[asterisk-users] TLS/SRTP calls go to circuit busy.
Mitch Johnson
mitch.johnson7 at gmail.com
Thu Mar 3 14:22:05 CST 2011
Thanks so much for pointing this out. I was curious why the commands in the documentation differed to the commands I was using.
That problem is fixed, but now I have a new issue. I can call with no issues, however, as soon as I answer one of the calls I see the error: ast_srtp_unprotect: SRTP unprotect: authentication failure. Below is a snippet of the debug as the call is answered.
v=0
o=root 306031538 306031538 IN IP4 172.16.200.60
s=Asterisk PBX 1.8.2.4
c=IN IP4 172.16.200.60
t=0 0
m=audio 15274 RTP/SAVP 0 3 96
a=rtpmap:0 PCMU/8000
a=rtpmap:3 GSM/8000
a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-16
a=ptime:20
a=sendrecv
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:iINHae+LvAVdSJwhOJjE3BtyZLVuYFG6ctUjDZst
<------------>
[Mar 3 15:02:25] WARNING[13599]: res_srtp.c:338 ast_srtp_unprotect: SRTP unprotect: authentication failure
<--- SIP read from TLS:172.16.201.10:50600 --->
BYE sip:6003 at 172.16.200.60:5061;transport=TLS SIP/2.0
Via: SIP/2.0/TLS 172.16.201.10:50600;rport;branch=z9hG4bKPjbLo4aOOGOax.f5DovLkV-rasCIhsca7A
Max-Forwards: 70
From: "Asterisk" <sip:6004 at 172.16.200.60>;tag=Kbf7ZANMEn4pRtHrYTZJkOfqYg226z-I
To: <sip:6003 at 172.16.200.60>;tag=as21b6a1ac
Call-ID: LWPc00KmvuwzLJfizX-2.7fBtE8ILwhX
CSeq: 6714 BYE
Content-Length: 0
<------------->
--- (8 headers 0 lines) ---
<--- Reliably Transmitting (NAT) to 172.16.201.10:50600 --->
SIP/2.0 487 Request Terminated
Via: SIP/2.0/TLS 172.16.201.10:50600;branch=z9hG4bKPjbJVHFgqcrclq3kJh9hDZfg-I6joRN3QL;received=172.16.201.10;rport=50600
From: "Asterisk" <sip:6004 at 172.16.200.60>;tag=Kbf7ZANMEn4pRtHrYTZJkOfqYg226z-I
To: <sip:6003 at 172.16.200.60>;tag=as21b6a1ac
Call-ID: LWPc00KmvuwzLJfizX-2.7fBtE8ILwhX
CSeq: 6713 INVITE
Server: Asterisk PBX 1.8.2.4
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Length: 0
>
> Message: 8
> Date: Tue, 1 Mar 2011 10:04:14 -0600
> From: Terry Wilson <twilson at digium.com>
> Subject: Re: [asterisk-users] TLS/SRTP calls go to circuit busy.
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> <asterisk-users at lists.digium.com>
> Message-ID: <B401C9B4-0721-43B4-9762-C3F02483B52B at digium.com>
> Content-Type: text/plain; charset="us-ascii"
>
> On Feb 28, 2011, at 7:19 PM, mitch Johnson wrote:
>
>> I'm in the process of testing a TLS/SRTP install. My experience is improving with each new challenge, but this one is a great test of my 2 month experience with Asterisk.
>
>> [myphones]
>>
>> ;exten => 6001,1,Dial(SIP/6001)
>> ;exten => 6001,2,Hangup()
>> exten => 6001,1,Set(_SIPSRTP_CRYPTO=enable)
>> exten => 6001,2,Dial(SIP/${EXTEN})
>>
>
> There is no such thing as the _SIPSRTP_CRYPTO variable. That was from a very old version of the SRTP patch. Ignore pretty much anything on issue 5413 and instead look at https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial and https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Specifics. You would use encryption=yes/no in sip.conf and Set(CHANNEL(secure_bridge_signaling)=1) to force SRTP calls. I'm assuming that you are using Asterisk 1.8 instead of one of the patches on issue 5413--if not, then do that. ;-)
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110301/f3436edc/attachment-0001.htm>
>
> ------------------------------
>
More information about the asterisk-users
mailing list