Yealink T4XG phones will not talk to FreePBX 14 over HTTPS
-
I change the autoprovision to
http://pbx.domain.com:84
and boom.
64.53.188.39 - - [06/Oct/2017:10:40:56 -0500] "GET /001565649346.boot HTTP/1.1" 404 215 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46" 64.53.188.39 - - [06/Oct/2017:10:40:56 -0500] "GET /y000000000000.boot HTTP/1.1" 404 216 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46" 64.53.188.39 - - [06/Oct/2017:10:40:56 -0500] "GET /y000000000028.cfg HTTP/1.1" 200 10433 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46" 64.53.188.39 - - [06/Oct/2017:10:40:58 -0500] "GET /T46-28.82.0.20.rom HTTP/1.1" 200 23234624 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46" 64.53.188.39 - - [06/Oct/2017:10:41:02 -0500] "GET /001565649346.cfg HTTP/1.1" 200 4421 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46"
-
@jaredbusch - Not sure if this is related but something I found interesting with my T46S phones are that when I autoprovision them using https they revert back to http. I am using option 66 and point to https://pbx.domain.com:1443. The phones provision fine but when I log into the phone the address under autoprovision is http://pbx.domain.com:83. I am using the endpoint manager module for configuration.
-
@syko24 said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch - Not sure if this is related but something I found interesting with my T46S phones are that when I autoprovision them using https they revert back to http. I am using option 66 and point to https://pbx.domain.com:1443. The phones provision fine but when I log into the phone the address under autoprovision is http://pbx.domain.com:83. I am using the endpoint manager module for configuration.
You get that because that is what Enpoint Manager puts in the config file.
You have to force it to not do that.
-
@syko24
The Endpoint Manager puts this in the basefile for Yealink phones.
So you need to manually override that, or find where that variable gets set to make it use https instead.
-
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@syko24
The Endpoint Manager puts this in the basefile for Yealink phones.
So you need to manually override that, or find where that variable gets set to make it use https instead.
So I would need to select custom under Provision Server Address and enter https://pbx.domain.com:1443 ?
-
@syko24 said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@syko24
The Endpoint Manager puts this in the basefile for Yealink phones.
So you need to manually override that, or find where that variable gets set to make it use https instead.
So I would need to select custom under Provision Server Address and enter https://pbx.domain.com:1443 ?
Well you could probably do HTTP and disable http in SysAdmin -> port management.
Then see what it puts in the file.
-
@syko24 ah, here it is.. Assuming you have SysAdmin pro
-
No good answer from the FreePBX community.
The COO tried to help, but another community member was less than helpful.
I also posted on the Yealink community, but have no answer yet.
http://forum.yealink.com/forum/showthread.php?tid=41194 -
Neither thread has a response worth anything.
This is getting annoying as fuck.
I suspect that a W52/W56 will also not work. I do not have one to test, but I was helping someone setup a W52 a month ago and it would not autoprovision. I was in a hurry and moved on doing that phone manually. I bet this was the problem.
-
So, my T46G at my house will provision over https to FreePBX 14.
-
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
So, my T46G at my house will provision over https to FreePBX 14.
I need a whole lot more information on this as I have tested wit multiple systems.
-
Update: FreePBX devs have been trying to help a little, but this is not a priority to them.
I am at a loss for where to troubleshoot next. I modified the ssl.conf to write to a dedicated log file and all was good, but still no new info. All it ever does is show HTTP error 408 in the ssl_access log. The ssl_error log never has anything.
Getting the log from a Yealink T42G phone I see this.
