[asterisk-users] Grandstream GXP2160 + SRTP

Jonas Kellens jonas.kellens at telenet.be
Wed Oct 8 04:01:34 CDT 2014 

On 07-10-14 12:32, Jonas Kellens wrote:
> Hello,
>
> I am trying to setup a Grandstream GXP2160 IP-phone with secure 
> calling (SRTP).
>
> Secure signaling SSIP for registration is working great !
>
> I follow this guide : 
> https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial
>
> But when I try to make a call with SRTP, I get stuck. There is an 
> initial INVITE which is anwered with a 401. There should follow a new 
> INVITE with a nonce, but this does not happen. Any idea why ? Is it 
> the Grandstream IP-phone ??
>
>
>
> <--- SIP read from TLS:my.pub.lic.ip:53416 --->
> INVITE sip:0123123123 at ast.ser.ver.ip:5061 SIP/2.0
> Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;rport;alias
> From: <sip:testacc77005 at ast.ser.ver.ip:5061>;tag=263162018
> To: <sip:0123123123 at ast.ser.ver.ip:5061>
> Call-ID: 1695864968-5068-8 at BJC.BGI.B.BAE
> CSeq: 50 INVITE
> Contact: <sips:testacc77005 at 192.168.1.104:5068;transport=tls>
> X-Grandstream-PBX: true
> Max-Forwards: 70
> User-Agent: Grandstream GXP2160 1.0.2.9
> Privacy: none
> P-Preferred-Identity: <sip:testacc77005 at ast.ser.ver.ip:5061>
> Supported: replaces, path, timer
> Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, 
> REFER, UPDATE, MESSAGE
> Content-Type: application/sdp
> Accept: application/sdp, application/dtmf-relay
> Content-Length: 522
>
> v=0
> o=testacc77005 8004 8000 IN IP4 192.168.1.104
> s=SIP Call
> c=IN IP4 192.168.1.104
> t=0 0
> m=audio 5020 RTP/SAVP 0 8 18 9 2 101
> a=sendrecv
> a=rtpmap:0 PCMU/8000
> a=ptime:20
> a=rtpmap:8 PCMA/8000
> a=rtpmap:18 G729/8000
> a=fmtp:18 annexb=no
> a=rtpmap:9 G722/8000
> a=rtpmap:2 G726-32/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-15
> a=crypto:1 AES_CM_128_HMAC_SHA1_80 
> inline:8m7ZfG+0t3KBFGK40IfDO11SZ6D54glKKIwdgo00|2^32
> a=crypto:2 AES_CM_128_HMAC_SHA1_32 
> inline:nn+id/sSK7OErMfnZZduKNPLejpscxx1vUQB2seO|2^32
>
>
> <--- Reliably Transmitting (NAT) to my.pub.lic.ip:53416 --->
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/TLS 
> 192.168.1.104:5068;branch=z9hG4bK60724585;alias;received=my.pub.lic.ip;rport=53416
> From: <sip:testacc77005 at ast.ser.ver.ip:5061>;tag=263162018
> To: <sip:0123123123 at ast.ser.ver.ip:5061>;tag=as1e527556
> Call-ID: 1695864968-5068-8 at BJC.BGI.B.BAE
> CSeq: 50 INVITE
> Server: mydomain
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, 
> INFO, PUBLISH
> Supported: replaces, timer
> WWW-Authenticate: Digest algorithm=MD5, realm="mydomain.be", 
> nonce="13b47342"
> Content-Length: 0
>
>
> <--- SIP read from TLS:my.pub.lic.ip:53416 --->
> ACK sip:0123123123 at ast.ser.ver.ip:5061 SIP/2.0
> Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;rport;alias
> From: <sip:testacc77005 at ast.ser.ver.ip:5061>;tag=263162018
> To: <sip:0123123123 at ast.ser.ver.ip:5061>;tag=as1e527556
> Call-ID: 1695864968-5068-8 at BJC.BGI.B.BAE
> CSeq: 50 ACK
> Content-Length: 0


Hello,

I seem to have the same problem with Snom 370 IP-phone. Registration 
works fine ! But I can not make calls with encrypted rtp.


<--- SIP read from TLS:my.pub.lic.ip:1068 --->
INVITE sip:0123123123 at ast.ser.ver.ip;user=phone SIP/2.0
Via: SIP/2.0/TLS 192.168.1.107:1068;branch=z9hG4bK-gxm8w1q7l2co;rport
From: <sip:testacc77003 at ast.ser.ver.ip>;tag=zdwiwg10qx
To: <sip:0123123123 at ast.ser.ver.ip;user=phone>
Call-ID: 3c2679977b67-9j0euqvseh5v
CSeq: 1 INVITE
Max-Forwards: 70
Contact: <sip:testacc77003 at 192.168.1.107:1068;transport=tls>;reg-id=1
X-Serialnumber: 0004132E2809
P-Key-Flags: resolution="31x13", keys="4"
User-Agent: snom370/8.4.35
Accept: application/sdp
Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, 
PRACK, MESSAGE, INFO, UPDATE
Allow-Events: talk, hold, refer, call-info
Supported: timer, 100rel, replaces, from-change
Call-Info: <sip:ast.ser.ver.ip>;appearance-index=1
Session-Expires: 3600;refresher=uas
Min-SE: 90
Content-Type: application/sdp
Content-Length: 632

v=0
o=root 1052895538 1052895538 IN IP4 192.168.1.107
s=call
c=IN IP4 192.168.1.107
t=0 0
m=audio 65418 RTP/SAVP 8 3 18 99 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:KiXn5H+mKwavoDNa1PfnBqPoODTnxK6hOlWSNJM7
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:99 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv
m=audio 65418 RTP/AVP 8 3 18 99 101
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:99 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv
<------------->



<--- Reliably Transmitting (NAT) to my.pub.lic.ip:1068 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 
192.168.1.107:1068;branch=z9hG4bK-gxm8w1q7l2co;received=my.pub.lic.ip;rport=1068
From: <sip:testacc77003 at ast.ser.ver.ip>;tag=zdwiwg10qx
To: <sip:0123123123 at ast.ser.ver.ip;user=phone>;tag=as1cd819c5
Call-ID: 3c2679977b67-9j0euqvseh5v
CSeq: 1 INVITE
Server: mydomain
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, 
INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="mydomain.be", 
nonce="323823f6"
Content-Length: 0


<------------>

<--- SIP read from TLS:my.pub.lic.ip:1068 --->
ACK sip:0123123123 at ast.ser.ver.ip;user=phone SIP/2.0
Via: SIP/2.0/TLS 192.168.1.107:1068;branch=z9hG4bK-gxm8w1q7l2co;rport
From: <sip:testacc77003 at ast.ser.ver.ip>;tag=zdwiwg10qx
To: <sip:0123123123 at ast.ser.ver.ip;user=phone>;tag=as1cd819c5
Call-ID: 3c2679977b67-9j0euqvseh5v
CSeq: 1 ACK
Max-Forwards: 70
Contact: <sip:testacc77003 at 192.168.1.107:1068;transport=tls>;reg-id=1
Content-Length: 0

<------------->



Any feedback is welcome.


Jonas



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20141008/05026080/attachment.html>

More information about the asterisk-users mailing list