[asterisk-dev] Asterisk 18.16.0-rc1 Now Available

Fridrich Maximilian M.Fridrich at commend.com
Tue Dec 20 04:29:12 CST 2022


Mr. Maier,

thank you very much for your feedback! We provided this specifically
for Telekom's "CompanyFlex" trunks which still require mediasec headers
according to their website [1]. Specifically, we have to adhere to
their technical specification 1TR119 [2].

> Does your patch work, too, if a server doesn't answer the Mediasec
> request?

We set the Require: mediasec header, so if a server does not understand
this, it MUST respond with 420 Bad Extension. Nonetheless, if you have
configured mediasec a server could ignore the mediasec headers and still
send 2XX replies to our requests. Since the mediasec headers are static
and no real security mechanism is negotiated anyways (all we need to do
is satisfy Telekom's requirements), we still allow further transactions
to take place (which is not how RFC 3329 intends it). However, it does
affect the SDP by setting the 3ge2ae attribute, even if the server never
sent us Security-Server headers.

> Do you maybe plan to get asterisk ready to cope with 3 completely
> independent SIP servers provided by the SRV lookup?

Unfortunately, I will probably not have time to look into that in the
near future. As stated above, we provided this patch to work with SIP
trunks (e.g. CompanyFlex) that explicitly require mediasec.

> I wasn't able to get it working. The headers you are setting
> unfortunately doesn't meet the Deutsche Telekom requirements - besides
> one additional bug.

Thank you for testing it! We have identified similar issues (see
ASTERISK-30276) and I just uploaded a patch fixing those [3]. I believe
this patch fixes the issues you are seeing. In our setup, it seems to
be working fine - including outgoing calls, re-registrations, and
OPTIONS.

Please let me know, if you are still experiencing issues with the new
patch.

Thanks,
Max

[1] https://hilfe.companyflex.de/de/grundlagen/systemvoraussetzungen
[2] https://www.telekom.de/hilfe/downloads/1tr119.pdf
[3] https://gerrit.asterisk.org/c/asterisk/+/19740



More information about the asterisk-dev mailing list