[asterisk-dev] SIP TLS: traffic flow phone-server-phone

Lukas Auer lukas at yetnet.ch
Tue Jun 3 03:38:26 CDT 2008 

Hi,

Thanks for the prompt answer. The only thing I touched is TLS for SIP
support though.

I did this by a) entering the following lines in sip.conf:
   tlsenable=yes
   tlscertfile=/etc/asterisk/ssl/asterisk.ssl
   tlscafile=/etc/asterisk/ssl/cacert.crt

and b) by configuring the Outbound Proxy on both my snom phones like this:
   192.168.0.1:5061;transport=tls
whereas 192.168.0.1 is my asterisk server.


Other things I did for testing:
- Reset the snom phones and configure them identically (especially codecs)

- upgrade the snom phones to newest firmware version (7.1.30)

- test with different asterisk versions (svn checkout of 1.6.0-beta9 trunk
folder and srtp version from jpeeler)

- force a-law codec
  sip.conf:
  disallow=all
  allow=alaw

  asterisk*CLI> sip show channels
  Peer             User/ANR    Call ID          Format           Hold
Last Message
  192.168.0.42     42          1d1b2fe1042eac3  0x8 (alaw)       No
Tx: ACK
  192.168.0.43     43          3c2670ae815b-3j  0x8 (alaw)       No
Tx: ACK
  2 active SIP dialogs

- same as above, but force u-law codec

- Insert the line "canreinvite=yes" in sip.conf for both phones

- when a call between the two phones is being established, asterisk shows
the following message on its CLI:
  Native bridging SIP/43-082774b8 and SIP/42-082748c8

- All the phones and the server are in the same subnet, no NAT, nothing

- the dial command from extensions.conf is very simple, no 't', 'T', 'h',
'H', 'w', 'W' or 'L' arguments:
  exten => 42,1,Answer
  exten => 42,n,Dial(SIP/42)

  exten => 43,1,Answer
  exten => 43,n,Dial(SIP/43)


All this did not bring me any closer to a phone-to-phone traffic flow. As
soon as I disable TLS, everything is perfect again and asterisk sends a
proper re-invite causing the phones to talk directly with each other.

Does anybody have any ideas/suggestions? Thanks a lot.

Lukas Auer



-----Original Message-----
From: Russell Bryant [mailto:russell at digium.com] 
Sent: Dienstag, 27. Mai 2008 05:16
To: Lukas; Asterisk Developers Mailing List
Subject: Re: [asterisk-dev] SIP TLS: traffic flow phone-server-phone


On May 26, 2008, at 7:26 AM, Lukas wrote:
> But the moment I activate SIP over TLS the route of the voice  
> traffic changes so that it now all flows from the caller's phone to  
> the server and from the server further on to the callee's phone. Why  
> did this route change?
>
> Are there some legal reasons for that?
>
I can not think of any reason that this should happen by _only_  
enabling TLS for SIP.  There are many other things that will make  
Asterisk not send a re-INVITE to the phones, but changing the  
transport is not one of them.

--
Russell Bryant
Senior Software Engineer
Open Source Team Lead
Digium, Inc.

More information about the asterisk-dev mailing list