Yealink Forums
T4XG series not able to autoprovision over https with FreePBX 14 - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: T4x Series (/forumdisplay.php?fid=31)
+--- Thread: T4XG series not able to autoprovision over https with FreePBX 14 (/showthread.php?tid=41194)



T4XG series not able to autoprovision over https with FreePBX 14 - JaredBusch - 10-06-2017 05:37 PM

You can see this thread on the FreePBX forums for all the details.
https://community.freepbx.org/t/yealink-t4xg-phones-will-not-autoprovision-over-https-with-freepbx-14/44617

But to summarize: The Yealink T42G and T46G will not correctly communicate to over https FreePBX 14 with a Let's Encrypt Cert.

Neither for autoprovisioning https://pbx.domain.com:1443, nor to pull a remote phone book https://pbx.domain.com/contacts.xml

If I change it to http for those, it works perfectly.

If I connect to a FreePBX 13 instance it works perfectly with https or http.


RE: T4XG series not able to autoprovision over https with FreePBX 14 - Michael_Yealink - 10-12-2017 02:33 PM

Hi There

Thanks for your information , and i belive that it is the certificate not correct which may case this issue , you can confirm with elow setps :

1. Disable the "Only accepte trusted certificate" in web site.

2. Auto proviison with https again , it should work.

So my adivse is to use th bulit in certificate for https server , you can find all certficate infrmaiton from below link :

http://support.yealink.com/faq/faqInfo?id=691

BR
Michael


RE: T4XG series not able to autoprovision over https with FreePBX 14 - JaredBusch - 10-17-2017 04:49 AM

(10-12-2017 02:33 PM)zouym Wrote:  Hi There

Thanks for your information , and i belive that it is the certificate not correct which may case this issue , you can confirm with elow setps :

1. Disable the "Only accepte trusted certificate" in web site.

2. Auto proviison with https again , it should work.

So my adivse is to use th bulit in certificate for https server , you can find all certficate infrmaiton from below link :

http://support.yealink.com/faq/faqInfo?id=691

BR
Michael

That is not the problem.
1. I have tested with that setting turned off.
2. I have test by loading hte LE cert from FreePBX into the Trusted Certificates.
3. The Firmware of the T42G and T46G I am testing with is 29.82.0.20 and 28.82.0.20 and these models are supposed to support LE with this firmware.

Inside FreePBX I receive a standard http error code of 408.

From the phone I see this.

Phone talking to FreePBX 13:
Code:
<134>Oct  8 03:48:37 ATP [1022]: ATP <6+info  > Upgrade from com.cfg
<134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > Connecting pbx.domain.com:1443
<134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > Connecting IP = 45.XXX.XXX.XXX, Port = 1443
<134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > ssl cipher num is 18
<134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > SSL_connect (read done)
<134>Oct  8 03:48:38 LIBD[1022]: DCMN<6+info  > SSL_connect (read done)
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > Request Line: GET /y000000000029.cfg HTTP/1.1
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > Host: pbx.domain.com:1443
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > User-Agent: Yealink SIP-T42G 29.82.0.20 00:15:65:65:xx:xx
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > process response
<133>Oct  8 03:48:38 LIBD[1022]: HTTP<5+notice> response code: 200
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > Content-Length: 12129
<134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > connection: close
<133>Oct  8 03:48:38 LIBD[1022]: HTTP<5+notice> response process finish!
<133>Oct  8 03:48:38 LIBD[1022]: HTTP<5+notice> recv : 12129 bytes
<134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > need_cmp_md5=1
<134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > cfg md5 same!
<132>Oct  8 03:48:38 ATP [1022]: ATP <4+warnin> error: phone_setting.inactive_backlight_level
<134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > skip item<phone_setting.inactive_backlight_level>
<134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > parse item finish

