[jitsi-users] [Fwd: Re: Problems with Jitsi on OSX-10.9.5]


#1

#2

I don't know why Jitsi is set up to use TLS with Iptel, but the solution is NOT to use it :slight_smile:

···

On 2015-02-11 19:01, James B. Byrne wrote:

-------------------------- Original Message --------------------------
Subject: Re: [jitsi-users] Problems with Jitsi on OSX-10.9.5
From: "James B. Byrne" <byrnejb@harte-lyne.ca>
Date: Wed, February 11, 2015 11:01
To: "dsp3" <info@dsp3.org>
----------------------------------------------------------------------

On Wed, February 11, 2015 03:35, dsp3 wrote:

Error from the JAIN-SIP stack: Invalid argument address = ::0 port =
5060 transport = TLS

Iptel doesn't support TLS AFAIK
http://www.iptel.org/service

Then why is JitSi trying to use TLS then? I did not configure it to
do so. Why is trying to use IPv6 when I am connected to an IPv4
network?

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3


#3

Since I did not request that Jitsi use TLS I have no way of knowing
how to not use it. Where is this configured?

···

On Wed, February 11, 2015 13:27, dsp3 wrote:

I don't know why Jitsi is set up to use TLS with Iptel, but the
solution
is NOT to use it :slight_smile:

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3


#4

Setup using a regular SIP account in Jitsi using your Iptel login details. Registrar iptel.org. Port 5060. Configure proxy automatically yes.
Working for me.

···

On 2015-02-11 23:17, James B. Byrne wrote:

On Wed, February 11, 2015 13:27, dsp3 wrote:

I don't know why Jitsi is set up to use TLS with Iptel, but the
solution
is NOT to use it :slight_smile:

Since I did not request that Jitsi use TLS I have no way of knowing
how to not use it. Where is this configured?


#5

Yes, that works for me too, on anything other than my macbook. That
will not connect to anything. As soon as I try to go online I get an
immediate error, regardless of registrar. I have deleted all the
accounts and added them back taking only the defaults and I obtain the
same results.

···

On Wed, February 11, 2015 15:39, dsp3 wrote:

Setup using a regular SIP account in Jitsi using your Iptel login
details. Registrar iptel.org. Port 5060. Configure proxy automatically
yes.
Working for me.

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3


#6

Thank you. I will check out the DNS stuff tonight when I have access
to my macbook. I can state however that I have no other identifiable
DNS issues on that device. For instance, I used Firefox to register
at iptel.org and had no problem getting there. That was done from the
macbook.

I can send the logs as I dumped them. Is there a particular manner in
which I should post them? In line text in a mailing list post?
Attachment to email to you? Upload to support site (if so then the URL
please)?

Sincerely,

···

On Wed, February 11, 2015 16:36, Ingo Bauersachs wrote:

The log analysis from dsp3 is wrong. That entry about TLS is generic
and not limited to Iptel. Jitsi says it cannot find an address to
connect with Iptel, so there is a DNS problem on your Mac. (And it
fails before even having a possibility to choose TLS over TCP over
UDP.) With the tiny log excerpt you sent, I cannot guess any better.
Please send your complete logs or find out why Jitsi is unable to
query for the SRV record _sip._tcp.iptel.org, its target sip.iptel.org
and the resulting host 212.79.111.155. My first guess would be to
check /etc/resolv.conf for weird stuff.

Ingo

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3


#7

The log analysis from dsp3 is wrong. That entry about TLS is generic and not limited to Iptel. Jitsi says it cannot find an address to connect with Iptel, so there is a DNS problem on your Mac. (And it fails before even having a possibility to choose TLS over TCP over UDP.) With the tiny log excerpt you sent, I cannot guess any better. Please send your complete logs or find out why Jitsi is unable to query for the SRV record _sip._tcp.iptel.org, its target sip.iptel.org and the resulting host 212.79.111.155. My first guess would be to check /etc/resolv.conf for weird stuff.

Ingo

···

On Wed, February 11, 2015 15:39, dsp3 wrote:

Setup using a regular SIP account in Jitsi using your Iptel login
details. Registrar iptel.org. Port 5060. Configure proxy automatically
yes.
Working for me.

