[asterisk-users] Rejecting secure audio stream without encryption details - when using ws clients and Kamailio integration

Olli Heiskanen ohjelmistoarkkitehti at gmail.com
Sat Jul 26 04:58:44 CDT 2014 

Greetings,

I've noticed a problem that might originate from my Asterisk configuration,
could use a hand in sorting it out. Problem is a 488 response from Asterisk
whenever it gets RTP/SAVPF profile in the SDP.

My current setup has Asterisk Kamailio realtime integration, and Kamailio
uses dispatcher to route calls for Asterisk to handle. Now I have only one
Asterisk, on the same machine as Kamailio. The version is 11.10.2. With
Kamailio I use rtpengine, which affects SDP descriptions when 488 response
is received.

My goal is to enable two websocket clients using Chrome to call each other,
using Kamailio as outbound proxy. Kamailio routes signaling to Asterisk,
and then back to clients. Currently the problem is RTP, when INVITE is
received from client A to Kamailio, it is relayed to Asterisk. Asterisk
responds with 488 Not Acceptable here and the cli says:

 NOTICE[11642][C-00000006]: chan_sip.c:10124 process_sdp: Received SAVPF
profle in audio offer but AVPF is not enabled, enabling: audio 30212
RTP/SAVPF 111 103 104 0 8 106 105 13 126
 WARNING[11642][C-00000006]: chan_sip.c:10509 process_sdp: Rejecting secure
audio stream without encryption details: audio 30212 RTP/SAVPF 111 103 104
0 8 106 105 13 126


Strange thing is, I don't know why Asterisk says AVPF is not enabled. The
warning about rejecting the audio stream must be behind the 488 response
but I didn't find any answers that would solve my case so I must turn to
you guys. In my sip.conf I have savpf=yes, but is there something else I
need to enable or change in the configs or change my peer configurations?

I'm not sure if this is relevant but I checked that Asterisk was
successfully compiled with res_srtp module.

Here's my sip.conf contents:

bindport = 5070 ; using this since Kamailio is at 5060
bindaddr = PU.BL.IC.IP
tcpenable = yes ;no
limitonpeers = yes
rtcachefriends = yes    ; for realtime
rtupdate=yes
tos_sip=cs3
tos_audio=ef
useragent=MyAsterisk
realm = myrealm.com

autodomain=no
domain=PU.BL.IC.IP
domain=testers.com

allowexternaldomains=no
allowguest=no
avpf=yes
encryption=yes

transport=ws,udp
icesupport=yes
srvlookup=yes


And here's an example of a ws client in my realtime peer table:

                id: 4
              name: 660
            ipaddr: PU.BL.IC.IP
              port: 5060
        regseconds: 1406368294
       defaultuser: 660
       fullcontact: sip:660 at PU.BL.IC.IP:5060
         regserver:
         useragent:
            lastms: 0
              host: dynamic
              type: friend
           context: default
              deny: 0.0.0.0/0.0.0.0
            permit: PU.BL.IC.IP
            secret: NULL
         md5secret: NULL
      remotesecret: NULL
         transport: NULL
          dtmfmode: NULL
       directmedia: NULL
               nat: force_rport,comedia
         callgroup: NULL
       pickupgroup: NULL
          language: NULL
          disallow: NULL
             allow: NULL
          insecure: NULL
         trustrpid: NULL
    progressinband: NULL
      promiscredir: NULL
     useclientcode: NULL
       accountcode: NULL
            setvar: NULL
          callerid: NULL
          amaflags: NULL
       callcounter: NULL
         busylevel: NULL
      allowoverlap: NULL
    allowsubscribe: NULL
      videosupport: NULL
    maxcallbitrate: NULL
 rfc2833compensate: NULL
           mailbox: NULL
    session-timers: NULL
   session-expires: NULL
     session-minse: NULL
 session-refresher: NULL
t38pt_usertpsource: NULL
          regexten: NULL
        fromdomain: testers.com
          fromuser: 660
           qualify: NULL
         defaultip: NULL
        rtptimeout: NULL
    rtpholdtimeout: NULL
          sendrpid: NULL
     outboundproxy: PU.BL.IC.IP
           timert1: NULL
            timerb: NULL
       qualifyfreq: NULL
      constantssrc: NULL
     contactpermit: NULL
       contactdeny: NULL
       usereqphone: NULL
       textsupport: NULL
         faxdetect: NULL
          buggymwi: NULL
              auth: NULL
          fullname: NULL
         trunkname: NULL
        cid_number: NULL
       callingpres: NULL
      mohinterpret: NULL
        mohsuggest: NULL
        parkinglot: NULL
      hasvoicemail: NULL
      subscribemwi: NULL
           vmexten: NULL
       autoframing: NULL
      rtpkeepalive: NULL
        call-limit: NULL
   g726nonstandard: NULL
  ignoresdpversion: NULL
     allowtransfer: NULL
           dynamic: NULL
              path: NULL
       supportpath: NULL
         sippasswd: my-md5-pwd
              rpid: NULL
            domain: testers.com
        sippasswd2: NULL


I'd greatly appreciate help on this!

cheers,
Olli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140726/27df226f/attachment.html>

More information about the asterisk-users mailing list