Yealink T4XG phones will not talk to FreePBX 14 over HTTPS
-
Right I want some one to provision one of their T4XS phones to my FreePBX 14 instance from a factory default state.
-
@JaredBusch is your phone on the latest firmware?
-
@dashrender said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@JaredBusch is your phone on the latest firmware?
Have tested the G models on various firmware versions, including current.
-
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
Right I want some one to provision one of their T4XS phones to my FreePBX 14 instance from a factory default state.
I'm available to do that.
-
Just tested a T42S with @EddieJennings. It worked perfectly.
So the issue is 100% the G models and SSL.
-
looking for the logs, I cannot find anything. when a valid system hits, I can see it in access_log.
The ssl_error log is empty and has been since 2016.
The only thing I see in access_log is repeated timeouts when I tell the phone to provision with https
64.53.188.39 - - [06/Oct/2017:10:29:17 -0500] "-" 408 - "-" "-" 64.53.188.39 - - [06/Oct/2017:10:29:46 -0500] "-" 408 - "-" "-" 64.53.188.39 - - [06/Oct/2017:10:30:16 -0500] "-" 408 - "-" "-" 64.53.188.39 - - [06/Oct/2017:10:30:45 -0500] "-" 408 - "-" "-"
-
[root@pbx ~]# ls -l /var/log/httpd total 46104 -rw-r--r-- 1 root root 6784013 Oct 6 10:31 access_log -rw-r--r-- 1 root root 101243 Sep 11 03:24 access_log-20170911 -rw-r--r-- 1 root root 908614 Sep 17 03:23 access_log-20170917 -rw-r--r-- 1 root root 1014085 Sep 25 09:25 access_log-20170925 -rw-r--r-- 1 root root 38078761 Oct 1 03:37 access_log-20171001 -rw-r--r-- 1 root root 2742 Oct 5 10:05 error_log -rw-r--r-- 1 root root 12883 Sep 11 03:47 error_log-20170911 -rw-r--r-- 1 root root 8360 Sep 17 06:59 error_log-20170917 -rw-r--r-- 1 root root 3305 Sep 25 09:29 error_log-20170925 -rw-r--r-- 1 root root 1587 Oct 1 03:37 error_log-20171001 -rw-r--r-- 1 root root 0 Oct 16 2016 ssl_access_log -rw-r--r--. 1 root root 21393 Oct 2 2016 ssl_access_log-20161002 -rw-r--r-- 1 root root 59064 Oct 9 2016 ssl_access_log-20161009 -rw-r--r-- 1 root root 8669 Oct 10 2016 ssl_access_log-20161016 -rw-r--r-- 1 root root 0 Oct 16 2016 ssl_error_log -rw-r--r--. 1 root root 10997 Oct 2 2016 ssl_error_log-20161002 -rw-r--r-- 1 root root 14011 Oct 9 2016 ssl_error_log-20161009 -rw-r--r-- 1 root root 1947 Oct 10 2016 ssl_error_log-20161016 -rw-r--r-- 1 root root 0 Oct 16 2016 ssl_request_log -rw-r--r--. 1 root root 23391 Oct 2 2016 ssl_request_log-20161002 -rw-r--r-- 1 root root 69536 Oct 9 2016 ssl_request_log-20161009 -rw-r--r-- 1 root root 9621 Oct 10 2016 ssl_request_log-20161016
-
I change the autoprovision to
http://pbx.domain.com:84
and boom.
64.53.188.39 - - [06/Oct/2017:10:40:56 -0500] "GET /001565649346.boot HTTP/1.1" 404 215 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46" 64.53.188.39 - - [06/Oct/2017:10:40:56 -0500] "GET /y000000000000.boot HTTP/1.1" 404 216 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46" 64.53.188.39 - - [06/Oct/2017:10:40:56 -0500] "GET /y000000000028.cfg HTTP/1.1" 200 10433 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46" 64.53.188.39 - - [06/Oct/2017:10:40:58 -0500] "GET /T46-28.82.0.20.rom HTTP/1.1" 200 23234624 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46" 64.53.188.39 - - [06/Oct/2017:10:41:02 -0500] "GET /001565649346.cfg HTTP/1.1" 200 4421 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46"
-
@jaredbusch - Not sure if this is related but something I found interesting with my T46S phones are that when I autoprovision them using https they revert back to http. I am using option 66 and point to https://pbx.domain.com:1443. The phones provision fine but when I log into the phone the address under autoprovision is http://pbx.domain.com:83. I am using the endpoint manager module for configuration.
-
@syko24 said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch - Not sure if this is related but something I found interesting with my T46S phones are that when I autoprovision them using https they revert back to http. I am using option 66 and point to https://pbx.domain.com:1443. The phones provision fine but when I log into the phone the address under autoprovision is http://pbx.domain.com:83. I am using the endpoint manager module for configuration.
You get that because that is what Enpoint Manager puts in the config file.
You have to force it to not do that.
-
@syko24
The Endpoint Manager puts this in the basefile for Yealink phones.
So you need to manually override that, or find where that variable gets set to make it use https instead.
-
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@syko24
The Endpoint Manager puts this in the basefile for Yealink phones.
