• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

yealink T46x DIRECT STUN TLS + SRTP no BLF

Status
Not open for further replies.

twindscheif

Customer
Advanced Certified
Joined
Jul 10, 2018
Messages
25
Reaction score
10
Hi there,

i tried to configure a yealink T46S without using SBC to connect to 3CX securely via DIRECT provisioning.
I customized the template to use Port tcp/5061 and SRTP in compulsory-mode. This works fine.
I also noticed that i need to configure the outbound proxy pointing to the 3cx, otherwise the calls are running a while after i already hung up. Audio, signalling (ringing of phone) and dialing works without problems.

But with enabling TLS as transport_type on the phone, the BLF-Key doesnt work any more.
I cannot see a green or red light, just a red X on the icon. On the 3cx Phoneclient and the 3CX app i see the extension marked as green. Is there anything i missed to configure to get BLF with TLS working?

V15.6
Firewall Check on 3CX OK
All Template updates installed (cloned the newest)
current supported FW for yealink installed.

Regards,
Thomas
 
So when I first started with 3CX years ago I tested SRTP with Yealink phones. I noticed that either Shared Parking or BLF (I forget which) would not light up, but did work. I opened a ticket with 3CX who told me to go talk to Yealink which confused me since you would think their partnership with their recommend phone provider would mean it would be more effective for them to test and communicate directly. After looking at the Yealink forums I just said forget it. Fast forward to v15 release and 3CX's proclamation of being 'the most secure PBX' which has since been removed. TLS implementation is still garbage and apparently SRTP still doesn't work. I'm hoping 3CX at some point will make TLS easy with 3CX FQDNs and LE, at least for supported phones I'm not holding my breath.

Good luck in your quest.
 
We have the same config as twindscheif but we try to use the T54S. Also no luck of course.
 
I was able to replicate the issue using a T56s and TLS provisioning. The issue however does not affect all Yealink phones as 2 other devices i tried worked.
We have contacted Yealink about this so they can check as well and confirm the issue. If a solution is provided i will let you know.
 
I was able to replicate the issue using a T56s and TLS provisioning. The issue however does not affect all Yealink phones as 2 other devices i tried worked.
We have contacted Yealink about this so they can check as well and confirm the issue. If a solution is provided i will let you know.

glad to hear that we are not alone ;).
I also opened a case at yealink some days before. At this time they said, they don't know this issue.

Regards,
Thomas
 
BLF also doesn't work if just use TCP-Connection for SIP-transport on yealink T46S.
So its not just a problem with TLS.

Regards,
Thomas
 
Finally it got it working with a bit "trail and error" ;).
If i change "RPort"-Configuration in advanced account settings to "enable direct process" (account.X.nat.rport) BLF-LEDs now work like a charm.

Addtionally i tested outgoing and incoming calls, which also work without issues.
I don't know what additional implications are maybe caused through this setting.
Could 3CX tell use more about the setting?

I will report my results and my question also to yealink.

Regards,
Thomas
 

Attachments

  • yealink_SecureSIP_SRTP_BLF_not_working_Rport.jpg
    yealink_SecureSIP_SRTP_BLF_not_working_Rport.jpg
    66.1 KB · Views: 111
  • Like
Reactions: marcus1 and Coltar
nice. it works perfect now indeed. thx alot.:):):)
 
Finally it got it working with a bit "trail and error" ;).
If i change "RPort"-Configuration in advanced account settings to "enable direct process" (account.X.nat.rport) BLF-LEDs now work like a charm.

Addtionally i tested outgoing and incoming calls, which also work without issues.
I don't know what additional implications are maybe caused through this setting.
Could 3CX tell use more about the setting?

I will report my results and my question also to yealink.
We have narrowed down the issue to that parameter as well so after we run the necessary tests to make sure this is not affecting anything else we will release an updated template that includes that value. Thank you for reporting this.
 
I got an answer from yealink Support with their reasearch results:

The issue is caused by the private IP address used in the notify message when the TLS is used, and when rport=1, the server will reply to the message according to the actual address it received; and when rport=2, the public address returned by the server will be used.



In this case, please set rport=2 to fix this issue; when UDP is used, there is no such issue.
 
  • Like
Reactions: marcus1 and Coltar
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Forum statistics

Threads
141,627
Messages
748,922
Members
144,741
Latest member
Boykins_54
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.