Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Operator » Softphone over wifi problem
  •  
Carconnex

Messages: 20
Karma: 0
Send a private message to this user
Hi,

we are having a problem with our softphones in our main office. When we are connected to the Wifi, iphones can make calls but there's no sound. Androids have the same problem but there you have 5 seconds of sound and then the audio stops. The call stays connected but says: network quality unknown (see screenshot)

We don't have the problem on other wifi networks or with mobile data.

we have a fortigate 60B firewall with apple airports connected to it.

  • Attachment: Image.png
    (Size: 1.14MB, Downloaded 12 times)
  •  
Carsten Maas (Kerio)

Messages: 247
Karma: 27
Send a private message to this user
Maybe prioritizing SIP traffic in the Fortigate UTM can help.

Carsten Maas
Senior Technical Marketing Engineer
Kerio Technologies

Kerio Deutschland youtube Channel
http://www.youtube.com/KerioDeutschland
  •  
Carconnex

Messages: 20
Karma: 0
Send a private message to this user
Carsten Maas (Kerio) wrote on Mon, 07 November 2016 14:18
Maybe prioritizing SIP traffic in the Fortigate UTM can help.

doesn't seem to help.
  •  
Carconnex

Messages: 20
Karma: 0
Send a private message to this user
In attached screenshot you can see the call log from the softphone while calling from internal Wifi.
As you can see, the peer ip says 0.0.0.0:0.
Normally it should give the WAN-ip of the kerio operator server.

I guess it's a routing problem but i don't know how to resolve it.

  • Attachment: IMG_1959.PNG
    (Size: 165.20KB, Downloaded 13 times)
  •  
M. Steinhauser (Kerio)

Messages: 181

Karma: 4
Send a private message to this user
Hi,

do you have "[v] extension is behind NAT" and properly configured "[v] NAT enabled (Kerio Operator is behind a firewall)"?

Maybe this article can be helpful: http://kb.kerio.com/product/kerio-operator/server-configurat ion-kerio-operator/configuring-nat-821.html

I'm not sure how your clients are connected to Kerio Operator server - maybe you can modify local DNS to provide local (LAN IP) Operator's address to avoid loop through firewall...

______________________________
Martin Steinhauser
tester
Kerio Technologies
  •  
Carconnex

Messages: 20
Karma: 0
Send a private message to this user
M. Steinhauser (Kerio) wrote on Mon, 07 November 2016 15:10
Hi,

do you have "[v] extension is behind NAT" and properly configured "[v] NAT enabled (Kerio Operator is behind a firewall)"?

Maybe this article can be helpful: http://kb.kerio.com/product/kerio-operator/server-configurat ion-kerio-operator/configuring-nat-821.html

I'm not sure how your clients are connected to Kerio Operator server - maybe you can modify local DNS to provide local (LAN IP) Operator's address to avoid loop through firewall...

All NAT settings should be right.

I just did a test by disabling Encryption on the softphone extension (TLS and SRTP) and then i do get audio...

  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user
It may be an issue with your certificate. The softphone for mobile devices is very strict with the SSL support. It must be a signed certificate from a CA and it cannot be a wildcard certificate. You must also properly assemble the certificate with the intermediate chain.
You can test your server using this site. https://www.htbridge.com/ssl/
Check for any issues, such as a missing intermediate chain...

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
nhoague

Messages: 845
Karma: 18
Send a private message to this user
I can attest that the certificates HAVE to be valid. And you can't use a free one either. $69 at GoDaddy works just fine. Make sure you copy the intermediate to your signed cert to complete the chain.

The softphone app is picky! Just do it right and you should be good.

You can test your network though using a softphone app on your computer, which isn't as picky, for audio problems before spending any dough on a real cert.

Good luck!
  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user
I believe you can get by with a free certificate from StartSSL. Otherwise you can get Comodo Essential certs for 14 dollars/year from enom. http://www.enom.com/web-security/ssl-certificates/

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Carconnex

Messages: 20
Karma: 0
Send a private message to this user
we have a valid certificate from comodo so that isn't the problem.
When we install the softphone app on our laptops we don't have any problem, not on wifi, not on LAN.
  •  
Filip Jenicek (Kerio)

Messages: 1050
Karma: 76
Send a private message to this user
Hi Carconnex,

I assume Operator is behind a firewall/NAT and ports 5060,5061 are mapped through the firewall. Does your firewall also forward the media port range (rtp ports)? By default they are set to 10000-19999. It is possible, that once you disabled encryption, the firewall was able to read the SIP packets and mapped the ports automatically. With encryption, the traffic didn't make it through.

I can't explain that it works for five seconds. Perhaps a packet dump might help.

Filip
  •  
nhoague

Messages: 845
Karma: 18
Send a private message to this user
So you say this also happens internally? Just food for thought have you tried any other SIP programs? Groundwire, or even the native Bria?
  •  
Carconnex

Messages: 20
Karma: 0
Send a private message to this user
nhoague wrote on Tue, 08 November 2016 14:45
So you say this also happens internally? Just food for thought have you tried any other SIP programs? Groundwire, or even the native Bria?


Even better: It ONLY happens internally Smile
  •  
nhoague

Messages: 845
Karma: 18
Send a private message to this user
Hmm... same IP subnet? Any VLANs? Dude thats odd.
Carconnex

Messages: 20
Karma: 0
Send a private message to this user
nhoague wrote on Tue, 08 November 2016 16:00
Hmm... same IP subnet? Any VLANs? Dude thats odd.

Yeah same subnet and ip range... very odd indeed Laughing

We're breaking our heads over it for quite some time now!

[Updated on: Tue, 08 November 2016 16:05]

Previous Topic: "Call forwarding" Code missing
Next Topic: Total HangUps with Box 3000 after Upgrade to 2.5/2.5.1
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Dec 11 10:54:56 CET 2016

Total time taken to generate the page: 0.01435 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.