TLS - Unauthorized Response To INVITE halts call on TLS close [SOLVED]
I've noticed on my T32 that with TLS enabled, the phone seemingly fails to process calls every now and then. The phone sends an INVITE out and the switch responds with a 401 Unauthorized (normal). The phone responds with an ACK. From here it tries another INVITE, but apparently the TLS port is closed. It correctly tries to REGISTER again and succeeds, but it doesn't retry the INVITE. I would expect the phone to retry the INVITE after the REGISTER succeeds. I'm using SRTP as well for what it's worth.
Below is a trace from the Yealink log. I wiped out some items that I didn't want to be public.
453701 Mar 20 16:13:21 192.168.1.184 syslog[407]: INVITE sip:7796798@blah:MYPORT SIP/2.0
453702 Mar 20 16:13:21 192.168.1.184 syslog[407]: Via: SIP/2.0/TLS 192.168.1.184:37114;branch=z9hG4bK45311475
453703 Mar 20 16:13:21 192.168.1.184 syslog[407]: From: "Jim Beckner III" <sip:001565408257@blah:MYPORT>;tag=246342062
453704 Mar 20 16:13:21 192.168.1.184 syslog[407]: To: <sip:7796798@blah:MYPORT>
453705 Mar 20 16:13:21 192.168.1.184 syslog[407]: Call-ID: 943985186@192.168.1.184
453706 Mar 20 16:13:21 192.168.1.184 syslog[407]: CSeq: 1 INVITE
453707 Mar 20 16:13:21 192.168.1.184 syslog[407]: Contact: <sip:001565408257@192.168.1.184:37114;transport=TLS>
453708 Mar 20 16:13:21 192.168.1.184 syslog[407]: Content-Type: application/sdp
453709 Mar 20 16:13:21 192.168.1.184 syslog[407]: Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REG ISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
453710 Mar 20 16:13:21 192.168.1.184 syslog[407]: Max-Forwards: 70
453711 Mar 20 16:13:21 192.168.1.184 syslog[407]: User-Agent: Yealink SIP-T32G 32.70.1.33
453712 Mar 20 16:13:21 192.168.1.184 syslog[407]: Supported: replaces
453713 Mar 20 16:13:21 192.168.1.184 syslog[407]: Allow-Events: talk,hold,conference,refer,check-sync
453714 Mar 20 16:13:21 192.168.1.184 syslog[407]: Content-Length: 486
453715 Mar 20 16:13:21 192.168.1.184 syslog[407]:
453716 Mar 20 16:13:21 192.168.1.184 syslog[407]: v=0
453717 Mar 20 16:13:21 192.168.1.184 syslog[407]: o=- 20016 20016 IN IP4 192.168.1.184
453718 Mar 20 16:13:21 192.168.1.184 syslog[407]: s=SDP data
453719 Mar 20 16:13:21 192.168.1.184 syslog[407]: c=IN IP4 192.168.1.184
453720 Mar 20 16:13:21 192.168.1.184 syslog[407]: t=0 0
453721 Mar 20 16:13:22 192.168.1.184 syslog[407]: m=audio 11796 RTP/SAVP 9 0 101
453725 Mar 20 16:13:22 192.168.1.184 syslog[407]: a=rtpmap:9 G722/8000
453726 Mar 20 16:13:22 192.168.1.184 syslog[407]: a=rtpmap:0 PCMU/8000
453727 Mar 20 16:13:22 192.168.1.184 syslog[407]: a=fmtp:101 0-15
453728 Mar 20 16:13:22 192.168.1.184 syslog[407]: a=rtpmap:101 telephone-event/8000
453729 Mar 20 16:13:22 192.168.1.184 syslog[407]: a=ptime:20
453730 Mar 20 16:13:22 192.168.1.184 syslog[407]: a=sendrecv
THE UNAUTHORIZED COMES HERE. I ONLY CLIPPED OUT THE TOP OF THE MESSAGE
453733 Mar 20 16:13:22 192.168.1.184 syslog[407]: SIP/2.0 401 Unauthorized
THE PHONE ACKS AND RESPONDS AGAIN. AGAIN I ONLY CLIPPED OUT THE TOP AS THE INVITE IS WHAT YOU SEE ABOVE WITH THE AUTH HEADER
453761 Mar 20 16:13:22 192.168.1.184 syslog[407]: INVITE sip:7796798@BLAH:MYPORT SIP/2.0
453793 Mar 20 16:13:22 192.168.1.184 syslog[407]: <0> | ERROR | SSL ERROR ZERO RETURN - SHUTDOWN
453794 Mar 20 16:13:22 192.168.1.184 syslog[407]: <0> |WARNING| TLS closed
453795 Mar 20 16:13:22 192.168.1.184 syslog[407]: <0> | LEVEL4 | Register status changed to [(LS_REGISTER_FAIL) -- (3)], reason = [<info failid="" failreason=""/>]
AT THIS POINT THE TLS PORT CLOSED FOR WHATEVER REASON. THE PHONE REGISTERS 3 SECONDS LATER.
453962 Mar 20 16:13:25 192.168.1.184 syslog[407]: REGISTER sip:BLAH:MYPORT SIP/2.0
THE PHONE GETS THE OK BACK ON THE REGISTER
454032 Mar 20 16:13:25 192.168.1.184 syslog[407]: SIP/2.0 200 OK
AT THIS POINT I WOULD EXPECT THE PHONE TO TRY THE INVITE AGAIN, BUT IT DOESN'T. IT EVENTUALLY JUST GIVES THE "CALL TIMEOUT" MESSAGE ON THE SCREEN OF THE PHONE. THE VERY NEXT CALL I MAKE WORKS AS EXPECTED.
I'M GOING TO SHORTEN THE QUALIFY TIME ON MY ASTERISK SERVER TO SEE IF I CAN PREVENT THE TLS PORT FROM SHUTTING, BUT EITHER WAY THIS SEEMS LIKE A BUG TO ME. I CAN PROVIDE THE FULL LOG IN A PM IF DESIRED.
(This post was last modified: 06-22-2015 11:32 PM by kg4ysy.)
|