[asterisk-users] SRTP unprotect: authentication failure

Nick Ustinov nickustinov at gmail.com
Fri Dec 24 10:12:38 UTC 2010


Hello! 
Ater several successful SRTP-enabled calls with SRTP set to Mandatory, asterisk starts to give the following warnings in Log: 

WARNING[13714] res_srtp.c: SRTP unprotect: authentication failure  (continiously)

and client hears no sound. After i restart the client program it works fine again for a while. Then the same warning again. 

Asterisk 1.8.1.1, RealTime engine, sip peer has encrytion->yes
The client program is CSipSimple on Android 


Here are some log file traces:
Peer 0010101 is calling some number that is routed to context a2billing


[2010-12-23 11:06:22] DEBUG[5941] sip/sdp_crypto.c: local_key64 3gWGFJAffj4Pn393BUPwe3/wOMx5/ndZyPtfno7L len 40
[2010-12-23 11:06:22] DEBUG[5941] sip/sdp_crypto.c: SRTP policy activated
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Processing media-level (audio) SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:0VyG/fnup0U9qDoTGlWvVuE5yAef5MfYU6F67oI+... OK.
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: We've already processed a crypto attribute, skipping 'crypto:2 AES_CM_128_HMAC_SHA1_32 inline:5X/Zqep5tNdDGFhOY1//VFQ7diCCH1Y1FUKgYXLp'
...
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** Our native formats are 0x100 (g729) 
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** Joint capabilities are 0x100 (g729) 
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** Our capabilities are 0x10e (gsm|ulaw|alaw|g729) 
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** AST_CODEC_CHOOSE formats are 0x100 (g729) 
...
010-12-23 11:06:22] DEBUG[5941] chan_sip.c: build_route: Contact hop: <sip:0010101 at 78.84.207.114:5060;transport=UDP;ob>
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Incoming INVITE with 'timer' option supported and "Session-Expires" header.
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Session-Expires: 1800
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Received Min-SE: 90
...
[2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- peer built. Name: 0010101. Peer objects: 660
[2010-12-23 11:06:22] DEBUG[5931] netsock2.c: Splitting '78.84.207.114' gives...
[2010-12-23 11:06:22] DEBUG[5931] netsock2.c: ...host '78.84.207.114' and port '(null)'.
[2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port.
[2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port.
[2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- loading peer from database to memory. Name: 0010101. Peer objects: 660
[2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Destroying SIP peer 0010101
[2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- peer Destroyed. Name: 0010101. Realtime Peer objects: 659
[2010-12-23 11:06:22] DEBUG[5931] devicestate.c: Changing state for SIP/0010101 - state 1 (Not in use)

is this normal here? peer destroyed?

[2010-12-23 11:06:22] DEBUG[5931] devicestate.c: device 'SIP/0010101' state '1'
[2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: = Looking for  Call ID: 2WZXYS-qTPPfXylUor4tckg25TetmIVP (Checking From) --From tag 50FYKcXAUIrUwsIpR5xm9pjrSrMaDglb --To-tag as46be1cdb  
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: **** Received ACK (6) - Command in SIP ACK
[2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Stopping retransmission on '2WZXYS-qTPPfXylUor4tckg25TetmIVP' of Response 20465: Match Found
[2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure
[2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure
[2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure
[2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure
[2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure
[2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure




More information about the asterisk-users mailing list