<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Bryant,<br>
<br>
Thank you for the reply.<br>
<br>
It looks like either I was very unlucky with the support engineer my
SR was assigned to or you were extremely lucky. Or maybe
Grandstream singles you or your company out for some reason.<br>
<br>
My test is plain vanilla.<br>
<ol>
<li>Enable SIPS and SRTP for an extension in Asterisk 1.8.15</li>
<li>Sign a certificate on the Asterisk server and provision it
manually to the DP715</li>
<li>Try calling back and forth.</li>
</ol>
<p>My plan was to spend 30 minutes to an hour to test the above and
then move to the real-life scenarios. So far I spent 9 days, with
no help from Grandstream whatsoever, toying with this test and
making no progress.<br>
</p>
<p>The features they must have for real-life deployments:<br>
</p>
<ul>
<li>HTTPS on the setup portal with normal set of credentials, i.e.
user name and password<br>
</li>
<li>Ability to disable HTTP/HTTPS</li>
<li>SSH vs telnet<br>
</li>
<li>Ability to send host name or other CN not equal to the phone
IP in TLS negotiation</li>
</ul>
<p>I will probably have more after I am past my step 0 testing.<br>
</p>
<p>Thank you,<br>
Vladimir<br>
</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 8/31/2012 8:55 PM, Bryant Zimmerman
wrote:<br>
</div>
<blockquote cite="mid:26f0f04d$76d74e56$3681e7a7$@zktech.com"
type="cite"><span style="font-family: Arial, Helvetica,
sans-serif; font-size: 10pt">Vladimir<br>
<br>
We are testing the DP715 very aggressively. We have been please
with the units for the most part, but we too have been working
bugs with Grandstream. We have several in so far and a number of
feature requests as well. I deal directly with several of the
support engineers and they bring in the developers when
necessary. I would be open to working with you on your issue. If
I can create validation tests for your items and reproduce the
issue I have had great success getting them to take note and
address issues they really do want to address issues. In less
than two weeks they have given me test builds address two of our
issues and they are working on several others. Because of the
cooperation of Grandsteam we are close to being able to offer
the DP715 phones to our customers. Even then they will have more
items to address to allow for full feature deployments but they
are serious about the DP715 product. <br>
<br>
<div>Thanks<br>
<br>
Bryant Zimmerman (ZK Tech Inc.)
</div>
<br>
<span style="font-size: 10pt; font-family:
tahoma,arial,sans-serif;">
<hr align="center" size="2" width="100%">
<strong>From</strong>: "Vladimir Mikhelson"
<a class="moz-txt-link-rfc2396E" href="mailto:vlad@mikhelson.com"><vlad@mikhelson.com></a><br>
<strong>Sent</strong>: Friday, August 31, 2012 9:07 PM<br>
<strong>To</strong>: "Asterisk Users Mailing List -
Non-Commercial Discussion"
<a class="moz-txt-link-rfc2396E" href="mailto:asterisk-users@lists.digium.com"><asterisk-users@lists.digium.com></a><br>
<strong>Subject</strong>: Re: [asterisk-users] Grandstream
VoIP phones</span><br>
<br>
Carlos,<br>
<br>
So far the experience with DP715 is extremely negative.<br>
<br>
It all starts with the WEB interface which is only served on
port
80, no https, period. There is no login name, just password.<br>
<br>
The phone worked as expected with insecure SIP and RTP. As I
started playing with security the phone started acting up. It
randomly took calls, then stopped. It placed calls, then
stopped.<br>
<br>
Following is a sample of a corrupted SIP message Asterisk
receives
from DP715 (pay attention to Call-ID:
<a moz-do-not-send="true"
href="mailto:477744485-5061-8@BHC.BH.BDH.HB"
class="moz-txt-link-abbreviated">477744485-5061-8@BHC.BH.BDH.HB</a>):<br>
<br>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 0 [ 14]:
SIP/2.0 200 OK<br>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 1 [ 69]:
Via:
SIP/2.0/TLS 172.17.137.11:5061;branch=z9hG4bK2f5ce157;rport=5061<br>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 2 [ 57]:
From:
<a moz-do-not-send="true"
href="mailto:sip:*97@pbx.int.mikhelson.com:5061"
class="moz-txt-link-rfc2396E"><sip:*97@pbx.int.mikhelson.com:5061></a>;tag=as50c4dc59<br>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 3 [ 54]:
To:
<a moz-do-not-send="true"
href="mailto:sip:471@pbx.int.mikhelson.com:5061"
