[asterisk-users] Grandstream VoIP phones

Vladimir Mikhelson vlad at mikhelson.com
Fri Aug 31 21:14:28 CDT 2012


Bryant,

Thank you for the reply.

It looks like either I was very unlucky with the support engineer my SR
was assigned to or you were extremely lucky.  Or maybe Grandstream
singles you or your company out for some reason.

My test is plain vanilla.

 1. Enable SIPS and SRTP for an extension in Asterisk 1.8.15
 2. Sign a certificate on the Asterisk server and provision it manually
    to the DP715
 3. Try calling back and forth.

My plan was to spend 30 minutes to an hour to test the above and then
move to the real-life scenarios.  So far I spent 9 days, with no help
from Grandstream whatsoever, toying with this test and making no progress.

The features they must have for real-life deployments:

  * HTTPS on the setup portal with normal set of credentials, i.e. user
    name and password
  * Ability to disable HTTP/HTTPS
  * SSH vs telnet
  * Ability to send host name or other CN not equal to the phone IP in
    TLS negotiation

I will probably have more after I am past my step 0 testing.

Thank you,
Vladimir



On 8/31/2012 8:55 PM, Bryant Zimmerman wrote:
> Vladimir
>
> We are testing the DP715 very aggressively. We have been please with
> the units for the most part, but we too have been working bugs with
> Grandstream. We have several in so far and a number of feature
> requests as well. I deal directly with several of the support
> engineers and they bring in the developers when necessary. I would be
> open to working with you on your issue. If I can create validation
> tests for your items and reproduce the issue I have had great success
> getting them to take note and address issues they really do want to
> address issues. In less than two weeks they have given me test builds
> address two of our issues and they are working on several others.
> Because of the cooperation of Grandsteam we are close to being able to
> offer the DP715 phones to our customers. Even then they will have more
> items to address to allow for full feature deployments but they are
> serious about the DP715 product.
>
> Thanks
>
> Bryant Zimmerman (ZK Tech Inc.)
>
> ------------------------------------------------------------------------
> *From*: "Vladimir Mikhelson" <vlad at mikhelson.com>
> *Sent*: Friday, August 31, 2012 9:07 PM
> *To*: "Asterisk Users Mailing List - Non-Commercial Discussion"
> <asterisk-users at lists.digium.com>
> *Subject*: Re: [asterisk-users] Grandstream VoIP phones
>
> Carlos,
>
> So far the experience with DP715 is extremely negative.
>
> It all starts with the WEB interface which is only served on port 80,
> no https, period.  There is no login name, just password.
>
> The phone worked as expected with insecure SIP and RTP.  As I started
> playing with security the phone started acting up.  It randomly took
> calls, then stopped.  It placed calls, then stopped.
>
> Following is a sample of a corrupted SIP message Asterisk receives
> from DP715 (pay attention to Call-ID: 477744485-5061-8 at BHC.BH.BDH.HB):
>
> [2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 0 [ 14]: SIP/2.0
> 200 OK
> [2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 1 [ 69]: Via:
> SIP/2.0/TLS 172.17.137.11:5061;branch=z9hG4bK2f5ce157;rport=5061
> [2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 2 [ 57]: From:
> <sip:*97 at pbx.int.mikhelson.com:5061>;tag=as50c4dc59
> [2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 3 [ 54]: To:
> <sip:471 at pbx.int.mikhelson.com:5061>;tag=436538044
> [2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 4 [ 39]:
> Call-ID: 477744485-5061-8 at BHC.BH.BDH.HB
> [2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 5 [ 13]: CSeq:
> 102 BYE
> [2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 6 [ 51]:
> Contact: <sip:471 at 172.17.137.71:5061;transport=tls>
> [2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 7 [ 43]:
> Supported: replaces, path, timer, eventlist
> [2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 8 [ 37]:
> User-Agent: Grandstream DP715 1.0.0.5
> [2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 9 [ 80]: Allow:
> INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE
> [2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 10 [ 17]:
> Content-Length: 0
>
> According to RFC 3261, "Call-ID contains a globally unique identifier
> for this call, generated by the combination of a random string and the
> softphone's host name or IP address."
>
> Interestingly, the problem is intermittent. Some calls go through. 
> Asterisk must be able to process these calls from time to time.  Which
> is strange on its own.
>
> On top of everything Grandstream's support organization does not seem
> to exist for all practical purposes.  I opened the case on
> 08/22/2012.  Today, 08/31/2012, I finally received a response, "Sorry
> for missing your call yesterday. We checked the syslog you sent to us
> and seems the TLS is shut down. I just got some TLS internal test
> accounts today and will do a quick test. I'll let you know soon.  It
> took them 9 days to start looking into the issue.
>
> I will update this thread with progress.
>
> Regards,
> Vladimir
>
>
>
> On 8/17/2012 11:30 AM, Carlos Alvarez wrote:
>> On Fri, Aug 17, 2012 at 9:08 AM, Vladimir Mikhelson
>> <vlad at mikhelson.com <mailto:vlad at mikhelson.com>> wrote:
>>
>>     My primary interest is security.  Grandstream claims their
>>     intermediate and higher-end models support TLS and SRTP.  I am
>>     really tired of trying to make Cisco phones to communicate
>>     securely with Asterisk.  Cisco has a great security model but one
>>     has to have their provisioning server for it to function.
>>
>>
>> We've never had customers ask for this, but if doing so is fairly
>> easy we would look at it as just another feature we push.  Do let me
>> know how it works out for you.
>>
>> -- 
>> Carlos Alvarez
>> TelEvolve
>> 602-889-3003
>>
>>
>>
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>                http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20120831/976d5101/attachment.htm>


More information about the asterisk-users mailing list