[asterisk-users] snom and srtp
James Perkins
james at clove.net.au
Tue Aug 2 21:15:41 CDT 2011
Hi,
I am running asterisk 1.8.5.0 and have compiled in the srtp module
All but Snom phones are working.
I have set the srtp tag on the snoms to 80 and RTP/SAVP to mandatory and they worked for a few hours. This morning all snoms are reporting this when trying to make a call (this is snom calling snom).
---------snip------------------
== Using SIP RTP CoS mark 5
-- Executing [10000 at default-outbound08:1] Dial("SIP/10002-00000012", "SIP/10000,30") in new stack
== Using SIP RTP CoS mark 5
-- Called SIP/10000
-- SIP/10000-00000013 is circuit-busy
== Everyone is busy/congested at this time (1:0/1/0)
-- Executing [10000 at default-outbound08:2] VoiceMail("SIP/10002-00000012", "10000,uj") in new stack
[Aug 3 11:58:29] WARNING[9543]: res_srtp.c:384 ast_srtp_unprotect: SRTP unprotect: authentication failure
[Aug 3 11:58:29] WARNING[9543]: res_srtp.c:384 ast_srtp_unprotect: SRTP unprotect: authentication failure
-- <SIP/10002-00000012> Playing 'vm-theperson.g729' (language 'en')
-- <SIP/10002-00000012> Playing 'digits/1.g729' (language 'en')
-- <SIP/10002-00000012> Playing 'digits/0.g729' (language 'en')
-- <SIP/10002-00000012> Playing 'digits/0.g729' (language 'en')
-- <SIP/10002-00000012> Playing 'digits/0.g729' (language 'en')
-- <SIP/10002-00000012> Playing 'digits/0.g729' (language 'en')
sage*CLI>
Disconnected from Asterisk server
[root at sage asterisk]#
-------snip-------
The interesting thing here is the call fails at this point and for some reason the cli disconnects when the call fails.
Here is a call to a mobile which connects but the call dies in about 4 seconds
------snip--------
== Using SIP RTP CoS mark 5
-- Executing [0429835743 at default-outbound08:1] Dial("SIP/10002-00000000", "SIP/private-sip/0429835743") in new stack
== Using SIP RTP CoS mark 5
-- Called SIP/private-sip/0429835743
-- SIP/private-sip-00000001 is ringing
-- SIP/private-sip-00000001 answered SIP/10002-00000000
[Aug 3 12:06:05] WARNING[10146]: res_srtp.c:384 ast_srtp_unprotect: SRTP unprotect: authentication failure
[Aug 3 12:06:05] WARNING[10146]: res_srtp.c:384 ast_srtp_unprotect: SRTP unprotect: authentication failure
sage*CLI>
Disconnected from Asterisk server
------snip------------
I have done heaps of reading on SRTP unprotect error but cant really work it out from that.
Q. should I try the patch mentioned below and forget about snoms doing 80 bit incription or should I persevere with making this work?
thanks James
---snip---
Patch SRTP for 32bit
SRTP have a cryptographic hash to check the integrity of the encrypted packets.
It support two hash size:
● 32bit
● 80bit
In order to properly fine tune SRTP for mobile networks and to have compatibility with PrivateGSM Enterprise we must use
SRTP with hash at 32bit (HMAC_SHA1_32).
Asterisk 1.8 by default does not announce in SDP both 32bit and 80bit, but only the 80bit version even if both are supported.
This very small 1 line patch make Asterisk by default work with SRTP hash at 32bit .
Download the patch for HMAC_SHA1_32 RTP crypto offer
48. wget http://sourceforge.net/projects/Asterisk-amr/files/1.8.0-rc2_crypto_offer.diff/download
Apply the patch
49. cd Asterisk-1.8.0/ && patch -p2 < ../1.8.0-rc2_crypto_offer.diff
Go to Asterisk-1.8.0/ folder50. cd ..
Recompile Asterisk ,
51. make ; make instal
------------snip------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110803/41df90bc/attachment.htm>
More information about the asterisk-users
mailing list