[asterisk-users] Grandstream VoIP phones

Fri Aug 31 20:07:05 CDT 2012

Carlos,

So far the experience with DP715 is extremely negative.

It all starts with the WEB interface which is only served on port 80, no
https, period.  There is no login name, just password.

The phone worked as expected with insecure SIP and RTP.  As I started
playing with security the phone started acting up.  It randomly took
calls, then stopped.  It placed calls, then stopped.

Following is a sample of a corrupted SIP message Asterisk receives from
DP715 (pay attention to Call-ID: 477744485-5061-8 at BHC.BH.BDH.HB):

[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 0 [ 14]: SIP/2.0
200 OK
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 1 [ 69]: Via:
SIP/2.0/TLS 172.17.137.11:5061;branch=z9hG4bK2f5ce157;rport=5061
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 2 [ 57]: From:
<sip:*97 at pbx.int.mikhelson.com:5061>;tag=as50c4dc59
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 3 [ 54]: To:
<sip:471 at pbx.int.mikhelson.com:5061>;tag=436538044
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 4 [ 39]: Call-ID:
477744485-5061-8 at BHC.BH.BDH.HB
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 5 [ 13]: CSeq: 102 BYE
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 6 [ 51]: Contact:
<sip:471 at 172.17.137.71:5061;transport=tls>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 7 [ 43]:
Supported: replaces, path, timer, eventlist
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 8 [ 37]:
User-Agent: Grandstream DP715 1.0.0.5
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 9 [ 80]: Allow:
INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 10 [ 17]:
Content-Length: 0

According to RFC 3261, "Call-ID contains a globally unique identifier
for this call, generated by the combination of a random string and the
softphone's host name or IP address."

Interestingly, the problem is intermittent. Some calls go through. 
Asterisk must be able to process these calls from time to time.  Which
is strange on its own.

On top of everything Grandstream's support organization does not seem to
exist for all practical purposes.  I opened the case on 08/22/2012. 
Today, 08/31/2012, I finally received a response, "Sorry for missing
your call yesterday. We checked the syslog you sent to us and seems the
TLS is shut down. I just got some TLS internal test accounts today and
will do a quick test. I'll let you know soon.  It took them 9 days to
start looking into the issue.

I will update this thread with progress.

Regards,
Vladimir

On 8/17/2012 11:30 AM, Carlos Alvarez wrote:
> On Fri, Aug 17, 2012 at 9:08 AM, Vladimir Mikhelson
> <vlad at mikhelson.com <mailto:vlad at mikhelson.com>> wrote:
>
>     My primary interest is security.  Grandstream claims their
>     intermediate and higher-end models support TLS and SRTP.  I am
>     really tired of trying to make Cisco phones to communicate
>     securely with Asterisk.  Cisco has a great security model but one
>     has to have their provisioning server for it to function.
>
>
> We've never had customers ask for this, but if doing so is fairly easy
> we would look at it as just another feature we push.  Do let me know
> how it works out for you.
>
> -- 
> Carlos Alvarez
> TelEvolve
> 602-889-3003
>
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20120831/03e8d446/attachment.htm>