
RP_Cisco = PJSIP/0000f30B0B02
RP_HMBP = PJSIP/SOFTPHONE_A
RP_OMBP = PJSIP/SOFTPHONE_B
[sets]
exten => 100,1,Dial(${RP_Yealink},10,m)
same => n,Playback(vm-nobodyavail)
same => n,Hangup()
exten => 101,1,Dial(${RP_Cisco},10)
same => n,Playback(vm-nobodyavail)
same => n,Hangup()
exten => 102,1,Dial(${RP_HMBP})
exten => 103,1,Dial(${RP_OMBP},10)
same => n,Playback(vm-nobodyavail)
same => n,Hangup()
When using handsets with udp or tcp transports to dial ext 100, it’d hangup after the no-one-arround message. However, when using the handset with tls transport, it doesn’t hang up on its own if ext 100 is not answered. I
have to click the hangup button to accomplish that. Here’s what asterisk log shows:
== Setting global variable ‘SIPDOMAIN’ to ‘128.171.77.23’
— Executing [100@sets:1] Dial(“PJSIP/SOFTPHONE_B-00000007″, ”
PJSIP/0000f30A0A01,10,m”) in new stack
— Called PJSIP/0000f30A0A01
— Started music on hold, class ‘default’, on channel
‘PJSIP/SOFTPHONE_B-00000007’
> 0x7f0fa801ede0 — Strict RTP learning after remote address set to:
128.171.168.233:7078
— PJSIP/0000f30A0A01-00000008 is ringing
— PJSIP/0000f30A0A01-00000008 is ringing
> 0x7f0fa801ede0 — Strict RTP switching to RTP target address
128.171.168.233:7078 as source
> 0x7f0fa801ede0 — Strict RTP learning complete – Locking on source address 128.171.168.233:7078
— Nobody picked up in 10000 ms
— Stopped music on hold on PJSIP/SOFTPHONE_B-00000007
— Executing [100@sets:2] Playback(“PJSIP/SOFTPHONE_B-00000007″, ”
vm-nobodyavail”) in new stack
—
‘en’)
— Executing [100@sets:3] Hangup(“PJSIP/SOFTPHONE_B-00000007”, “”) in new stack
== Spawn extension (sets, 100, 3) exited non-zero on
‘PJSIP/SOFTPHONE_B-00000007’
voip1*CLI>
Another quirk is when I use a phone with udp transport (RP_Yealink) to call a phone with tls transport (RP_OMBP) it immediately jumps the no-one-around message w/o ringing, then hang up. The tls phone is shown available but asterisk sees it busy:
== Setting global variable ‘SIPDOMAIN’ to ‘128.171.77.23’
— Executing [103@sets:1] Dial(“PJSIP/0000f30A0A01-0000000d”, ”
PJSIP/SOFTPHONE_B,10″) in new stack
— Called PJSIP/SOFTPHONE_B
== Everyone is busy/congested at this time (1:0/1/0)
— Executing [103@sets:2] Playback(“PJSIP/0000f30A0A01-0000000d”, ”
vm-nobodyavail”) in new stack
> 0x7f0fa000c330 — Strict RTP learning after remote address set to:
128.171.77.118:11790
> 0x7f0fa000c330 — Strict RTP switching to RTP target address
128.171.77.118:11790 as source
—
(language ‘en’)
— Executing [103@sets:3] Hangup(“PJSIP/0000f30A0A01-0000000d”, “”) in new stack
== Spawn extension (sets, 103, 3) exited non-zero on
‘PJSIP/0000f30A0A01-0000000d’
voip1*CLI>
Suppose it’s not cool to mix transports among your handsets? Any suggestions?
Thanks,
–Ruisheng
7 thoughts on - Hangup() Not Working For Handsets Using Pls Transport?
When using handsets with udp or tcp transports to dial ext 100, it’d hangup
I’d suggest looking at the actual SIP signaling to see what is going on using “pjsip set logger on” and also providing configuration. This would allow better insight into what exactly is going on.
Thanks Jashua for the suggestion. To find out if the issue was only limited to the softphone that was using tls transport (SOFTPHONE_B on ext
103, a linphone running off my MBP), I also turned one of the hard phone
(0000f30A0A01 on ext 100, a Yealink T32G) into using tls transport. It behaves similarly to the linphone in that the Hangup() call in dialplan is silently ignored, and the handsets would alway appear as busy/unavilable.
Here’re the relevant part of my /etc/asterisk/extensions.conf:
[globals]
; General internal dialing options used in context Dial-Users.
;
Have you configured the devices, on them or using their provisioning, to use TLS? It does not appear so as they are using UDP, while you’re forcing a TLS transport in Asterisk. This would not work.