Phone Talking to FreePBX 14:
Code:
<134>Oct  8 03:33:08 ATP [780]: ATP <6+info  > Upgrade from mac.boot
<134>Oct  8 03:33:08 LIBD[780]: DCMN<6+info  > Connecting pbx.domain.com:1443
<134>Oct  8 03:33:08 LIBD[780]: DCMN<6+info  > Connecting IP = 107.XXX.XXX.XXX, Port = 1443
<134>Oct  8 03:33:08 LIBD[780]: DCMN<6+info  > SSL_connect (read done)
<134>Oct  8 03:33:08 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.09716529952707398
<134>Oct  8 03:33:08 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:08 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104325120], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:13 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:13 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.8728236330210573
<134>Oct  8 03:33:13 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104321024], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:18 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.649367081619797
<134>Oct  8 03:33:18 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104316928], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:18 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:23 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.6691534391904461
<134>Oct  8 03:33:23 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:23 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104316928], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:28 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.14837767361288257
<134>Oct  8 03:33:28 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:28 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104312832], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:33 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.9179317121887864
<134>Oct  8 03:33:33 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104288256], /config/ [90112], /data/ [90112]
<134>Oct  8 03:33:33 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
<134>Oct  8 03:33:37 LIBD[780]: DCMN<6+info  > SSL_connect write/read error
<131>Oct  8 03:33:37 LIBD[780]: HTTP<3+error > Connect Error
<131>Oct  8 03:33:37 ATP [780]: ATP <3+error > https to file failed, code = -3, msg = Connect Failed, retry = 1
<134>Oct  8 03:33:37 ATP [780]: ATP <6+info  > Wait 0 second to next file transfer!

Notice that the initial connection never completes when talking to FreePBX 14. The phone never gets a cipher like it did with FreePBX 13. This line:
Code:
<134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > ssl cipher num is 18



RE: T4XG series not able to autoprovision over https with FreePBX 14 - JaredBusch - 11-02-2017 11:47 PM

Still unable to resolve this. I have now also tested the same FreePBX install with a GoDaddy SSL cert. That one works fine.

It is only the Let's Encrypt cert that has a problem.

How can I resolve this?

LE cert on FreePBX 13 works. LE cert on FreePBX 14 does not. I have reviewed the code and there are no differences in FreePBX between 13 and 14 in regards to the SSL certificates.

I can access the config files in every browser with no error. It is only the T4XG models (and I assume P but I do not have one to test). The T4XS models work with the LE cert on FreePBX 14.


RE: T4XG series not able to autoprovision over https with FreePBX 14 - Michael_Yealink - 11-23-2017 09:52 AM

Hi There,

Sorry for the inconvenience ,so in order to speed up this issue , would you please kindly provide the pcap file , bin file and level 6 log file to me so that we can submit to R&D for analysis.

Please provide LE cert for us

Please kindly provide auto provision with FreePBX V13 LE cert OK trace files (pcap file , bin file and level 6 log file)

Please kindly provide auto provision with FreePBX V14 LE cert OK trace files (pcap file , bin file and level 6 log file)

As the phone will reboot , then it is advised to use a wireshark tool to get the pcap file , for how to download the tool and use it , please refer to the link below :
http://forum.yealink.com/forum/showthread.php?tid=15529

For the syslog, please export it to server side , before phone reboot , you can refer to the guide download from below link :
http://forum.yealink.com/forum/showthread.php?tid=15529

For the config.bin file , please refer to the FAQ below :
http://support.yealink.com/faq/faqInfo?id=311

After you collect all the three files, just upload them to below link:
http://ftp.yealink.com/?ShareToken=451B59FC3B79AD083C07AAF9C4810C7F0C14B169

Let me know if any question

TKS & BR

Michael
Yealink Wiki : http://support.yealink.com/


RE: T4XG series not able to autoprovision over https with FreePBX 14 - JaredBusch - 02-27-2018 11:20 PM

Just as an update, and I recently had someone with a new FreePBX 14 install using a T19PE2 also have problem with TLS.

I know support asked for all of the above information, but I have limited free time to perform actions like this. So far, I have worked around the issue by not using the LE cert.

This is an easily reproducible issue, that support could test themselves.