[asterisk-bugs] [Asterisk 0017925]: SRTP stops working anymore beta4

Asterisk Bug Tracker noreply at bugs.digium.com
Sun Sep 5 18:54:54 CDT 2010 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=17925 
====================================================================== 
Reported By:                notthematrix
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   17925
Category:                   Resources/res_srtp
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     feedback
Asterisk Version:           1.8.0-beta4 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): 1.8 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2010-08-29 14:33 CDT
Last Modified:              2010-09-05 18:54 CDT
====================================================================== 
Summary:                    SRTP stops working anymore beta4
Description: 
Looks like SRTP is not working proper anymore.
since beta4
Sound grabbled on one site....
looks like the same problem 
before we discovered constantssrc=yes had to be set,
and constantssrc=no is set.


====================================================================== 

---------------------------------------------------------------------- 
 (0126637) notthematrix (reporter) - 2010-09-05 18:54
 https://issues.asterisk.org/view.php?id=17925#c126637 
---------------------------------------------------------------------- 
Iam sorry for the late response but iam not in the position to test it
right now....
Since the machine we used for testing is now in use for production
(spare).

But its is not hard to reproduse this bug..

sip_general_custom.conf

qualify=5000
echocancel=yes
echocancelwhenbridged=yes

autoframing=yes

allow=g722,alaw,ulaw,gsm,g729,g723

;tcpenable=yes                    ; Enable server for incoming TCP
connections (default is no)
tlsenable=yes
tlsbindaddr=xxx.xxx.xxx.xxx:443
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscadir=/etc/asterisk/keys/ca/
tlscipher=HIGH
;tlsdontverifyserver=yes
allowguest=no

registerattempts=0
defaultexpirey=750
maxexpirey=1800
ignoresdpversion=yes
transport=tls

;registerattempts=0
;defaultexpirey=604800
;maxexpirey=702100
registertimeout=60
useragent=Asterisk PBX
sdpsession=Asterisk PBX
;sdpowner=0 0 IN IP4 192.168.1.24
udpbindaddr = xxx.xxx.xxx.xxx:443
rtptimeout = 60
rtpkeepalive = 0 
rtpholdtimeout = 300
constantssrc=yes

compactheaders = yes
videosupport= always


session-timers=refuse
session-expires=180
session-minse=90
session-refresher=uas




;
;--------------------------- SIP timers
----------------------------------------------------
; These timers are used primarily in INVITE transactions.
; The default for Timer T1 is 500 ms or the measured run-trip time
between
; Asterisk and the device if you have qualify=yes for the device.
;
t1min=100                       ; Minimum roundtrip time for messages to
monitored hosts
                                ; Defaults to 100 ms
timert1=2000                     ; Default T1 timer
                                ; Defaults to 500 ms or the measured
round-trip
                                ; time to a peer (qualify=yes).
timerb=32000                    ; Call setup timer. If a provisional
response is not received
                                ; in this amount of time, the call will
autocongest
                                ; Defaults to 64*timert1

qualifyfreq=60

qualifygap=150                 ; Number of milliseconds between each group
of peers being qualified
qualifypeers=1                 ; Number of peers in a group to be
qualified at the same time

The rest is to just add 2 standars extentions with asterisk now like



sip_additional.conf

[61889214119]
deny=0.0.0.0/0.0.0.0
disallow=all
type=friend
secret=blaaat24
qualify=yes
port=443
pickupgroup=
permit=0.0.0.0/0.0.0.0
nat=yes
mailbox=61889214119 at device
host=dynamic
dtmfmode=rfc2833
dial=SIP/61889214119
context=klant-61-1-12345678
canreinvite=no
callgroup=
callerid=device <61889214119>
allow=g729
accountcode=
call-limit=50
faxdetect=no


and

[61889214120]
deny=0.0.0.0/0.0.0.0
disallow=all
type=friend
secret=blaat25
qualify=yes
port=443
pickupgroup=
permit=0.0.0.0/0.0.0.0
nat=yes
mailbox=61889214119 at device
host=dynamic
dtmfmode=rfc2833
dial=SIP/61889214120
context=klant-61-1-12345678
canreinvite=no
callgroup=
callerid=device <61889214120>
allow=g729
accountcode=
call-limit=50
faxdetect=no

and in sip_custom_post.conf add

[61889214119](+)
transport=tls
encryption=yes


[61889214120](+)
transport=tls
encryption=yes

try to call  one to the other
and you will get the problem...
sorry for the inconvience :(
If I can  free a machine for testing I will post the results imiadtly...

maby twilson can test this I also helped him with testing the famous
https://bugs.digium.com/view.php?id=5413 tread He was using the same
devices as I do (grandstream)
again sorry for the inconviniance.. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-09-05 18:54 notthematrix   Note Added: 0126637                          
======================================================================

More information about the asterisk-bugs mailing list