Sorry, my bad. I failed to change the transport to tls on the provision for the hardphone, nor did change the transport on the linphone setup. However, after I do that, the hardphone (Yealink T32G) failed to register, citing:
[Feb 11 14:16:03] WARNING[24936]: pjproject: >: SSL len: 0 peer:
SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900>
128.171.77.34:30401
on the linphone side, it also fails to register:
2021-02-11 13:26:32:637 [linphone/belle-sip] MESSAGE Trying to connect to
[TLS://::ffff:128.171.77.23:5061]
2021-02-11 13:26:32:652 [linphone/belle-sip] MESSAGE Channel
[0x7fc8b8000000]: Connected at TCP level, now doing TLS handshake with cname8.171.77.23
2021-02-11 13:26:32:654 [linphone/belle-sip] MESSAGE Channel
[0x7fc8b8000000]: SSL handshake in progress…
2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate depth=[2], flags=[]:
cert. version : 3
serial number : 44:AF:B0:80:D6:A3:27:BA:89:30:39:86:2E:F8:40:6B
issuer name : O=Digital Signature Trust Co., CN=DST Root CA X3
subject name : O=Digital Signature Trust Co., CN=DST Root CA X3
issued on : 2000-09-30 21:12:19
expires on : 2021-09-30 14:01:15
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate depth=[1], flags=[]:
cert. version : 3
serial number : 40:01:75:04:83:14:A4:C8:21:8C:84:A9:0C:16:CD:DF
issuer name : O=Digital Signature Trust Co., CN=DST Root CA X3
subject name : C=US, O=Let’s Encrypt, CN=R3
issued on : 2020-10-07 19:21:40
expires on : 2021-09-29 19:21:40
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true, max_pathlen=0
key usage : Digital Signature, Key Cert Sign, CRL Sign
ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate depth=[0], flags=[CN-mismatch ]:
cert. version : 3
serial number : 03:F0:83:3C:5D:41:76:BC:4E:B2:E6:AB:60:8C:F9:5E:27:86
issuer name : C=US, O=Let’s Encrypt, CN=R3
subject name : CN=voip1.ifa.hawaii.edu
issued on : 2020-12-30 02:56:29
expires on : 2021-03-30 02:56:29
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA
This would be caused by the TLS transport configuration on Asterisk or the phone potentially. You’d need to provide the transport definition from pjsip.conf. Without that I can say the “method” option is likely needing changing. I’m not familiar with what is supported by Yealink.
I don’t use linphone or have any experience so can only provide general comments. Either the certificate chain is incomplete and the client can’t verify, or the client doesn’t have the certificate authority root certificate as trusted. As well if you aren’t doing so you have to connect to the hostname – you can’t specify the IP address.
Thanks Joshua for the tip re using hostname rather than IP address when configuring the phone. It worked nicely on the linphone on my macbookpro at home. Dialplans are followed faithfully w/o the problems I experienced earlier. I’ll test using the hostname on the Yealink phone next time I’m in office.
Thanks,
–Ruisheng
I was able to get on the UI of the Yealink T32G and fiddle with the setting. Here’s the setting for TLS transport in
/etc/asterisk/extensions.conf:
[transport-tls]
type = transport
protocol = tls
bind = 0.0.0.0:5061
; ca_list_file = /etc/asterisk/keys/ca.crt
; cert_file = /etc/asterisk/keys/asterisk.crt
; priv_key_file = /etc/asterisk/keys/asterisk.key
cert_file = /etc/asterisk/keys/fullchain.pem
priv_key_file = /etc/asterisk/keys/privkey.pem
method = tlsv1_2
allow_reload = true
Using FQHN for sip server still results in the same error with the phone failing to registered:
[Feb 12 16:55:33] WARNING[2080] pjproject: SSL len: 0 peer:
SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900>
128.171.77.34:45830
I tried to upload my cert.pem (by Letsencrypt) to the phone as one of the trusted certificates and check “accept only trusted certificates”. It didn’t help. Nor does unchecking “accept only trusted certificates”. There seem to be some reports in freepbx forum re trouble setting up yearlink phones with tls transport:
https://community.freepbx.org/t/tls-freepbx-and-yealink/59174
Yealink’s writeup re using security certificates was for certain models/firmware levels, and mine isn’t among them. I guess I’ll probably have to accept that the few Yealink T32G will not play nice with TLS
transport and buy the “sanctioned” models when rolling out the new Asterisk
16.14 server. I may also try my luck with the Cisco 7940/7960 phones that populate most of our offices.
Thanks,
–Ruisheng