class="moz-txt-link-rfc2396E"><sip:471@pbx.int.mikhelson.com:5061></a>;tag=436538044<br>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 4 [ 39]:
Call-ID: <a moz-do-not-send="true"
href="mailto:477744485-5061-8@BHC.BH.BDH.HB"
class="moz-txt-link-abbreviated">477744485-5061-8@BHC.BH.BDH.HB</a><br>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 5 [ 13]:
CSeq:
102 BYE<br>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 6 [ 51]:
Contact: <a moz-do-not-send="true"
href="mailto:sip:471@172.17.137.71:5061;transport=tls"
class="moz-txt-link-rfc2396E"><sip:471@172.17.137.71:5061;transport=tls></a><br>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 7 [ 43]:
Supported: replaces, path, timer, eventlist<br>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 8 [ 37]:
User-Agent: Grandstream DP715 1.0.0.5<br>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 9 [ 80]:
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY,
INFO,
REFER, UPDATE<br>
[2012-08-23 23:55:09] DEBUG[14132] chan_sip.c: Header 10 [ 17]:
Content-Length: 0<br>
<br>
According to RFC 3261, "Call-ID contains a globally unique
identifier for this call,
generated by the combination of a random string and the
softphone's
host name or IP address."<br>
<br>
Interestingly, the problem is intermittent. Some calls go
through.
Asterisk must be able to process these calls from time to time.
Which is strange on its own.<br>
<br>
On top of everything Grandstream's support organization does not
seem to exist for all practical purposes. I opened the case on
08/22/2012. Today, 08/31/2012, I finally received a response,
"Sorry for missing your call yesterday. We checked the syslog
you
sent to us and seems the TLS is shut down. I just got some TLS
internal test accounts today and will do a quick test. I'll let
you
know soon. It took them 9 days to start looking into the issue.<br>
<br>
I will update this thread with progress.<br>
<br>
Regards,<br>
Vladimir<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 8/17/2012 11:30 AM, Carlos
Alvarez
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAFn1dUFmTSPnwydAAVHSpifh=be9TYVwDat_+NHcvQ7-cYRASw@mail.gmail.com">
<div class="gmail_quote">On Fri, Aug 17, 2012 at 9:08 AM,
Vladimir
Mikhelson <span dir="ltr"><<a target="_blank"
href="mailto:vlad@mikhelson.com" moz-do-not-send="true">vlad@mikhelson.com</a>></span>
wrote:<br>
<blockquote style="margin: 0px 0px 0px 0.8ex; border-left:
1px solid #cccccc; padding-left: 1ex;" class="gmail_quote">
<div text="#000000" bgcolor="#FFFFFF">My primary interest
is
security. Grandstream claims their intermediate and
higher-end models support TLS and SRTP. I am really
tired
of trying to make Cisco phones to communicate securely
with
Asterisk. Cisco has a great security model but one has
to
have their provisioning server for it to function.<br>
</div>
</blockquote>
<div><br>
</div>
<div>We've never had customers ask for this, but if doing so
is
fairly easy we would look at it as just another feature we
push. Do let me know how it works out for you.</div>
<div><br>
</div>
</div>
-- <br>
<div>Carlos Alvarez</div>
<div>TelEvolve</div>
<div>602-889-3003</div>
<div><br>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre>--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by <a moz-do-not-send="true" href="http://www.api-digital.com" class="moz-txt-link-freetext">http://www.api-digital.com</a> --
New to Asterisk? Join us for a live introductory webinar every Thurs:
<a moz-do-not-send="true" href="http://www.asterisk.org/hello" class="moz-txt-link-freetext">http://www.asterisk.org/hello</a>
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
<a moz-do-not-send="true" href="http://lists.digium.com/mailman/listinfo/asterisk-users" class="moz-txt-link-freetext">http://lists.digium.com/mailman/listinfo/asterisk-users</a></pre>
</blockquote>
<br>
</span>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by <a class="moz-txt-link-freetext" href="http://www.api-digital.com">http://www.api-digital.com</a> --
New to Asterisk? Join us for a live introductory webinar every Thurs:
<a class="moz-txt-link-freetext" href="http://www.asterisk.org/hello">http://www.asterisk.org/hello</a>
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
<a class="moz-txt-link-freetext" href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a></pre>
</blockquote>
<br>
</body>
</html>