So you need to manually override that, or find where that variable gets set to make it use https instead.
So I would need to select custom under Provision Server Address and enter https://pbx.domain.com:1443 ?
-
@syko24 said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@syko24
The Endpoint Manager puts this in the basefile for Yealink phones.
So you need to manually override that, or find where that variable gets set to make it use https instead.
So I would need to select custom under Provision Server Address and enter https://pbx.domain.com:1443 ?
Well you could probably do HTTP and disable http in SysAdmin -> port management.
Then see what it puts in the file.
-
@syko24 ah, here it is.. Assuming you have SysAdmin pro
-
No good answer from the FreePBX community.
The COO tried to help, but another community member was less than helpful.
I also posted on the Yealink community, but have no answer yet.
http://forum.yealink.com/forum/showthread.php?tid=41194 -
Neither thread has a response worth anything.
This is getting annoying as fuck.
I suspect that a W52/W56 will also not work. I do not have one to test, but I was helping someone setup a W52 a month ago and it would not autoprovision. I was in a hurry and moved on doing that phone manually. I bet this was the problem.
-
So, my T46G at my house will provision over https to FreePBX 14.
-
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
So, my T46G at my house will provision over https to FreePBX 14.
I need a whole lot more information on this as I have tested wit multiple systems.
-
Update: FreePBX devs have been trying to help a little, but this is not a priority to them.
I am at a loss for where to troubleshoot next. I modified the ssl.conf to write to a dedicated log file and all was good, but still no new info. All it ever does is show HTTP error 408 in the ssl_access log. The ssl_error log never has anything.
Getting the log from a Yealink T42G phone I see this.
Phone talking to FreePBX 13:
<134>Oct 8 03:48:37 ATP [1022]: ATP <6+info > Upgrade from com.cfg <134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > Connecting pbx.domain.com:1443 <134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > Connecting IP = 45.XXX.XXX.XXX, Port = 1443 <134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > ssl cipher num is 18 <134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > SSL_connect (read done) <134>Oct 8 03:48:38 LIBD[1022]: DCMN<6+info > SSL_connect (read done) <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > Request Line: GET /y000000000029.cfg HTTP/1.1 <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > Host: pbx.domain.com:1443 <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > User-Agent: Yealink SIP-T42G 29.82.0.20 00:15:65:65:xx:xx <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > process response <133>Oct 8 03:48:38 LIBD[1022]: HTTP<5+notice> response code: 200 <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > Content-Length: 12129 <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > connection: close <133>Oct 8 03:48:38 LIBD[1022]: HTTP<5+notice> response process finish! <133>Oct 8 03:48:38 LIBD[1022]: HTTP<5+notice> recv : 12129 bytes <134>Oct 8 03:48:38 ATP [1022]: ATP <6+info > need_cmp_md5=1 <134>Oct 8 03:48:38 ATP [1022]: ATP <6+info > cfg md5 same! <132>Oct 8 03:48:38 ATP [1022]: ATP <4+warnin> error: phone_setting.inactive_backlight_level <134>Oct 8 03:48:38 ATP [1022]: ATP <6+info > skip item<phone_setting.inactive_backlight_level> <134>Oct 8 03:48:38 ATP [1022]: ATP <6+info > parse item finish
Phone Talking to FreePBX 14:
<134>Oct 8 03:33:08 ATP [780]: ATP <6+info > Upgrade from mac.boot <134>Oct 8 03:33:08 LIBD[780]: DCMN<6+info > Connecting pbx.domain.com:1443 <134>Oct 8 03:33:08 LIBD[780]: DCMN<6+info > Connecting IP = 107.XXX.XXX.XXX, Port = 1443 <134>Oct 8 03:33:08 LIBD[780]: DCMN<6+info > SSL_connect (read done) <134>Oct 8 03:33:08 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.09716529952707398 <134>Oct 8 03:33:08 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:08 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104325120], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:13 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:13 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.8728236330210573 <134>Oct 8 03:33:13 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104321024], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:18 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.649367081619797 <134>Oct 8 03:33:18 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104316928], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:18 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:23 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.6691534391904461 <134>Oct 8 03:33:23 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:23 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104316928], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:28 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.14837767361288257 <134>Oct 8 03:33:28 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:28 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104312832], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:33 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.9179317121887864 <134>Oct 8 03:33:33 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104288256], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:33 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:37 LIBD[780]: DCMN<6+info > SSL_connect write/read error <131>Oct 8 03:33:37 LIBD[780]: HTTP<3+error > Connect Error <131>Oct 8 03:33:37 ATP [780]: ATP <3+error > https to file failed, code = -3, msg = Connect Failed, retry = 1 <134>Oct 8 03:33:37 ATP [780]: ATP <6+info > Wait 0 second to next file transfer!
Notice that the initial connection never completes when talking to FreePBX 14. The phone never gets a cipher like it did with FreePBX 13. This line:
<134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > ssl cipher num is 18
-
ssl.conf is identical between 13 and 14.
Obviously
openssl
is not because one is CentOS 6 based and the other is CentOS 7 based.But I have no idea how to move forward.