[asterisk-dev] s?rtp via SIP/TLS/TCP

Matthew Jordan mjordan at digium.com
Mon Apr 20 11:16:03 CDT 2015


On Mon, Apr 20, 2015 at 10:41 AM, James Cloos <cloos at jhcloos.com> wrote:
> I'm not sure whether this is a bug, so I'm starting here.
>
> My remote asterisk (debian's compile of 13, currently 13.1.0) and my
> snom had been unable to rtp for some time.  I still use chan_sip.
>
> It took a few hours of testing, but I determined that when the phone
> registers and/or invites over tls, asterisk refuses to do either un-
> encrypted rtp or srtp unless force_avp=yes.
>
> The symptom was a hangup w/ unknown cause as soon as it was time to
> start rtp.  Ie, right after the OK.  Even with verbose and debug set
> to 9 no explanation was logged.  When I tried adding force_avp=yes
> everything started working again.
>
> I don't know when it stopped working (I don't get enough calls and
> send outgoing via a different asterisk); I presume that it stopped
> working when force_avp was added, but cannot confirm that.
>
> Is force_avp supposed to be required for non-dtls rtp when sip is
> secure?

Without a trace showing the SIP message traffic, any answer is going
to be a guess.

Guessing at what is occurring here: your phone is probably offering
optional/optimistic encryption. While optimistic encryption is
supported by chan_pjsip, currently, an offer with RTP/AVPF with crypto
attributes is currently rejected by chan_sip. See
https://issues.asterisk.org/jira/browse/ASTERISK-23989.

-- 
Matthew Jordan
Digium, Inc. | Director of Technology
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org



More information about the asterisk-dev mailing list