[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Secure Yealink - stability?
Author Message
blind_oracle Offline
Junior Member
**

Posts: 4
Joined: May 2015
Reputation: 0
Post: #1
Secure Yealink - stability?
I've got a need to setup secure VoIP system:
1. 802.1x PEAP
2. Configuration encryption
3. TLS
4. SRTP

Phones: T22P, T28P, W52P, T38G, T46G
Testing on T22P with localized fw 7.72.14.6 and global 7.73.0.50

PBX is Asterisk 11.15

I've got it all working, but have stability/speed problems:

1. The phone using SIP TLS is, from time to time, not reachable and not able to make calls. It recovers shortly by itself. From Asterisk the phone apeears UNREACHABLE and the REACHABLE again. And it flaps here and there all the time:
Code:
[May 26 12:45:02] VERBOSE[29264] chan_sip.c:     -- Registered SIP '1699' at 10.1.33.163:3120
[May 26 12:45:02] NOTICE[29264] chan_sip.c: Peer '1699' is now Reachable. (78ms / 2000ms)
[May 26 12:49:07] NOTICE[20945] chan_sip.c: Peer '1699' is now UNREACHABLE!  Last qualify: 94
[May 26 12:49:17] NOTICE[29264] chan_sip.c: Peer '1699' is now Reachable. (80ms / 2000ms)
[May 26 12:54:06] NOTICE[20945] chan_sip.c: Peer '1699' is now UNREACHABLE!  Last qualify: 99
[May 26 12:54:16] NOTICE[29264] chan_sip.c: Peer '1699' is now Reachable. (83ms / 2000ms)
[May 26 12:59:06] NOTICE[20945] chan_sip.c: Peer '1699' is now UNREACHABLE!  Last qualify: 95
[May 26 12:59:16] NOTICE[29264] chan_sip.c: Peer '1699' is now Reachable. (86ms / 2000ms)
[May 26 13:02:07] NOTICE[20945] chan_sip.c: Peer '1699' is now UNREACHABLE!  Last qualify: 80
[May 26 13:02:17] NOTICE[29264] chan_sip.c: Peer '1699' is now Reachable. (92ms / 2000ms)
[May 26 13:06:06] NOTICE[20945] chan_sip.c: Peer '1699' is now UNREACHABLE!  Last qualify: 97
[May 26 13:06:58] NOTICE[29264] chan_sip.c: Peer '1699' is now Reachable. (114ms / 2000ms)
[May 26 13:13:06] NOTICE[20945] chan_sip.c: Peer '1699' is now UNREACHABLE!  Last qualify: 90
[May 26 13:13:16] NOTICE[29264] chan_sip.c: Peer '1699' is now Reachable. (71ms / 2000ms)
[May 26 13:20:06] NOTICE[20945] chan_sip.c: Peer '1699' is now UNREACHABLE!  Last qualify: 81
[May 26 13:20:45] VERBOSE[30199] chan_sip.c:     -- Registered SIP '1699' at 10.1.33.163:2660
[May 26 13:20:45] NOTICE[30199] chan_sip.c: Peer '1699' is now Reachable. (80ms / 2000ms)
[May 26 13:22:49] NOTICE[20945] chan_sip.c: Peer '1699' is now UNREACHABLE!  Last qualify: 79
[May 26 13:23:41] NOTICE[30199] chan_sip.c: Peer '1699' is now Reachable. (84ms / 2000ms)
[May 26 13:25:45] NOTICE[30199] chan_sip.c: Peer '1699' is now Lagged. (3554ms / 2000ms)
[May 26 13:25:45] NOTICE[30199] chan_sip.c: Peer '1699' is now Reachable. (188ms / 2000ms)
[May 26 13:27:49] NOTICE[20945] chan_sip.c: Peer '1699' is now UNREACHABLE!  Last qualify: 72
[May 26 13:28:42] NOTICE[30199] chan_sip.c: Peer '1699' is now Reachable. (73ms / 2000ms)

In the phone's logs there's nothing quite interesting, some TLS errors from time to time:
Code:
May 26 10:08:46 LIBD[352]: DCMN<3+error > SSL_connect select(read) error (Resource temporarily unavailable)
May 26 10:08:46 LIBD[352]: HTTP<3+error > Connect Error
May 26 10:08:46 ATP [352]: ATP <3+error > https to file failed, code = -3, msg = Connect Failed, retry = 1

