Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Operator » Softphone over wifi problem
  •  
Carconnex

Messages: 45
Karma: 0
Send a private message to this user
Hi,

we are having a problem with our softphones in our main office. When we are connected to the Wifi, iphones can make calls but there's no sound. Androids have the same problem but there you have 5 seconds of sound and then the audio stops. The call stays connected but says: network quality unknown (see screenshot)

We don't have the problem on other wifi networks or with mobile data.

we have a fortigate 60B firewall with apple airports connected to it.

  • Attachment: Image.png
    (Size: 1.14MB, Downloaded 85 times)
  •  
Carsten Maas (Kerio)

Messages: 247
Karma: 27
Send a private message to this user
Maybe prioritizing SIP traffic in the Fortigate UTM can help.

Carsten Maas
Senior Technical Marketing Engineer
Kerio Technologies

Kerio Deutschland youtube Channel
http://www.youtube.com/KerioDeutschland
  •  
Carconnex

Messages: 45
Karma: 0
Send a private message to this user
Carsten Maas (Kerio) wrote on Mon, 07 November 2016 14:18
Maybe prioritizing SIP traffic in the Fortigate UTM can help.

doesn't seem to help.
  •  
Carconnex

Messages: 45
Karma: 0
Send a private message to this user
In attached screenshot you can see the call log from the softphone while calling from internal Wifi.
As you can see, the peer ip says 0.0.0.0:0.
Normally it should give the WAN-ip of the kerio operator server.

I guess it's a routing problem but i don't know how to resolve it.

  • Attachment: IMG_1959.PNG
    (Size: 165.20KB, Downloaded 84 times)
  •  
steinham

Messages: 198

Karma: 7
Send a private message to this user
Hi,

do you have "[v] extension is behind NAT" and properly configured "[v] NAT enabled (Kerio Operator is behind a firewall)"?

Maybe this article can be helpful: http://kb.kerio.com/product/kerio-operator/server-configurat ion-kerio-operator/configuring-nat-821.html

I'm not sure how your clients are connected to Kerio Operator server - maybe you can modify local DNS to provide local (LAN IP) Operator's address to avoid loop through firewall...

______________________________
Martin Steinhauser
tester
Kerio Technologies
  •  
Carconnex

Messages: 45
Karma: 0
Send a private message to this user
M. Steinhauser (Kerio) wrote on Mon, 07 November 2016 15:10
Hi,

do you have "[v] extension is behind NAT" and properly configured "[v] NAT enabled (Kerio Operator is behind a firewall)"?

Maybe this article can be helpful: http://kb.kerio.com/product/kerio-operator/server-configurat ion-kerio-operator/configuring-nat-821.html

I'm not sure how your clients are connected to Kerio Operator server - maybe you can modify local DNS to provide local (LAN IP) Operator's address to avoid loop through firewall...

All NAT settings should be right.

I just did a test by disabling Encryption on the softphone extension (TLS and SRTP) and then i do get audio...

  •  
Brian (GFI/Kerio)

Messages: 741
Karma: 70
Send a private message to this user
It may be an issue with your certificate. The softphone for mobile devices is very strict with the SSL support. It must be a signed certificate from a CA and it cannot be a wildcard certificate. You must also properly assemble the certificate with the intermediate chain.
You can test your server using this site. https://www.htbridge.com/ssl/
Check for any issues, such as a missing intermediate chain...

Brian Carmichael
Instructional Content Architect
  •  
nhoague

Messages: 853
Karma: 18
Send a private message to this user
I can attest that the certificates HAVE to be valid. And you can't use a free one either. $69 at GoDaddy works just fine. Make sure you copy the intermediate to your signed cert to complete the chain.

The softphone app is picky! Just do it right and you should be good.

You can test your network though using a softphone app on your computer, which isn't as picky, for audio problems before spending any dough on a real cert.

Good luck!
  •  
Brian (GFI/Kerio)

Messages: 741
Karma: 70
Send a private message to this user
I believe you can get by with a free certificate from StartSSL. Otherwise you can get Comodo Essential certs for 14 dollars/year from enom. http://www.enom.com/web-security/ssl-certificates/

Brian Carmichael
Instructional Content Architect
  •  
Carconnex

Messages: 45
Karma: 0
Send a private message to this user
we have a valid certificate from comodo so that isn't the problem.
When we install the softphone app on our laptops we don't have any problem, not on wifi, not on LAN.
  •  
Filip Jenicek (Kerio)

Messages: 1094
Karma: 80
Send a private message to this user
Hi Carconnex,

I assume Operator is behind a firewall/NAT and ports 5060,5061 are mapped through the firewall. Does your firewall also forward the media port range (rtp ports)? By default they are set to 10000-19999. It is possible, that once you disabled encryption, the firewall was able to read the SIP packets and mapped the ports automatically. With encryption, the traffic didn't make it through.

I can't explain that it works for five seconds. Perhaps a packet dump might help.

Filip
  •  
nhoague

Messages: 853
Karma: 18
Send a private message to this user
So you say this also happens internally? Just food for thought have you tried any other SIP programs? Groundwire, or even the native Bria?
  •  
Carconnex

Messages: 45
Karma: 0
Send a private message to this user
nhoague wrote on Tue, 08 November 2016 14:45
So you say this also happens internally? Just food for thought have you tried any other SIP programs? Groundwire, or even the native Bria?


Even better: It ONLY happens internally Smile
  •  
nhoague

Messages: 853
Karma: 18
Send a private message to this user
Hmm... same IP subnet? Any VLANs? Dude thats odd.
Carconnex

Messages: 45
Karma: 0
Send a private message to this user
nhoague wrote on Tue, 08 November 2016 16:00
Hmm... same IP subnet? Any VLANs? Dude thats odd.

Yeah same subnet and ip range... very odd indeed Laughing

We're breaking our heads over it for quite some time now!

[Updated on: Tue, 08 November 2016 16:05]

Previous Topic: Reports on Kerio Operator
Next Topic: restrict https operator page
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Sep 20 14:58:53 CEST 2017

Total time taken to generate the page: 0.00602 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.