Yealink T22P - No audio using secure SIP

Discussion in '3CX Phone System - General' started by JST, Dec 10, 2017.

Thread Status:
Not open for further replies.
  1. JST

    JST New Member

    Joined:
    Jan 8, 2017
    Messages:
    107
    Likes Received:
    1
    Here is some more information about my environment:

    It's a home and home office environment with one Cisco 7975G, one Yealink T22P and a Yealink W60P with two handsets.

    Secure SIP is working well for the Yealink W60P, but while the Yealink T22P registers just fine, there is no audio during calls. While the phones sit on a different subnet, they can easily reach the 3CX subnet using an IPSec VPN. So, it shouldn't be a NAT issue.

    All Yealink phones are provisioned by 3CX. Once provisioned, I have uploaded the certificate, changed the transport protocol to TLS and enabled secure RTP. I have left all ports unchanged.

    Is anybody using a similar setup successfully? Any feedback is appreciated!
     
  2. eddv123

    eddv123 Active Member

    Joined:
    Aug 15, 2017
    Messages:
    875
    Likes Received:
    131
    NickD_3CX likes this.
  3. JST

    JST New Member

    Joined:
    Jan 8, 2017
    Messages:
    107
    Likes Received:
    1
    Thank you for getting back to me!

    Yes, I have activated that option. It shows as "RTP Encryption (SRTP)" under Account -> Advanced.

    I have also followed the guide shown in your link.

    Like I said, it worked fine for the Yealink W56P, but not for the Yealink T22P. Addmittingly, the setup between the two is somewhat different (one is just a phone and the other one is setup as FXS / DECT), but I also took the effort to compare both firmware settings (not so easy since many settings use different labels or are on different tabs).

    I am also quite sure that the phone settings itself are correct because I can get the phone to work by just disabling SRTP and switching the transport protocol from TLS to SIP.

    Maybe the FXS / DECT is doing an additional step that isn't documented in the guide? Or, the Yealink T22P simply can't use TLS? The odd thing is that I don't even see any connection attempt once the phone is switched to secure SIP.
     
  4. eddv123

    eddv123 Active Member

    Joined:
    Aug 15, 2017
    Messages:
    875
    Likes Received:
    131
    Hi JST,

    The main differences (besides physical) between the two are the way these phones provision.

    It might be also worth asking how you have setup the W60P, as this is currently not a supported model, I do hear it will be supported in the next service pack however (which apparently is nearly upon us).

    Have you used one of the other DECT templates - or set the units up manually ?

    Looking closer at a provisioning files for the T22p and the DECT models I can see that the Yealink.ph.xml (which includes the T22P) has settings for both sRTP and TLS where the DECTs do not.

    Are you sure the W56 is using secure SIP ? have you run a trace to confirm. This will be obvious with Wireshark as the TLS part of the call is not even recognized by Wireshark as SIP.
     
    #4 eddv123, Dec 11, 2017
    Last edited: Dec 11, 2017
  5. JST

    JST New Member

    Joined:
    Jan 8, 2017
    Messages:
    107
    Likes Received:
    1
    Well, I have just selected the Yealink W56P from the list. I figured there isn't much difference between the two devices... ;)

    Glad to hear that there will be native support for it in the next release though!

    For the W56, I first provisioned the base station and then I applied manual configuration changes following the guide on the 3CX web page.

    While I didn't run a trace, I can see the phones registering using TLS in the 3CX log. I also made the sRTP setting obligatory. So, unless there is a bug in the firmware, it must be using TLS for SIP and sRTP. Or, so I assume...
     
  6. eddv123

    eddv123 Active Member

    Joined:
    Aug 15, 2017
    Messages:
    875
    Likes Received:
    131
    Certainly sounds fine.

    Where are these phones located, are they remote to a hosted 3CX system or are they local/on premise ?

    Bit of a long-shot but as a test (since this is an audio related issue) if you enable "PBX delivers audio" on the T22P extensions does it alter the behavior at all ?
     
  7. JST

    JST New Member

    Joined:
    Jan 8, 2017
    Messages:
    107
    Likes Received:
    1
    The 3CX system is hosted on hardware owned by my company in a data center and the phones are located in my home and home office. My home (Cisco Meraki MX) is using a business grade internet connection to connect to the data center (Sophos UTM) using an IPSec Site-to-Site VPN connection.

    As such, the remote network is available as a local subnet which should work without NAT.

    The odd thing is that it seems to me that the Yealink T22P isn't even trying to register once it is switched to TLS. I mean I don't see any connection attempts in the 3CX log.

    I guess I need to setup some kind of network trace environment to get better data. I was just hoping that someone can at least tell me that they are using a Yealink T22P with secure SIP successfully.

    I will also try the "PBX delivers audio" function, but I don't see why I would have to use that in my scenario.
     
    #7 JST, Dec 11, 2017
    Last edited: Dec 11, 2017
Thread Status:
Not open for further replies.