[asterisk-dev] SIP TLS: traffic flow phone-server-phone

Raj Jain rj2807 at gmail.com
Tue Jun 3 09:35:13 CDT 2008 

You've probably stumbled upon some issue in SIP-over-TCP area in
Asterisk. Pls. post this on bug tracker with debug log, wireshark
trace etc.

--
Raj Jain


On Tue, Jun 3, 2008 at 4:38 AM, Lukas Auer <lukas at yetnet.ch> wrote:
> Hi,
>
> Thanks for the prompt answer. The only thing I touched is TLS for SIP
> support though.
>
> I did this by a) entering the following lines in sip.conf:
>   tlsenable=yes
>   tlscertfile=/etc/asterisk/ssl/asterisk.ssl
>   tlscafile=/etc/asterisk/ssl/cacert.crt
>
> and b) by configuring the Outbound Proxy on both my snom phones like this:
>   192.168.0.1:5061;transport=tls
> whereas 192.168.0.1 is my asterisk server.
>
>
> Other things I did for testing:
> - Reset the snom phones and configure them identically (especially codecs)
>
> - upgrade the snom phones to newest firmware version (7.1.30)
>
> - test with different asterisk versions (svn checkout of 1.6.0-beta9 trunk
> folder and srtp version from jpeeler)
>
> - force a-law codec
>  sip.conf:
>  disallow=all
>  allow=alaw
>
>  asterisk*CLI> sip show channels
>  Peer             User/ANR    Call ID          Format           Hold
> Last Message
>  192.168.0.42     42          1d1b2fe1042eac3  0x8 (alaw)       No
> Tx: ACK
>  192.168.0.43     43          3c2670ae815b-3j  0x8 (alaw)       No
> Tx: ACK
>  2 active SIP dialogs
>
> - same as above, but force u-law codec
>
> - Insert the line "canreinvite=yes" in sip.conf for both phones
>
> - when a call between the two phones is being established, asterisk shows
> the following message on its CLI:
>  Native bridging SIP/43-082774b8 and SIP/42-082748c8
>
> - All the phones and the server are in the same subnet, no NAT, nothing
>
> - the dial command from extensions.conf is very simple, no 't', 'T', 'h',
> 'H', 'w', 'W' or 'L' arguments:
>  exten => 42,1,Answer
>  exten => 42,n,Dial(SIP/42)
>
>  exten => 43,1,Answer
>  exten => 43,n,Dial(SIP/43)
>
>
> All this did not bring me any closer to a phone-to-phone traffic flow. As
> soon as I disable TLS, everything is perfect again and asterisk sends a
> proper re-invite causing the phones to talk directly with each other.
>
> Does anybody have any ideas/suggestions? Thanks a lot.
>
> Lukas Auer
>
>
>
> -----Original Message-----
> From: Russell Bryant [mailto:russell at digium.com]
> Sent: Dienstag, 27. Mai 2008 05:16
> To: Lukas; Asterisk Developers Mailing List
> Subject: Re: [asterisk-dev] SIP TLS: traffic flow phone-server-phone
>
>
> On May 26, 2008, at 7:26 AM, Lukas wrote:
>> But the moment I activate SIP over TLS the route of the voice
>> traffic changes so that it now all flows from the caller's phone to
>> the server and from the server further on to the callee's phone. Why
>> did this route change?
>>
>> Are there some legal reasons for that?
>>
> I can not think of any reason that this should happen by _only_
> enabling TLS for SIP.  There are many other things that will make
> Asterisk not send a re-INVITE to the phones, but changing the
> transport is not one of them.
>
> --
> Russell Bryant
> Senior Software Engineer
> Open Source Team Lead
> Digium, Inc.
>
>
>
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-dev
>

More information about the asterisk-dev mailing list