Yes, that works for me too, on anything other than my macbook. That
will not connect to anything. As soon as I try to go online I get an
immediate error, regardless of registrar. I have deleted all the
accounts and added them back taking only the defaults and I obtain the
same results.


#8

Thank you. I will check out the DNS stuff tonight when I have access to
my macbook. I can state however that I have no other identifiable DNS
issues on that device. For instance, I used Firefox to register at
iptel.org and had no problem getting there. That was done from the
macbook.

Jitsi reads the system's DNS servers and queries them directly, so it is
quite possible that something goes wrong in that process while a non-Java
application isn't exposed to that failure.

I can send the logs as I dumped them. Is there a particular manner in
which I should post them? In line text in a mailing list post?
Attachment to email to you? Upload to support site (if so then the URL
please)?

Please use the embedded archiving option from
Tools->Options->Advanced->Logging and just send it to the list. If you're
concerned about privacy issues (there is data like your account names in
it), then send them either directly to me or to support@bluejimp.com as an
attachment.

Sincerely,

Ingo


#9

Don't have access to OS X, so I can't help further, but the error is because of this: 5060 transport = TLS from original logs. Transport is UDP on 5060 for Iptel.

···

On 2015-02-11 23:54, James B. Byrne wrote:

On Wed, February 11, 2015 15:39, dsp3 wrote:

Setup using a regular SIP account in Jitsi using your Iptel login
details. Registrar iptel.org. Port 5060. Configure proxy automatically
yes.
Working for me.

Yes, that works for me too, on anything other than my macbook. That
will not connect to anything. As soon as I try to go online I get an
immediate error, regardless of registrar. I have deleted all the
accounts and added them back taking only the defaults and I obtain the
same results.


#10

Thank you. I will check out the DNS stuff tonight when I have access to
my macbook. I can state however that I have no other identifiable DNS
issues on that device. For instance, I used Firefox to register at
iptel.org and had no problem getting there. That was done from the
macbook.

Have you by chance enabled DNS proxying under
Tools->Options->Advanced->Global proxy and set to 127.0.0.1 port 2053?

Ingo


#11

That was it. Thank you. I must have set that at some point early in
my struggles as I generally use a SOCKSV proxy when connecting from
external networks. Naturally, not knowing what I was doing I then
forget about it and never thought to look again.

I now can connect to both iptel.org and our internal SIP/RTP server
from the macbook when it has a direct network connection inside my
firewall. I will have to check on how to connect from outside over a
proxy SSH tunnel.

If you know any suggested resources I can refer to to guide me in
establishing Jitsi over an SSH proxy then I would appreciate having
them. In case you have any personal experience with doing this and
can offer advice I reproduce my SSH proxy setup command below.

USERNAME=xxxxxx ; \
HOST=yyyyyyy ; \
DOMAIN=domain.tld ; \
SSHPORT=nnnnn ; \
FWDPORT=3000 ; \
SOCKSV1=2001 ; \
SOCKSV2=2002 ; \
SOCKSV3=2003 ; \
SOCKSV43=2443 ; \
SOCKSV53=2053 ; \
SOCKSV60=2060 ; \
SOCKSV61=2061 ; \
echo -e "ssh -p $SSHPORT -Y -L $FWDPORT:$HOST.$DOMAIN:$FWDPORT
             -o ServerAliveInterval=30
             -o ServerAliveCountMax=10
             $USERNAME@$HOST.$DOMAIN
             -D $SOCKSV1
             -D $SOCKSV2
             -D $SOCKSV3
             -D $SOCKSV43
             -D $SOCKSV53
             -D $SOCKSV60
             -D $SOCKSV61" ; \
ssh -p $SSHPORT -Y -L $FWDPORT:$HOST.$DOMAIN:$FWDPORT \
    -o ServerAliveInterval=30 -o ServerAliveCountMax=10 \
     $USERNAME@$HOST.$DOMAIN \
    -D $SOCKSV1 -D $SOCKSV2 -D $SOCKSV3 -D $SOCKSV43 \
    -D $SOCKSV53 -D $SOCKSV60 -D $SOCKSV61;

Thanks again.

···

On Thu, February 12, 2015 10:10, Ingo Bauersachs wrote:

Have you by chance enabled DNS proxying under
Tools->Options->Advanced->Global proxy and set to 127.0.0.1 port 2053?

Ingo

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3