Fusionpbx – TLS (TCP) not work for Yealink

Posted byadmin
  1. enable tls on fusionpbx, advanced -> variables -> sip profile internal -> enable port 5061
  1. status -> sip status -> flush cache -> rescan internal
  2. for yealink: security -> trusted certificate -> disable
  3. for yealink: extension -> transport (TLS)

why yealink not work for the above, but work for softphone

static.security.default_ssl_method = 5


Parameter static.security.default_ssl_method <y0000000000xx>.cfg
Description It configures the TLS version the IP phone uses to authenticate with the server.
Permitted
Values
0-TLS 1.0 only
3-SSL V23 (automatic negotiation with the server. The phone starts with TLS1.2 for negotiation.)
4-TLS 1.1 only
5-TLS 1.2 only
Default 3

http://forum.yealink.com/forum/archive/index.php?thread-3842-2.html

TLS config url: here

TLS certificate directory: /etc/fusionpbx/tls

TLS config script

root@Fusion-01:/usr/src/fusionpbx-install.sh/debian/resources# more wu-tls.sh
#!/bin/sh

        #make sure the freeswitch directory exists
        # mkdir -p /etc/freeswitch/tls

        #make sure the freeswitch certificate directory is empty
        rm /etc/freeswitch/tls/*

        domain_alias=/etc/letsencrypt/live/viznitzbs.voipitservices.com
        #combine the certs into all.pem
        cat $domain_alias/fullchain.pem > /etc/freeswitch/tls/all.pem
        cat $domain_alias/privkey.pem >> /etc/freeswitch/tls/all.pem
        #cat $domain_alias/chain.pem >> /etc/freeswitch/tls/all.pem

        #copy the certificates
        cp $domain_alias/cert.pem /etc/freeswitch/tls
        cp $domain_alias/chain.pem /etc/freeswitch/tls
        cp $domain_alias/fullchain.pem /etc/freeswitch/tls
        cp $domain_alias/privkey.pem /etc/freeswitch/tls

        #add symbolic links
        ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
        ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
        ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
        ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem

        #set the permissions
        chown -R www-data:www-data /etc/freeswitch/tls

#set the permissions
chown -R www-data:www-data /etc/freeswitch/tls

fs_cli -x "reload mod_sofia" (or restart freeswitch)

#maybe relevant to code: /usr/share/freeswitch/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua