[jitsi-users] Re: client firewall


#1

Hey Vieri,

На 27.04.11 16:32, Vieri написа:
> Hi,
>
> I'm trying out a new softphone and I'm really
impressed by the
> "features" of JITSI (www.jitsi.org) even though it's
still in beta.
>
> Precisely because it's in beta I'm having trouble
making calls
> through Asterisk. I'd like to know if someone here has
managed to
> make it work.

I know of many people that are actually. I am personally
making tens of
audio and video calls through asterisk with Jitsi every day
and don't
have any issues.

I can't be sure about the issue from these log files but
could you
please try deleting and creating your account again?

I deleted the account and created it again but it's still failing when I activate Winodws 7 Firewall (with Jitsi beeing an "exception").
Jitsi works without Win 7 Firewall.

If the problem persists, could you please send us the log
zip [0] ?

I'm attaching it in the hope it can be helpful (made a call from exten 4053 to exten 6666 but it just wouldn't ring).

Thanks,

Vieri

jitsi1beta.log.zip (153 KB)

···

--- On Wed, 4/27/11, Emil Ivov <emcho@jitsi.org> wrote:

Cheers,
Emil

[0] http://jitsi.org/faq/logs

> I'm using Jitsi 1.0 beta1 build 3442 (32-bit x86
Windows binary). I
> can register to Asterisk just fine as
<exten>@<asterisk_IP_addr>
> ("sip show peers" tells me that my monitored extension
is online). I
> can receive calls routed from Asterisk (Jitsi rings
and I can talk to
> caller). However, I cannot dial out. I try to contact
> <other_exten>@<asterisk_IP_addr> (or
simply call back the last caller
> in my Jitsi History) but Jitsi doesn't go beyond
"Initiating call".
>
> It's a Windows 7 firewall issue (where Jitsi is
running) because if I
> fully disable Win Firewall then I CAN dial out
correctly.
>
> However, I'd like to leave Windows firewall ON and it
already has the
> following exceptions: C:\program
files\jitsi\jre\bin\javaw.exe
> C:\program files\jitsi\run.exe
>
> If I set sip debug in Asterisk then this is what I get
when trying to
> call from my Jitsi softphone at 10.215.144.48
registered as 4053 at
> asterisk server 10.215.145.112 to extension 3210:
>
> srv-voip2*CLI> <--- SIP read from
10.215.144.48:5060 ---> INVITE
> sip:3210@10.215.147.112 SIP/2.0 Call-ID:
> 8cfe8d9722d8a59c5816da43e710379c@0:0:0:0:0:0:0:0 CSeq:
1 INVITE From:
> "4053" <sip:4053@10.215.147.112>;tag=556f2285
To:
> <sip:3210@10.215.147.112> Via: SIP/2.0/UDP
>
10.215.144.48:5060;branch=z9hG4bK-393531-eebadee2eae8be9dfa4f04cedef33a66
>
>
Max-Forwards: 70
> Contact: "4053"
>
<sip:4053@10.215.144.48:5060;transport=udp;registering_acc=10_215_147_112>
>
>
User-Agent: Jitsi1.0-beta1-nightly.build.3442Windows 7
> Content-Type: application/sdp Content-Length: 841
>
> v=0 o=4053 0 0 IN IP4 10.215.144.48 s=- c=IN IP4
10.215.144.48 t=0 0
> m=audio 5008 RTP/AVP 9 96 97 0 8 98 3 99 5 6 4 15 101
a=rtpmap:9
> G722/8000 a=rtpmap:96 speex/32000 a=rtpmap:97
speex/16000 a=rtpmap:0
> PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:98 iLBC/8000
a=rtpmap:3
> GSM/8000 a=rtpmap:99 speex/8000 a=rtpmap:5 DVI4/8000
a=rtpmap:6
> DVI4/16000 a=rtpmap:4 G723/8000 a=fmtp:4
annexa=no;bitrate=6.3
> a=rtpmap:15 G728/8000 a=rtpmap:101
telephone-event/8000 a=extmap:1
> urn:ietf:params:rtp-hdrext:csrc-audio-level
a=zrtp-hash:1.10
>
996db3393c53f46cf624e88b1d25ff9cf3b0fd0f11555dbf931b42b141b7e89a

> m=video 5010 RTP/AVP 100 a=recvonly a=rtpmap:100
H264/90000
> a=fmtp:100 packetization-mode=1 a=imageattr:100 send *
recv
> [x=[0-1280],y=[0-1024]] a=zrtp-hash:1.10
>
fbcd82761d8479d025a55ae39a87c0fe942e0801658670228ea1c5915e80dd87
>
> <-------------> --- (11 headers 28 lines) ---
Sending to
> 10.215.144.48 : 5060 (no NAT) Using INVITE request as
basis request -
> 8cfe8d9722d8a59c5816da43e710379c@0:0:0:0:0:0:0:0
srv-voip2*CLI> <---
> Reliably Transmitting (NAT) to 10.215.144.48:5060
---> SIP/2.0 407
> Proxy Authentication Required Via: SIP/2.0/UDP
>
10.215.144.48:5060;branch=z9hG4bK-393531-eebadee2eae8be9dfa4f04cedef33a66;received=10.215.144.48
>
>
From: "4053" <sip:4053@10.215.147.112>;tag=556f2285
> To: <sip:3210@10.215.147.112>;tag=as78d98592
Call-ID:
> 8cfe8d9722d8a59c5816da43e710379c@0:0:0:0:0:0:0:0 CSeq:
1 INVITE
> User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL,
OPTIONS, BYE,
> REFER, SUBSCRIBE, NOTIFY, INFO Supported: replaces
> Proxy-Authenticate: Digest algorithm=MD5,
realm="asterisk",
> nonce="485351d4" Content-Length: 0
>
>
> <------------> Scheduling destruction of SIP
dialog
> '8cfe8d9722d8a59c5816da43e710379c@0:0:0:0:0:0:0:0' in
32000 ms
> (Method: INVITE) Found user '4053' srv-voip2*CLI>
<--- SIP read from
> 10.215.144.48:5060 ---> ACK sip:3210@10.215.147.112
SIP/2.0 Call-ID:
> 8cfe8d9722d8a59c5816da43e710379c@0:0:0:0:0:0:0:0
Max-Forwards: 70
> From: "4053"
<sip:4053@10.215.147.112>;tag=556f2285 To:
> <sip:3210@10.215.147.112>;tag=as78d98592 Via:
SIP/2.0/UDP
>
10.215.144.48:5060;branch=z9hG4bK-393531-eebadee2eae8be9dfa4f04cedef33a66
>
>
CSeq: 1 ACK
> Content-Length: 0
>
>
> <-------------> srv-voip2*CLI> <--- SIP
read from 10.215.144.48:5060
> ---> REGISTER sip:10.215.147.112 SIP/2.0 Call-ID:
> 03886d0e455189f93b5746cb78e7b7ed@0:0:0:0:0:0:0:0 CSeq:
39 REGISTER
> From: "4053"
<sip:4053@10.215.147.112>;tag=babc004d To: "4053"
> <sip:4053@10.215.147.112> Via: SIP/2.0/UDP
>
10.215.144.48:5060;branch=z9hG4bK-393531-38e4a202d14efe8c492bb0a49190fa6c
>
>
Max-Forwards: 70
> Authorization: Digest
>
username="4053",realm="asterisk",nonce="02077fa4",uri="sip:10.215.147.112",response="ed0a4b2fe02d6b24831ece74ea39817a",algorithm=MD5
>
>
User-Agent: Jitsi1.0-beta1-nightly.build.3442Windows 7
> Expires: 600 Contact: "4053"
>
<sip:4053@10.215.144.48:5060;transport=udp;registering_acc=10_215_147_112>;expires=600
>
>
Content-Length: 0
>
>
> <-------------> --- (12 headers 0 lines) ---
Using latest REGISTER
> request as basis request Sending to 10.215.144.48 :
5060 (NAT)
> srv-voip2*CLI> <--- Transmitting (NAT) to
10.215.144.48:5060 --->
> SIP/2.0 100 Trying Via: SIP/2.0/UDP
>
10.215.144.48:5060;branch=z9hG4bK-393531-38e4a202d14efe8c492bb0a49190fa6c;received=10.215.144.48
>
>
From: "4053" <sip:4053@10.215.147.112>;tag=babc004d
> To: "4053" <sip:4053@10.215.147.112> Call-ID:
> 03886d0e455189f93b5746cb78e7b7ed@0:0:0:0:0:0:0:0 CSeq:
39 REGISTER
> User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL,
OPTIONS, BYE,
> REFER, SUBSCRIBE, NOTIFY, INFO Supported: replaces
Content-Length: 0
>
>
> <------------> srv-voip2*CLI> <---
Transmitting (NAT) to
> 10.215.144.48:5060 ---> SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP
>
10.215.144.48:5060;branch=z9hG4bK-393531-38e4a202d14efe8c492bb0a49190fa6c;received=10.215.144.48
>
>
From: "4053" <sip:4053@10.215.147.112>;tag=babc004d
> To: "4053"
<sip:4053@10.215.147.112>;tag=as091e07d4 Call-ID:
> 03886d0e455189f93b5746cb78e7b7ed@0:0:0:0:0:0:0:0 CSeq:
39 REGISTER
> User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL,
OPTIONS, BYE,
> REFER, SUBSCRIBE, NOTIFY, INFO Supported: replaces
WWW-Authenticate:
> Digest algorithm=MD5, realm="asterisk",
nonce="06d4d3d7", stale=true
> Content-Length: 0
>
>
> <------------> Scheduling destruction of SIP
dialog
> '03886d0e455189f93b5746cb78e7b7ed@0:0:0:0:0:0:0:0' in
32000 ms
> (Method: REGISTER) srv-voip2*CLI> <--- SIP read
from
> 10.215.144.48:5060 ---> REGISTER sip:10.215.147.112
SIP/2.0 Call-ID:
> 03886d0e455189f93b5746cb78e7b7ed@0:0:0:0:0:0:0:0 CSeq:
40 REGISTER
> From: "4053"
<sip:4053@10.215.147.112>;tag=babc004d To: "4053"
> <sip:4053@10.215.147.112> Max-Forwards: 70
User-Agent:
> Jitsi1.0-beta1-nightly.build.3442Windows 7 Expires:
600 Contact:
> "4053"
>
<sip:4053@10.215.144.48:5060;transport=udp;registering_acc=10_215_147_112>;expires=600
>
>
Via: SIP/2.0/UDP
10.215.144.48:5060;branch=z9hG4bK-393531-edbee168c8b2eadac6145d74e244b36e
> Authorization: Digest
>
username="4053",realm="asterisk",nonce="06d4d3d7",uri="sip:10.215.147.112",response="0a58a61b909b8f5652e823f39a02599c",algorithm=MD5
>
>
Content-Length: 0
>
>
> What do I need to change in my Windows 7 firewall so
that Jitsi can
> dial out?
>
> Also, whether I disable Windows firewall or not, I get
a windows
> crash message when launching Jitsi. It seems to happen
when run.exe
> is executed. The Java app appears and seems to work
but I get an
> APPCRASH on run.exe (module with errors: ntdll.dll).
>
> I'm supposing this is a different issue.
>
> Thanks,
>
> Vieri
>
>

--
Emil Ivov, Ph.D.
67000
Strasbourg,
Project Lead

France
Jitsi
emcho@jitsi.org

  PHONE: \+33\.1\.77\.62\.43\.30

http://jitsi.org

FAX: +33.1.77.62.47.31


#2

Hey Vieri,

На 28.04.11 13:31, Vieri написа:

If the problem persists, could you please send us the log zip [0]
?

I'm attaching it in the hope it can be helpful (made a call from
exten 4053 to exten 6666 but it just wouldn't ring).

It seems that Asterisk responds with an authentication challenge to our
first INVITE (which is expected) and we receive that.

We then send an authenticated INVITE but we never get a response for
that so we just keep retransmitting it.

From the asterisk logs you attached in your previous mail it seems that
Asterisk never gets these retransmissions, so that's what the Windows
firewall is blocking and I have no idea why it would be doing so.

Maybe using TCP or TLS would help change this?

Emil

Thanks,

Vieri

Cheers, Emil

[0] http://jitsi.org/faq/logs

I'm using Jitsi 1.0 beta1 build 3442 (32-bit x86

Windows binary). I

can register to Asterisk just fine as

<exten>@<asterisk_IP_addr>

("sip show peers" tells me that my monitored extension

is online). I

can receive calls routed from Asterisk (Jitsi rings

and I can talk to

caller). However, I cannot dial out. I try to contact
<other_exten>@<asterisk_IP_addr> (or

simply call back the last caller

in my Jitsi History) but Jitsi doesn't go beyond

"Initiating call".

It's a Windows 7 firewall issue (where Jitsi is

running) because if I

fully disable Win Firewall then I CAN dial out

correctly.

However, I'd like to leave Windows firewall ON and it

already has the

following exceptions: C:\program

files\jitsi\jre\bin\javaw.exe

C:\program files\jitsi\run.exe

If I set sip debug in Asterisk then this is what I get

when trying to

call from my Jitsi softphone at 10.215.144.48

registered as 4053 at

asterisk server 10.215.145.112 to extension 3210:

srv-voip2*CLI> <--- SIP read from

10.215.144.48:5060 ---> INVITE

sip:3210@10.215.147.112 SIP/2.0 Call-ID:
8cfe8d9722d8a59c5816da43e710379c@0:0:0:0:0:0:0:0 CSeq:

1 INVITE From:

"4053" <sip:4053@10.215.147.112>;tag=556f2285

To:

<sip:3210@10.215.147.112> Via: SIP/2.0/UDP

10.215.144.48:5060;branch=z9hG4bK-393531-eebadee2eae8be9dfa4f04cedef33a66

Max-Forwards: 70

Contact: "4053"

<sip:4053@10.215.144.48:5060;transport=udp;registering_acc=10_215_147_112>

User-Agent: Jitsi1.0-beta1-nightly.build.3442Windows 7

Content-Type: application/sdp Content-Length: 841

v=0 o=4053 0 0 IN IP4 10.215.144.48 s=- c=IN IP4

10.215.144.48 t=0 0

m=audio 5008 RTP/AVP 9 96 97 0 8 98 3 99 5 6 4 15 101

a=rtpmap:9

G722/8000 a=rtpmap:96 speex/32000 a=rtpmap:97

speex/16000 a=rtpmap:0

PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:98 iLBC/8000

a=rtpmap:3

GSM/8000 a=rtpmap:99 speex/8000 a=rtpmap:5 DVI4/8000

a=rtpmap:6

DVI4/16000 a=rtpmap:4 G723/8000 a=fmtp:4

annexa=no;bitrate=6.3

a=rtpmap:15 G728/8000 a=rtpmap:101

telephone-event/8000 a=extmap:1

urn:ietf:params:rtp-hdrext:csrc-audio-level

a=zrtp-hash:1.10

996db3393c53f46cf624e88b1d25ff9cf3b0fd0f11555dbf931b42b141b7e89a

m=video 5010 RTP/AVP 100 a=recvonly a=rtpmap:100

H264/90000

a=fmtp:100 packetization-mode=1 a=imageattr:100 send *

recv

[x=[0-1280],y=[0-1024]] a=zrtp-hash:1.10

fbcd82761d8479d025a55ae39a87c0fe942e0801658670228ea1c5915e80dd87

<-------------> --- (11 headers 28 lines) ---

Sending to

10.215.144.48 : 5060 (no NAT) Using INVITE request as

basis request -

8cfe8d9722d8a59c5816da43e710379c@0:0:0:0:0:0:0:0

srv-voip2*CLI> <---

Reliably Transmitting (NAT) to 10.215.144.48:5060

---> SIP/2.0 407

Proxy Authentication Required Via: SIP/2.0/UDP

10.215.144.48:5060;branch=z9hG4bK-393531-eebadee2eae8be9dfa4f04cedef33a66;received=10.215.144.48

From: "4053" <sip:4053@10.215.147.112>;tag=556f2285

To: <sip:3210@10.215.147.112>;tag=as78d98592

Call-ID:

8cfe8d9722d8a59c5816da43e710379c@0:0:0:0:0:0:0:0 CSeq:

1 INVITE

User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL,

OPTIONS, BYE,

REFER, SUBSCRIBE, NOTIFY, INFO Supported: replaces
Proxy-Authenticate: Digest algorithm=MD5,

realm="asterisk",

nonce="485351d4" Content-Length: 0

<------------> Scheduling destruction of SIP

dialog

'8cfe8d9722d8a59c5816da43e710379c@0:0:0:0:0:0:0:0' in

32000 ms

(Method: INVITE) Found user '4053' srv-voip2*CLI>

<--- SIP read from

10.215.144.48:5060 ---> ACK sip:3210@10.215.147.112

SIP/2.0 Call-ID:

8cfe8d9722d8a59c5816da43e710379c@0:0:0:0:0:0:0:0

Max-Forwards: 70

From: "4053"

<sip:4053@10.215.147.112>;tag=556f2285 To:

<sip:3210@10.215.147.112>;tag=as78d98592 Via:

SIP/2.0/UDP

10.215.144.48:5060;branch=z9hG4bK-393531-eebadee2eae8be9dfa4f04cedef33a66

CSeq: 1 ACK

Content-Length: 0

<-------------> srv-voip2*CLI> <--- SIP

read from 10.215.144.48:5060

---> REGISTER sip:10.215.147.112 SIP/2.0 Call-ID:
03886d0e455189f93b5746cb78e7b7ed@0:0:0:0:0:0:0:0 CSeq:

39 REGISTER

From: "4053"

<sip:4053@10.215.147.112>;tag=babc004d To: "4053"

<sip:4053@10.215.147.112> Via: SIP/2.0/UDP

10.215.144.48:5060;branch=z9hG4bK-393531-38e4a202d14efe8c492bb0a49190fa6c

Max-Forwards: 70

Authorization: Digest

username="4053",realm="asterisk",nonce="02077fa4",uri="sip:10.215.147.112",response="ed0a4b2fe02d6b24831ece74ea39817a",algorithm=MD5

User-Agent: Jitsi1.0-beta1-nightly.build.3442Windows 7

Expires: 600 Contact: "4053"

<sip:4053@10.215.144.48:5060;transport=udp;registering_acc=10_215_147_112>;expires=600

Content-Length: 0

<-------------> --- (12 headers 0 lines) ---

Using latest REGISTER

request as basis request Sending to 10.215.144.48 :

5060 (NAT)

srv-voip2*CLI> <--- Transmitting (NAT) to

10.215.144.48:5060 --->

SIP/2.0 100 Trying Via: SIP/2.0/UDP

10.215.144.48:5060;branch=z9hG4bK-393531-38e4a202d14efe8c492bb0a49190fa6c;received=10.215.144.48

From: "4053" <sip:4053@10.215.147.112>;tag=babc004d

To: "4053" <sip:4053@10.215.147.112> Call-ID:
03886d0e455189f93b5746cb78e7b7ed@0:0:0:0:0:0:0:0 CSeq:

39 REGISTER

User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL,

OPTIONS, BYE,

REFER, SUBSCRIBE, NOTIFY, INFO Supported: replaces

Content-Length: 0

<------------> srv-voip2*CLI> <---

Transmitting (NAT) to

10.215.144.48:5060 ---> SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP

10.215.144.48:5060;branch=z9hG4bK-393531-38e4a202d14efe8c492bb0a49190fa6c;received=10.215.144.48

From: "4053" <sip:4053@10.215.147.112>;tag=babc004d

To: "4053"

<sip:4053@10.215.147.112>;tag=as091e07d4 Call-ID:

03886d0e455189f93b5746cb78e7b7ed@0:0:0:0:0:0:0:0 CSeq:

39 REGISTER

User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL,

OPTIONS, BYE,

REFER, SUBSCRIBE, NOTIFY, INFO Supported: replaces

WWW-Authenticate:

Digest algorithm=MD5, realm="asterisk",

nonce="06d4d3d7", stale=true

Content-Length: 0

<------------> Scheduling destruction of SIP

dialog

'03886d0e455189f93b5746cb78e7b7ed@0:0:0:0:0:0:0:0' in

32000 ms

(Method: REGISTER) srv-voip2*CLI> <--- SIP read

from

10.215.144.48:5060 ---> REGISTER sip:10.215.147.112

SIP/2.0 Call-ID:

03886d0e455189f93b5746cb78e7b7ed@0:0:0:0:0:0:0:0 CSeq:

40 REGISTER

From: "4053"

<sip:4053@10.215.147.112>;tag=babc004d To: "4053"

<sip:4053@10.215.147.112> Max-Forwards: 70

User-Agent:

Jitsi1.0-beta1-nightly.build.3442Windows 7 Expires:

600 Contact:

"4053"

<sip:4053@10.215.144.48:5060;transport=udp;registering_acc=10_215_147_112>;expires=600

Via: SIP/2.0/UDP

10.215.144.48:5060;branch=z9hG4bK-393531-edbee168c8b2eadac6145d74e244b36e

Authorization: Digest

username="4053",realm="asterisk",nonce="06d4d3d7",uri="sip:10.215.147.112",response="0a58a61b909b8f5652e823f39a02599c",algorithm=MD5

Content-Length: 0

···

What do I need to change in my Windows 7 firewall so

that Jitsi can

dial out?

Also, whether I disable Windows firewall or not, I get

a windows

crash message when launching Jitsi. It seems to happen

when run.exe

is executed. The Java app appears and seems to work

but I get an

APPCRASH on run.exe (module with errors: ntdll.dll).

I'm supposing this is a different issue.

Thanks,

Vieri

-- Emil Ivov, Ph.D. 67000 Strasbourg, Project Lead

France Jitsi emcho@jitsi.org

PHONE: +33.1.77.62.43.30 http://jitsi.org

FAX: +33.1.77.62.47.31

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31


#3

Hi Emil,

I don't have Asterisk 1.6 installed yet and I don't know if there's TCP support for 1.4 or a patch for that.
So I can't try TCP.

Thanks for the explanation above but curiously, Windows firewall isn't blocking traffic FROM my Win 7 PC TO Asterisk but the other way around. If I add a custom rule to "allow all" from local machine to Asterisk server, Jitsi keeps failing. Howver, if I add the same "allow all" rule from the network to the local machine, Jitsi works. Obviously, having the Firewall enabled but with an "allow all" rule doesn't make sense. So I tried to add a less open rule such as "allow from Asterisk IP address to local machine" and that made Jitsi "fail" (no way to dial out). So I'm really puzzled since I don't even know how to log packets to a file in Win 7 from the firewall itself. Anyway, I'll try to find out.

On the other hand, other softphones such as Linphone using UDP work fine with Windows 7 firewall enabled (with a program-specific exception).

Which of the Jitsi applications is actually doing the networking? I'm supposing javaw.exe. What is run.exe for?
Should run.exe always be running, ie., should I always see it in the task manager even if javaw.exe is up and running?

Thanks,

Vieri

···

--- On Thu, 4/28/11, Emil Ivov <emcho@jitsi.org> wrote:

Hey Vieri,

На 28.04.11 13:31, Vieri написа:
>> If the problem persists, could you please send us
the log zip [0]
>> ?
>
> I'm attaching it in the hope it can be helpful (made a
call from
> exten 4053 to exten 6666 but it just wouldn't ring).

It seems that Asterisk responds with an authentication
challenge to our
first INVITE (which is expected) and we receive that.

We then send an authenticated INVITE but we never get a
response for
that so we just keep retransmitting it.

From the asterisk logs you attached in your previous mail
it seems that
Asterisk never gets these retransmissions, so that's what
the Windows
firewall is blocking and I have no idea why it would be
doing so.

Maybe using TCP or TLS would help change this?


#4

Hi Vieri,

I think I have seen once this behavior. Can you try switching off some
codecs that you don't use. You can also disable "indicate zrtp in sip"
option in your sip account as zrtp cannot be used with asterisk.
What I have seen is windows blocking udp packets because they are too
big(as I have seen in your dumps).

Regards
damencho

···

On Thu, Apr 28, 2011 at 4:03 PM, Vieri <rentorbuy@yahoo.com> wrote:

--- On Thu, 4/28/11, Emil Ivov <emcho@jitsi.org> wrote:

Hey Vieri,

На 28.04.11 13:31, Vieri написа:
>> If the problem persists, could you please send us
the log zip [0]
>> ?
>
> I'm attaching it in the hope it can be helpful (made a
call from
> exten 4053 to exten 6666 but it just wouldn't ring).

It seems that Asterisk responds with an authentication
challenge to our
first INVITE (which is expected) and we receive that.

We then send an authenticated INVITE but we never get a
response for
that so we just keep retransmitting it.

From the asterisk logs you attached in your previous mail
it seems that
Asterisk never gets these retransmissions, so that's what
the Windows
firewall is blocking and I have no idea why it would be
doing so.

Maybe using TCP or TLS would help change this?

Hi Emil,

I don't have Asterisk 1.6 installed yet and I don't know if there's TCP support for 1.4 or a patch for that.
So I can't try TCP.

Thanks for the explanation above but curiously, Windows firewall isn't blocking traffic FROM my Win 7 PC TO Asterisk but the other way around. If I add a custom rule to "allow all" from local machine to Asterisk server, Jitsi keeps failing. Howver, if I add the same "allow all" rule from the network to the local machine, Jitsi works. Obviously, having the Firewall enabled but with an "allow all" rule doesn't make sense. So I tried to add a less open rule such as "allow from Asterisk IP address to local machine" and that made Jitsi "fail" (no way to dial out). So I'm really puzzled since I don't even know how to log packets to a file in Win 7 from the firewall itself. Anyway, I'll try to find out.

On the other hand, other softphones such as Linphone using UDP work fine with Windows 7 firewall enabled (with a program-specific exception).

Which of the Jitsi applications is actually doing the networking? I'm supposing javaw.exe. What is run.exe for?
Should run.exe always be running, ie., should I always see it in the task manager even if javaw.exe is up and running?

Thanks,

Vieri


#5

Hi Vieri,

I think I have seen once this behavior. Can you try
switching off some
codecs that you don't use. You can also disable "indicate
zrtp in sip"
option in your sip account as zrtp cannot be used with
asterisk.
What I have seen is windows blocking udp packets because
they are too
big(as I have seen in your dumps).

Thanks Damian!

You nailed the problem.
It seems that the codecs that are causing trouble with Windows 7 Firewall are Speex 32000 and G722 16000.
Disabling them allows me to dial out correctly.

Puzzling but it works.

Thanks,

Vieri

···

--- On Thu, 4/28/11, Damian Minkov <damencho@jitsi.org> wrote:

Regards
damencho

On Thu, Apr 28, 2011 at 4:03 PM, Vieri <rentorbuy@yahoo.com> > wrote:
>
> --- On Thu, 4/28/11, Emil Ivov <emcho@jitsi.org> > wrote:
>
>> Hey Vieri,
>>
>> На 28.04.11 13:31, Vieri написа:
>> >> If the problem persists, could you please
send us
>> the log zip [0]
>> >> ?
>> >
>> > I'm attaching it in the hope it can be
helpful (made a
>> call from
>> > exten 4053 to exten 6666 but it just wouldn't
ring).
>>
>> It seems that Asterisk responds with an
authentication
>> challenge to our
>> first INVITE (which is expected) and we receive
that.
>>
>> We then send an authenticated INVITE but we never
get a
>> response for
>> that so we just keep retransmitting it.
>>
>> From the asterisk logs you attached in your
previous mail
>> it seems that
>> Asterisk never gets these retransmissions, so
that's what
>> the Windows
>> firewall is blocking and I have no idea why it
would be
>> doing so.
>>
>> Maybe using TCP or TLS would help change this?
>
> Hi Emil,
>
> I don't have Asterisk 1.6 installed yet and I don't
know if there's TCP support for 1.4 or a patch for that.
> So I can't try TCP.
>
> Thanks for the explanation above but curiously,
Windows firewall isn't blocking traffic FROM my Win 7 PC TO
Asterisk but the other way around. If I add a custom rule to
"allow all" from local machine to Asterisk server, Jitsi
keeps failing. Howver, if I add the same "allow all" rule
from the network to the local machine, Jitsi works.
Obviously, having the Firewall enabled but with an "allow
all" rule doesn't make sense. So I tried to add a less open
rule such as "allow from Asterisk IP address to local
machine" and that made Jitsi "fail" (no way to dial out). So
I'm really puzzled since I don't even know how to log
packets to a file in Win 7 from the firewall itself. Anyway,
I'll try to find out.
>
> On the other hand, other softphones such as Linphone
using UDP work fine with Windows 7 firewall enabled (with a
program-specific exception).
>
> Which of the Jitsi applications is actually doing the
networking? I'm supposing javaw.exe. What is run.exe for?
> Should run.exe always be running, ie., should I always
see it in the task manager even if javaw.exe is up and
running?
>
> Thanks,
>
> Vieri
>
>


#6

Hi again,

Hi Vieri,

I think I have seen once this behavior. Can you try
switching off some
codecs that you don't use. You can also disable "indicate
zrtp in sip"
option in your sip account as zrtp cannot be used with
asterisk.
What I have seen is windows blocking udp packets because
they are too
big(as I have seen in your dumps).

Thanks Damian!

You nailed the problem.
It seems that the codecs that are causing trouble with Windows 7 Firewall are Speex 32000 and G722 16000.
Disabling them allows me to dial out correctly.

I'm glad we figured it out. No, its not the codecs causing the
problem, its that when you disable them the udp packet size was
reduced (the SIP INVITE one in which all enabled codecs are described)
and the packet was not dropped from the windows firewall.

Cheers
damencho

···

On Thu, Apr 28, 2011 at 5:00 PM, Vieri <rentorbuy@yahoo.com> wrote:

--- On Thu, 4/28/11, Damian Minkov <damencho@jitsi.org> wrote:

Puzzling but it works.

Thanks,

Vieri

Regards
damencho

On Thu, Apr 28, 2011 at 4:03 PM, Vieri <rentorbuy@yahoo.com> >> wrote:
>
> --- On Thu, 4/28/11, Emil Ivov <emcho@jitsi.org> >> wrote:
>
>> Hey Vieri,
>>
>> На 28.04.11 13:31, Vieri написа:
>> >> If the problem persists, could you please
send us
>> the log zip [0]
>> >> ?
>> >
>> > I'm attaching it in the hope it can be
helpful (made a
>> call from
>> > exten 4053 to exten 6666 but it just wouldn't
ring).
>>
>> It seems that Asterisk responds with an
authentication
>> challenge to our
>> first INVITE (which is expected) and we receive
that.
>>
>> We then send an authenticated INVITE but we never
get a
>> response for
>> that so we just keep retransmitting it.
>>
>> From the asterisk logs you attached in your
previous mail
>> it seems that
>> Asterisk never gets these retransmissions, so
that's what
>> the Windows
>> firewall is blocking and I have no idea why it
would be
>> doing so.
>>
>> Maybe using TCP or TLS would help change this?
>
> Hi Emil,
>
> I don't have Asterisk 1.6 installed yet and I don't
know if there's TCP support for 1.4 or a patch for that.
> So I can't try TCP.
>
> Thanks for the explanation above but curiously,
Windows firewall isn't blocking traffic FROM my Win 7 PC TO
Asterisk but the other way around. If I add a custom rule to
"allow all" from local machine to Asterisk server, Jitsi
keeps failing. Howver, if I add the same "allow all" rule
from the network to the local machine, Jitsi works.
Obviously, having the Firewall enabled but with an "allow
all" rule doesn't make sense. So I tried to add a less open
rule such as "allow from Asterisk IP address to local
machine" and that made Jitsi "fail" (no way to dial out). So
I'm really puzzled since I don't even know how to log
packets to a file in Win 7 from the firewall itself. Anyway,
I'll try to find out.
>
> On the other hand, other softphones such as Linphone
using UDP work fine with Windows 7 firewall enabled (with a
program-specific exception).
>
> Which of the Jitsi applications is actually doing the
networking? I'm supposing javaw.exe. What is run.exe for?
> Should run.exe always be running, ie., should I always
see it in the task manager even if javaw.exe is up and
running?
>
> Thanks,
>
> Vieri
>
>


#7

На 28.04.11 17:00, Vieri написа:

I think I have seen once this behavior. Can you try switching off some
codecs that you don't use. You can also disable "indicate zrtp in sip"
option in your sip account as zrtp cannot be used with asterisk.
What I have seen is windows blocking udp packets because they are too
big(as I have seen in your dumps).

Thanks Damian!

You nailed the problem.
It seems that the codecs that are causing trouble with Windows 7 Firewall are Speex 32000 and G722 16000.
Disabling them allows me to dial out correctly.

Puzzling but it works.

Actually, it's not really the codecs. It's about packet size, as Damian
indicated. When you have all codecs enabled and video activated, your
INVITE packets are likely to go beyond your current link MTU so they are
being fragmented by the IP stack.

The windows firewall is probably blocking the IP fragments.

Cheers,
Emil

···

Thanks,

Vieri

Regards
damencho

On Thu, Apr 28, 2011 at 4:03 PM, Vieri <rentorbuy@yahoo.com> >> wrote:

--- On Thu, 4/28/11, Emil Ivov <emcho@jitsi.org> >> wrote:

Hey Vieri,

На 28.04.11 13:31, Vieri написа:

If the problem persists, could you please

send us

the log zip [0]

?

I'm attaching it in the hope it can be

helpful (made a

call from

exten 4053 to exten 6666 but it just wouldn't

ring).

It seems that Asterisk responds with an

authentication

challenge to our
first INVITE (which is expected) and we receive

that.

We then send an authenticated INVITE but we never

get a

response for
that so we just keep retransmitting it.

From the asterisk logs you attached in your

previous mail

it seems that
Asterisk never gets these retransmissions, so

that's what

the Windows
firewall is blocking and I have no idea why it

would be

doing so.

Maybe using TCP or TLS would help change this?

Hi Emil,

I don't have Asterisk 1.6 installed yet and I don't

know if there's TCP support for 1.4 or a patch for that.

So I can't try TCP.

Thanks for the explanation above but curiously,

Windows firewall isn't blocking traffic FROM my Win 7 PC TO
Asterisk but the other way around. If I add a custom rule to
"allow all" from local machine to Asterisk server, Jitsi
keeps failing. Howver, if I add the same "allow all" rule
from the network to the local machine, Jitsi works.
Obviously, having the Firewall enabled but with an "allow
all" rule doesn't make sense. So I tried to add a less open
rule such as "allow from Asterisk IP address to local
machine" and that made Jitsi "fail" (no way to dial out). So
I'm really puzzled since I don't even know how to log
packets to a file in Win 7 from the firewall itself. Anyway,
I'll try to find out.

On the other hand, other softphones such as Linphone

using UDP work fine with Windows 7 firewall enabled (with a
program-specific exception).

Which of the Jitsi applications is actually doing the

networking? I'm supposing javaw.exe. What is run.exe for?

Should run.exe always be running, ie., should I always

see it in the task manager even if javaw.exe is up and
running?

Thanks,

Vieri

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31


#8

I see now. Thanks to you and Emil.

Vieri

···

--- On Thu, 4/28/11, Damian Minkov <damencho@sip-communicator.org> wrote:

Hi again,

On Thu, Apr 28, 2011 at 5:00 PM, Vieri <rentorbuy@yahoo.com> > wrote:
>
>
> --- On Thu, 4/28/11, Damian Minkov <damencho@jitsi.org> > wrote:
>
>> Hi Vieri,
>>
>> I think I have seen once this behavior. Can you
try
>> switching off some
>> codecs that you don't use. You can also disable
"indicate
>> zrtp in sip"
>> option in your sip account as zrtp cannot be used
with
>> asterisk.
>> What I have seen is windows blocking udp packets
because
>> they are too
>> big(as I have seen in your dumps).
>
> Thanks Damian!
>
> You nailed the problem.
> It seems that the codecs that are causing trouble with
Windows 7 Firewall are Speex 32000 and G722 16000.
> Disabling them allows me to dial out correctly.

I'm glad we figured it out. No, its not the codecs causing
the
problem, its that when you disable them the udp packet size
was
reduced (the SIP INVITE one in which all enabled codecs are
described)
and the packet was not dropped from the windows firewall.