[asterisk-users] Rejecting secure audio stream without encryption details - when using ws clients and Kamailio integration
Olli Heiskanen
ohjelmistoarkkitehti at gmail.com
Fri Aug 1 03:56:59 CDT 2014
Hi,
I got ahead with my setup, this post helped me much:
http://forums.digium.com/viewtopic.php?f=1&t=90167&sid=66fdf8cc4be5d955ba584e989a23442f
At least the avpf setting had to be removed from sip.conf and put in the
realtime db table, defined per client. I left the encryption setting in
sip.conf. I had some problems calling from SIP client to another, then had
to define avpf=no for those clients. Personally I don't like to use
different settings to different clients, is there a way around this?
With this setup I can make calls between SIP clients but not ws clients. My
client (now I use sip.js) fails to parse the sdp - including the apparently
correct rtp profile UDP/TLS/RTP/SAVPF - and sends back 488, which makes the
call fail. I'd like to hear opinions from you guys which would be the
correct place to handle this? My setup has Asterisk Kamailio realtime
integration, and I use dispatcher in Kamailio to route calls to Asterisk.
Kamailio sounds like the logical place, but I'd rather find a way to not
change the rtp profile along the way, at least until the clients can
support that one.
cheers,
Olli
2014-07-26 12:58 GMT+03:00 Olli Heiskanen <ohjelmistoarkkitehti at gmail.com>:
>
> Greetings,
>
> I've noticed a problem that might originate from my Asterisk
> configuration, could use a hand in sorting it out. Problem is a 488
> response from Asterisk whenever it gets RTP/SAVPF profile in the SDP.
>
> My current setup has Asterisk Kamailio realtime integration, and Kamailio
> uses dispatcher to route calls for Asterisk to handle. Now I have only one
> Asterisk, on the same machine as Kamailio. The version is 11.10.2. With
> Kamailio I use rtpengine, which affects SDP descriptions when 488 response
> is received.
>
> My goal is to enable two websocket clients using Chrome to call each
> other, using Kamailio as outbound proxy. Kamailio routes signaling to
> Asterisk, and then back to clients. Currently the problem is RTP, when
> INVITE is received from client A to Kamailio, it is relayed to Asterisk.
> Asterisk responds with 488 Not Acceptable here and the cli says:
>
> NOTICE[11642][C-00000006]: chan_sip.c:10124 process_sdp: Received SAVPF
> profle in audio offer but AVPF is not enabled, enabling: audio 30212
> RTP/SAVPF 111 103 104 0 8 106 105 13 126
> WARNING[11642][C-00000006]: chan_sip.c:10509 process_sdp: Rejecting
> secure audio stream without encryption details: audio 30212 RTP/SAVPF 111
> 103 104 0 8 106 105 13 126
>
>
> Strange thing is, I don't know why Asterisk says AVPF is not enabled. The
> warning about rejecting the audio stream must be behind the 488 response
> but I didn't find any answers that would solve my case so I must turn to
> you guys. In my sip.conf I have savpf=yes, but is there something else I
> need to enable or change in the configs or change my peer configurations?
>
> I'm not sure if this is relevant but I checked that Asterisk was
> successfully compiled with res_srtp module.
>
> Here's my sip.conf contents:
>
> bindport = 5070 ; using this since Kamailio is at 5060
> bindaddr = PU.BL.IC.IP
> tcpenable = yes ;no
> limitonpeers = yes
> rtcachefriends = yes ; for realtime
> rtupdate=yes
> tos_sip=cs3
> tos_audio=ef
> useragent=MyAsterisk
> realm = myrealm.com
>
> autodomain=no
> domain=PU.BL.IC.IP
> domain=testers.com
>
> allowexternaldomains=no
> allowguest=no
> avpf=yes
> encryption=yes
>
> transport=ws,udp
> icesupport=yes
> srvlookup=yes
>
>
> And here's an example of a ws client in my realtime peer table:
>
> id: 4
> name: 660
> ipaddr: PU.BL.IC.IP
> port: 5060
> regseconds: 1406368294
> defaultuser: 660
> fullcontact: sip:660 at PU.BL.IC.IP:5060
> regserver:
> useragent:
> lastms: 0
> host: dynamic
> type: friend
> context: default
> deny: 0.0.0.0/0.0.0.0
> permit: PU.BL.IC.IP
> secret: NULL
> md5secret: NULL
> remotesecret: NULL
> transport: NULL
> dtmfmode: NULL
> directmedia: NULL
> nat: force_rport,comedia
> callgroup: NULL
> pickupgroup: NULL
> language: NULL
> disallow: NULL
> allow: NULL
> insecure: NULL
> trustrpid: NULL
> progressinband: NULL
> promiscredir: NULL
> useclientcode: NULL
> accountcode: NULL
> setvar: NULL
> callerid: NULL
> amaflags: NULL
> callcounter: NULL
> busylevel: NULL
> allowoverlap: NULL
> allowsubscribe: NULL
> videosupport: NULL
> maxcallbitrate: NULL
> rfc2833compensate: NULL
> mailbox: NULL
> session-timers: NULL
> session-expires: NULL
> session-minse: NULL
> session-refresher: NULL
> t38pt_usertpsource: NULL
> regexten: NULL
> fromdomain: testers.com
> fromuser: 660
> qualify: NULL
> defaultip: NULL
> rtptimeout: NULL
> rtpholdtimeout: NULL
> sendrpid: NULL
> outboundproxy: PU.BL.IC.IP
> timert1: NULL
> timerb: NULL
> qualifyfreq: NULL
> constantssrc: NULL
> contactpermit: NULL
> contactdeny: NULL
> usereqphone: NULL
> textsupport: NULL
> faxdetect: NULL
> buggymwi: NULL
> auth: NULL
> fullname: NULL
> trunkname: NULL
> cid_number: NULL
> callingpres: NULL
> mohinterpret: NULL
> mohsuggest: NULL
> parkinglot: NULL
> hasvoicemail: NULL
> subscribemwi: NULL
> vmexten: NULL
> autoframing: NULL
> rtpkeepalive: NULL
> call-limit: NULL
> g726nonstandard: NULL
> ignoresdpversion: NULL
> allowtransfer: NULL
> dynamic: NULL
> path: NULL
> supportpath: NULL
> sippasswd: my-md5-pwd
> rpid: NULL
> domain: testers.com
> sippasswd2: NULL
>
>
> I'd greatly appreciate help on this!
>
> cheers,
> Olli
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140801/e1309559/attachment.html>
More information about the asterisk-users
mailing list