Summary: | ASTERISK-27474: PJSIP TLS Unstable | ||
Reporter: | Ross Beer (rossbeer) | Labels: | pjsip |
Date Opened: | 2017-12-11 07:44:40.000-0600 | Date Closed: | 2018-02-09 10:49:32.000-0600 |
Priority: | Major | Regression? | |
Status: | Closed/Complete | Components: | Channels/chan_pjsip |
Versions: | 13.18.2 GIT | Frequency of Occurrence | Constant |
Related Issues: | |||
Environment: | Fedora 23 | Attachments: | ( 0) pjsip_settings.txt ( 1) tls-transport-endpoint-aor.txt |
Description: | When an endpoint is using chan_pjsip TLS and there are a number of TLS connections, Asterisk starts to close connections incorrectly.
This is fairly severe, to the point that any phone doesn't stay registered for more than a few seconds at a time. On performing a Wireshark, it is clear to see that Asterisk is sending FIN packets which in turn close the active TLS connection. I believe this is related to a previous ticket which was resolved by a patch being included with the bundled version 2.6 of PJSIP. ( ASTERISK-27001 and ASTERISK-27347) Other connection-oriented protocols such as TCP are not affected by this issue. | ||
Comments: | By: Asterisk Team (asteriskteam) 2017-12-11 07:44:41.245-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: Ross Beer (rossbeer) 2017-12-12 05:43:48.581-0600 The workaround in ASTERISK-27347 has been tested and does not resolve the issue. By: Matt Fredrickson (mfredrickson) 2017-12-12 16:19:44.011-0600 Hey Ross, How reproducible is this problem (i.e. is there a lab env setup where it's easily reproducible, or is this a thing that only happens on reproduction systems)? If it is reproducible, do you have configs/scenarios available for reproduction purposes? Thanks, Matthew Fredrickson By: Ross Beer (rossbeer) 2017-12-13 03:35:41.122-0600 The issue only appears to be when there are a number of endpoints on a server. For example, on test servers, I am unable to replicate the issue. The issue shows up in two ways, with the phone dropping offline. A Wireshark shows a FIN packet is sent while the phone is idle, therefore the phone keeps re-registering. The second way is if the phone is registered and an outbound call is made, the TLS connection will either end with a FIN packet during the call or when the BYE is sent from the phone. Is there a way I can monitor PJSIP's TLS error responses, in previously reported issues this was caused by PJSIP tearing down a TLS connection at a higher level? By: Ross Beer (rossbeer) 2017-12-13 03:43:20.461-0600 I've just tested with TLS1.2 with the patch https://gerrit.asterisk.org/#/c/7525/, however, I am having the same issue. By: George Joseph (gjoseph) 2017-12-27 15:53:03.670-0600 Can you paste the tls transport config as well as a dump of one of your tls endpoint and aor configs? By: Dmitriy Serov (Demon) 2017-12-28 02:45:01.291-0600 I now have exactly the same problem. Moreover, the aor becomes Unavailable almost instantly after the registration. Attached information on transport, enpoint, aor: "tls-transport-endpoint-aor.txt" By: George Joseph (gjoseph) 2017-12-28 08:20:46.527-0600 [~Demon] can you include the config for system and globals? "pjsip show settings" By: Dmitriy Serov (Demon) 2017-12-29 00:50:21.336-0600 "pjsip show settings" attached. If there are any options that may help - tell me. This problem is really bothering. By: Dmitriy Serov (Demon) 2018-02-24 02:32:44.829-0600 15.3.0-rc1. not fixed yet :( By: Dmitriy Serov (Demon) 2018-06-01 01:35:41.547-0500 15.4.0 not fixed yet :( By: Richard Mudgett (rmudgett) 2018-06-01 07:20:02.817-0500 [~Demon] The issue was fixed for the original reporter. You apparently have a different issue. Please file a new issue with the necessary information. https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines |