Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
truevalueit
New Contributor

Sangoma PBX: Sangoma Connect App Trying to Register

I’m having trouble with Sangoma talk app. It keeps trying to register but fails with “effective transport unspecified”. Has anyone solved this? I have a Fortinet firewall with port 5061UDP and RTP10000-20000 open, but RTP ports are closed when scanned. Any suggestions?

 

Here are the logs:

2023-07-31T20:40:08.441Z (1690836008441522)
Sip::Registration::onTransportError
Correlation Id: SiphoneUserAgent[104865000]SipUserAgent[104866200]
State: Registering
Retry: No
Error: GENERIC(3): Subcomponent Failure
In ali_net_connection2.cpp:457
ALI-SOCKET(4): Cannot Connect
In ali_net_tls_socket_impl2.cpp:802
Note: Remote Address: xxxxxxxxxxxxxx
TLS-ALERT(40): Handshake Failure (40)
In ali_protocol_tls_client.cpp:1684

2023-07-31T20:40:08.441Z (1690836008441552)
Sip::Registration::setState
Correlation Id: SiphoneUserAgent[104865000]SipUserAgent[104866200]
Current State: Registering
Next State: Error

getCurrentState: return state: Error
REGSTATECHANGED, current=Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified
2023-07-31T20:40:08.442Z (1690836008442703)
DialogSubscriptionAgentSeparate::resetDialogEvents_Basic
Reset Type: Soft
Active Subscription Count: 0
Pending Subscription Count: 0
Active:
Pending:

AgentWithRegistration::scheduling reconnect with timeout of 4000 ms
getCurrentRealState: return state: Error
getCurrentState: return state: Error
2023-07-31T20:40:08.442Z
onRegistrationStateChanged, accountId=0GMlnAlCFhX6jnsV
getCurrentState: return state: Error
getCurrentState: return state: Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified
getCurrentState: return state: Error
getCurrentState: return state: Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified
getCurrentState: return state: Error
getCurrentState: return state: Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified

 

 

 sangomaTalkIssue.gif

1 Solution
pgautam
Staff
Staff

Hi @truevalueit 

 

Thank you for posting your query here.

From the attached logs we are observing error "TLS-ALERT(40): Handshake Failure (40)
In ali_protocol_tls_client.cpp:1684" followed by "effective transport Unspecified".

 

In the detail, you mentioned you are using port 5061 UDP for the call registration. However, the error is pointing toward the TCP handshake. Could you please confirm the port and protocol used for the call registration?

 Could you please try using the UDP SIP 5060 or TCP 5060 for call registration and confirm?

 

If still you face issues in call registration then please collect the below sniffer log from the FGT and share it with us:-

diag sniffer packet any 'host x.x.x.x' 6 0 l -----where x.x.x.x is the source IP of the phone you are making a call from

 

 

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

2 REPLIES 2
pgautam
Staff
Staff

Hi @truevalueit 

 

Thank you for posting your query here.

From the attached logs we are observing error "TLS-ALERT(40): Handshake Failure (40)
In ali_protocol_tls_client.cpp:1684" followed by "effective transport Unspecified".

 

In the detail, you mentioned you are using port 5061 UDP for the call registration. However, the error is pointing toward the TCP handshake. Could you please confirm the port and protocol used for the call registration?

 Could you please try using the UDP SIP 5060 or TCP 5060 for call registration and confirm?

 

If still you face issues in call registration then please collect the below sniffer log from the FGT and share it with us:-

diag sniffer packet any 'host x.x.x.x' 6 0 l -----where x.x.x.x is the source IP of the phone you are making a call from

 

 

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

truevalueit

After some digging, I was able to address the issue by switching the transport from tls to udp and it now works. I applied some hardening to the policy. Thank you for your help. 

 

 

 

2023-08-08_8-57-48.png

Top Kudoed Authors