Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote SIP Phones

Status
Not open for further replies.

wpetilli

Technical User
Joined
May 17, 2011
Messages
1,877
Location
US
I have provisioned around 30+ J169 SIP phones and tested every single one of them off a dirty Internet connection and ensured each extension logged in successfully. I have a user who received the phone and it sits at acquiring service and it doesn't go away. I log this user into my remote SIP phone and it works instantly. As stated, I definitely tested every one of these phones before shipping out. What can be the issue here? Is it the user's home Internet? Seems to pass the login portion and sits at acquiring service.

 
Maybe carrier grade NAT? If they check their public IP on their router - not by googling it - do they get a 10.?
 
I had the user boot the phone while I had a trace up on the SBC and it gets a fatal alert on the cert exchange (unknown CA). I looked at the cert the SBC is presenting and the phone identity cert. Not seeing why this would fail. I know I tested this phone before it went out. No doubt about it.
 
phone identity cert is 1 thing - the SBC must trust that authority.
SBC cert to the phone is another thing - the phone must trust that authority

So, unless you staged them in the office and the phone hit the same IP on the same signaling interface of the SBC with the same TLS Server Profile offering the same cert as the internet interface had, you'd have to trace back to be sure that the phone is receiving the same cert from the SBC on the internet than when it did when it was staged in the office. and that it came from the same CA
 
Only other thing I can think of is the trust certs somehow didn't get installed on the phone, but I'm very certain I put these on my home internet and ensured a successful login before I shipped out.
 
Maybe, maybe not. Unknown CA means something doesn't trust the authority having issued a cert. Either the phone not trusting the SBC's issuing CA or vice versa

If you can pcap it - like tshark -i B1 port 5061 -w /tmp/my.pcap while it happens then chmod 777 /tmp/*.pcap and mv /tmp/*.pcap /home/ipcs you can get it off with WinSCP

You can also extract the cert from the packet capture to be damn sure
 
so weird because there are other phones I shipped out that came online straight away. Same exact process.. Same SCEP process.. Same folder/file. the traceSBC isn't sufficient for that? I'll try the pcap.
 
might be, but its better to get it right off the wire
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top