[asterisk-dev] s?rtp via SIP/TLS/TCP

Olle E. Johansson oej at edvina.net
Mon Apr 20 13:53:56 CDT 2015


On 20 Apr 2015, at 17:41, James Cloos <cloos at jhcloos.com> wrote:

> I'm not sure whether this is a bug, so I'm starting here.
> 
> My remote asterisk (debian's compile of 13, currently 13.1.0) and my
> snom had been unable to rtp for some time.  I still use chan_sip.
> 
> It took a few hours of testing, but I determined that when the phone
> registers and/or invites over tls, asterisk refuses to do either un-
> encrypted rtp or srtp unless force_avp=yes.
> 
> The symptom was a hangup w/ unknown cause as soon as it was time to
> start rtp.  Ie, right after the OK.  Even with verbose and debug set
> to 9 no explanation was logged.  When I tried adding force_avp=yes
> everything started working again.
> 
> I don't know when it stopped working (I don't get enough calls and
> send outgoing via a different asterisk); I presume that it stopped
> working when force_avp was added, but cannot confirm that.
> 
> Is force_avp supposed to be required for non-dtls rtp when sip is
> secure?

It's a bug in chan_sip that I fixed a while ago in one of my branches.
SNOM sends an SDES key but RTP/AVP in the offer and chan_sip
chokes. It's a one or two line fix - or turn off SRTP in the SNOM.

As Matt says, SNOM offers both RTP/AVP and SAVP in the
same SDP - but there's no reason for Asterisk to refuse the SDP
just because it finds SDES keys in what it parses as RTP/AVP.
A simple bug.

I am currently a bit lost in the conversion from SVN to GIT and haven't
got the source codes on this laptop, so I can't point to where the patch
is. Somewhere in the patches directory in the teapot branch is a good
guess.

Cheers,
/O



More information about the asterisk-dev mailing list