[asterisk-users] tls/srtp: sip_xmit error: returned -2

Da Rock asterisk-users at herveybayaustralia.com.au
Mon Jun 6 21:11:14 CDT 2011 

I'm having trouble setting up tls/srtp secure communications on my 
Asterisk server- I'm still rather new at working with Asterisk.

I have enabled tls and encryption and I have csipsimple with tls build 
on the phone. I'm currently only testing one phone with this capability 
so far, and the rest still work in the current state.

My logging looks like this with verbose turned up:

[Jun  7 11:44:13] NOTICE[88483]: chan_sip.c:19842 
handle_response_peerpoke: Peer '<user>' is now Reachable. (171ms / 2000ms)
[Jun  7 11:46:17] NOTICE[88483]: chan_sip.c:25072 sip_poke_noanswer: 
Peer '<user>' is now UNREACHABLE!  Last qualify: 203
[Jun  7 11:46:29] NOTICE[88483]: chan_sip.c:19842 
handle_response_peerpoke: Peer '<user>' is now Reachable. (1888ms / 2000ms)

When I call on this phone I get:

[Jun  7 11:40:47] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit 
of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid argument
[Jun  7 11:41:01] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit 
of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid argument
[Jun  7 11:41:15] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit 
of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid argument
[Jun  7 11:41:29] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit 
of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid argument
     -- Registered SIP '<user>' at 192.168.0.200:57805
[Jun  7 11:41:31] NOTICE[88483]: chan_sip.c:19842 
handle_response_peerpoke: Peer '<user>' is now Reachable. (10ms / 2000ms)

When I call from another phone I get:

[Jun  7 11:55:30] NOTICE[88483]: chan_sip.c:25072 sip_poke_noanswer: 
Peer '<tls user>' is now UNREACHABLE!  Last qualify: 13
     -- SIP/<tls user>-00000024 is circuit-busy
   == Everyone is busy/congested at this time (1:0/1/0)
     -- Auto fallthrough, channel 'SIP/<user>-00000023' status is 
'CONGESTION'
[Jun  7 11:56:22] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit 
of 0x2c992000 (len 599) to 192.168.0.200:45931 returned -2: Interrupted 
system call

and eventually:

[Jun  7 11:57:46] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit 
of 0x2cefb000 (len 599) to 192.168.0.200:45931 returned -2: Unknown error: 0

I'm using my own CA setup for purposes beyond just this need, so I'm 
using openssl commands directly and everything works elsewhere- so my CA 
setup is fine (includes SAN).

My config for tls/srtp looks like this (remember, the rest works very 
happily):

[global]
encryption             =       yes
tlsenable               =       yes
tlsbindaddr             =       0.0.0.0
tlscertfile             =       
/path/to/asterisk/certificate/and/key/in/a/single/file
tlscafile               =       /path/to/CA/certificate
tlscipher               =       ALL
tlsclientmethod         =       tlsv1

[tls user]
transport                =    tls

Can someone give me any clues to what is happening? I've checked my 
packet flow with tcpdump and wireshark as well, but I'm still left 
mystified.

Cheers

More information about the asterisk-users mailing list