Phone talking to FreePBX 13:
<134>Oct 8 03:48:37 ATP [1022]: ATP <6+info > Upgrade from com.cfg <134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > Connecting pbx.domain.com:1443 <134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > Connecting IP = 45.XXX.XXX.XXX, Port = 1443 <134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > ssl cipher num is 18 <134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > SSL_connect (read done) <134>Oct 8 03:48:38 LIBD[1022]: DCMN<6+info > SSL_connect (read done) <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > Request Line: GET /y000000000029.cfg HTTP/1.1 <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > Host: pbx.domain.com:1443 <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > User-Agent: Yealink SIP-T42G 29.82.0.20 00:15:65:65:xx:xx <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > process response <133>Oct 8 03:48:38 LIBD[1022]: HTTP<5+notice> response code: 200 <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > Content-Length: 12129 <134>Oct 8 03:48:38 LIBD[1022]: HTTP<6+info > connection: close <133>Oct 8 03:48:38 LIBD[1022]: HTTP<5+notice> response process finish! <133>Oct 8 03:48:38 LIBD[1022]: HTTP<5+notice> recv : 12129 bytes <134>Oct 8 03:48:38 ATP [1022]: ATP <6+info > need_cmp_md5=1 <134>Oct 8 03:48:38 ATP [1022]: ATP <6+info > cfg md5 same! <132>Oct 8 03:48:38 ATP [1022]: ATP <4+warnin> error: phone_setting.inactive_backlight_level <134>Oct 8 03:48:38 ATP [1022]: ATP <6+info > skip item<phone_setting.inactive_backlight_level> <134>Oct 8 03:48:38 ATP [1022]: ATP <6+info > parse item finish
Phone Talking to FreePBX 14:
<134>Oct 8 03:33:08 ATP [780]: ATP <6+info > Upgrade from mac.boot <134>Oct 8 03:33:08 LIBD[780]: DCMN<6+info > Connecting pbx.domain.com:1443 <134>Oct 8 03:33:08 LIBD[780]: DCMN<6+info > Connecting IP = 107.XXX.XXX.XXX, Port = 1443 <134>Oct 8 03:33:08 LIBD[780]: DCMN<6+info > SSL_connect (read done) <134>Oct 8 03:33:08 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.09716529952707398 <134>Oct 8 03:33:08 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:08 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104325120], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:13 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:13 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.8728236330210573 <134>Oct 8 03:33:13 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104321024], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:18 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.649367081619797 <134>Oct 8 03:33:18 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104316928], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:18 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:23 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.6691534391904461 <134>Oct 8 03:33:23 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:23 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104316928], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:28 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.14837767361288257 <134>Oct 8 03:33:28 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:28 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104312832], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:33 Log [900]: WEB <6+info > URI: /servlet?p=settings-autop&q=result&Rajax=0.9179317121887864 <134>Oct 8 03:33:33 Log [900]: WEB <6+info > Partition free(byte): /tmp/ [104288256], /config/ [90112], /data/ [90112] <134>Oct 8 03:33:33 Log [900]: ETLL<6+info > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0] <134>Oct 8 03:33:37 LIBD[780]: DCMN<6+info > SSL_connect write/read error <131>Oct 8 03:33:37 LIBD[780]: HTTP<3+error > Connect Error <131>Oct 8 03:33:37 ATP [780]: ATP <3+error > https to file failed, code = -3, msg = Connect Failed, retry = 1 <134>Oct 8 03:33:37 ATP [780]: ATP <6+info > Wait 0 second to next file transfer!
Notice that the initial connection never completes when talking to FreePBX 14. The phone never gets a cipher like it did with FreePBX 13. This line:
<134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > ssl cipher num is 18
-
ssl.conf is identical between 13 and 14.
Obviously
openssl
is not because one is CentOS 6 based and the other is CentOS 7 based.But I have no idea how to move forward.
-
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
ssl.conf is identical between 13 and 14.
Obviously
openssl
is not because one is CentOS 6 based and the other is CentOS 7 based.But I have no idea how to move forward.
Was about to volunteer to test with a couple T46 units I have but it appears you are well beyond that now.
-
What information do you need?
-
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
What information do you need?
First would be to determine how you got your SSL cert and that it is setup like mine.
Then to confirm the models and firmware levels.
Finally, the best thing would be to drop to an offline conversation and have you whitelist my IP and let me point my phone to your system to confirm your stated behavior.
-
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
What information do you need?
First would be to determine how you got your SSL cert and that it is setup like mine.
Then to confirm the models and firmware levels.
Finally, the best thing would be to drop to an offline conversation and have you whitelist my IP and let me point my phone to your system to confirm your stated behavior.
I used a GoDaddy Certificate, installed through certificate manager and sysadmin module.
Phone is Yealink T46G
Firmware Version 28.81.0.110
Hardware Version 28.2.0.128.0.0.0FreePBX Version Info
-Current PBX Version: 14.0.1.14
-Current System Version: 12.7.3-1708-1.sng7 -
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
What information do you need?
First would be to determine how you got your SSL cert and that it is setup like mine.
Then to confirm the models and firmware levels.
Finally, the best thing would be to drop to an offline conversation and have you whitelist my IP and let me point my phone to your system to confirm your stated behavior.
I used a GoDaddy Certificate, installed through certificate manager and sysadmin module.
Phone is Yealink T46G
Firmware Version 28.81.0.110
Hardware Version 28.2.0.128.0.0.0FreePBX Version Info
-Current PBX Version: 14.0.1.14
-Current System Version: 12.7.3-1708-1.sng7That is not the same process. I used Let's Encrypt. This is good It may narrow the issue to the LE process.
Also did you remove the self signed and set GoDaddy as Default?
Like this:
-
@jaredbusch self signed is still installed, but GoDaddy set as default.
-
@brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:
@jaredbusch self signed is still installed, but GoDaddy set as default.
Are you willing to snapshot your system and then remove the self signed?