2. Phone takes almost 5 minutes to download stuff from HTTPS server. It downloads 5 XML phonebooks (total size around 50k), firmware, dialnow, certificates, config. Here's the server's log for the bootup:
Code:
[26/May/2015:14:47:46 +0300] "GET /yealink-test/dm1867/y000000000005.cfg HTTP/1.1" 200 4050 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:48:08 +0300] "GET /yealink/phonebooks/phonebook_a.xml HTTP/1.1" 200 13265 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:48:10 +0300] "GET /yealink/phonebooks/phonebook_b.xml HTTP/1.1" 200 391 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:48:16 +0300] "GET /yealink/phonebooks/phonebook_c.xml HTTP/1.1" 200 25620 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:48:31 +0300] "GET /yealink/tls/ca-linux-2048.domain.ru.pem HTTP/1.1" 200 1659 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:48:32 +0300] "GET /yealink/phonebooks/phonebook_d.xml HTTP/1.1" 200 11529 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:48:52 +0300] "GET /yealink/phonebooks/phonebook_e.xml HTTP/1.1" 200 5940 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:48:54 +0300] "GET /yealink/tls/yealink-sip.pem HTTP/1.1" 200 3205 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:49:49 +0300] "GET /yealink/dialnow.xml HTTP/1.1" 200 206 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:50:00 +0300] "GET /yealink/tls/ca-linux-2048.domain.ru.pem HTTP/1.1" 200 1659 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:50:10 +0300] "GET /yealink/tls/yealink-dot1x.pem HTTP/1.1" 200 3213 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:50:22 +0300] "GET /yealink-test/fw/T22_7.73.0.50.rom HTTP/1.1" 200 7321150 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:50:33 +0300] "GET /yealink-test/dm1867/0015654e2687.cfg HTTP/1.1" 404 316 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:50:44 +0300] "GET /yealink-test/dm1867/y000000000005.cfg HTTP/1.1" 200 4050 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:50:56 +0300] "GET /yealink/tls/ca-linux-2048.domain.ru.pem HTTP/1.1" 200 1659 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:51:07 +0300] "GET /yealink/tls/yealink-sip.pem HTTP/1.1" 200 3205 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:51:19 +0300] "GET /yealink/dialnow.xml HTTP/1.1" 200 206 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:51:30 +0300] "GET /yealink/tls/ca-linux-2048.domain.ru.pem HTTP/1.1" 200 1659 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:52:16 +0300] "GET /yealink/tls/yealink-dot1x.pem HTTP/1.1" 200 3213 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:52:27 +0300] "GET /yealink-test/fw/T22_7.73.0.50.rom HTTP/1.1" 200 7321150 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"
[26/May/2015:14:52:38 +0300] "GET /yealink-test/dm1867/0015654e2687.cfg HTTP/1.1" 404 316 "-" "Yealink SIP-T22P 7.73.0.50 00:15:65:4e:26:87"

It's not a problem by itself, but there seems to be a problem with phone's performance.

Is there anything i can do to make it send and receive calls stable?
Maybe some tweaks needed? Phone's syslog attached.

P.S.
The certificates are usual 2048-bit SHA1, so it shouldn't be too hard for the phone's CPU to handle them.


Attached File(s)
.tar  syslog (2).tar (Size: 65.5 KB / Downloads: 1)
(This post was last modified: 05-26-2015 09:49 PM by blind_oracle.)
05-26-2015 07:39 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
Secure Yealink - stability? - blind_oracle - 05-26-2015 07:39 PM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Yealink C920 password issue DaveK 3 1,465 09-11-2020 12:02 PM
Last Post: complex1
  Modern Yealink Phonebook Generation Tool rgranholm 2 2,990 04-30-2020 09:03 PM
Last Post: rgranholm
  Multicast / Paging / Intercom - Yealink T58 Ryandh 20 26,435 04-30-2020 03:23 PM
Last Post: Chris708
  Disable TLS 1.0 and less secure Cipher Suites esachs4 1 1,520 10-07-2019 10:38 AM
Last Post: complex1
  YEALINK AUTO PROVISION Dmitryche 1 1,776 08-09-2019 09:25 AM
Last Post: Paz_Yealink
Question 3CX / Yealink passthrough VLAN issue (when phone is rebooted) maindriver 3 2,418 08-01-2019 12:19 PM
Last Post: Evan_Yealink
  Yealink Dialplan Alain 0 1,771 09-19-2018 05:10 PM
Last Post: Alain
  Yealink T48S displays message "No service" David K L 1 3,904 04-17-2018 03:39 AM
Last Post: Paul_Yealink
  Yealink Dial Plan RobertCrawford 8 8,778 03-09-2018 06:38 AM
Last Post: Johnny88
  Yealink secure certificates and disabling ciphers Scot E. 1 3,215 12-29-2017 03:40 AM
Last Post: Lucia_Yealink

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication