[asterisk-users] Asterisk and SRTP

Patrick Laimbock patrick at laimbock.com
Sat Apr 5 16:38:32 CDT 2014


On 04/05/2014 07:56 PM, William Wu wrote:
> Hi experts,
>
>     I am trying Asterisk SRTP in my environment, and find that when
> Asterisk is behind a NAT, the audi/video UDP ports opened for SRTP relay
> by Asterisk are local ports on the Asterisk server, media from the two
> clients out of the NAT (for example from Internet) can not reach the
> ports, and thus the two client can not establish the secure call via
> Asterisk. I have set up a STUN server and configured in rtp.conf, but
> seems Asterisk does not do STUN before it opens ports for SRTP. BTW,
> Non-SRTP call can work though.
>
>    Anyone can give advice on how to make SRTP work in such an env?

I have no problems with a TLS/SRTP call between a GSM with CSipSimple 
and Asterisk 11.8.1 behind NAT. Have you configured the NAT options in 
sip.conf?

externip=...
localnet=...
nat=...

You may also need to add/change the options below. Check the sip.conf 
example file to see what these options do and use what's best for your 
situation.

canreinvite=no
directmedia=no
directrtpsetup=no

HTH,
Patrick



More information about the asterisk-users mailing list