[asterisk-users] Asterisk 11.5.1 / TLS and Media Encryption / Blink as Client / no audio

Rusty Newton rnewton at digium.com
Tue Sep 3 18:06:30 CDT 2013


On Tue, Sep 3, 2013 at 8:58 AM, Thorsten Göllner <tg at ovm-group.com> wrote:
> Hi,
>
> I use Asterisk 11.5.1 and it works fine. :)
>
> Now I want to use TLS and media encryption. I followed this guide:
> https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial
>
> When I place a call via Blink-Client (0.5.0) I get connected and Blink shows
> 2 locks. The blue lock shows "Signaling is encrypted using TLS" and the
> orange lock shows "Media is encrypted using sRTP". BUT i hear no audio.
> After ~60 seconds I get the following message:
> NOTICE[21005]: chan_sip.c:28800 check_rtp_timeout: Disconnecting call
> 'SIP/tgoellner-0000002c' for lack of RTP activity in 62 seconds
>
> "sip show peers" shows me, that my Blink-Client is registered on port 60071.
> All other SIP-Clients (no TLS an no media encryption) are registered at port
> 5060.
>
> I tried to open the tcp and udp port range from 10000 to 61000 (in
> iptables). But with no success.
>
> I am not sure, but I think it's a firewall/NAT problem?! (Yes, my client is
> behind a router > NAT)
>
> Any idea?

It would help to  wireshark or tcpdump on the system and see if you
can verify what is happening on the wire (both on the client side and
Asterisk side). Then turn on RTP debug in Asterisk and compare that to
what you see on the wire.

You could always try putting a separate, isolated machine temporarily
in a DMZ, then try the same configuration there. If it works there,
you can capture the successful traffic and see what ports and things
you need open on the firewalled system.


-- 
Rusty Newton
Digium, Inc. | Community Support Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
direct: +1 256 428 6200

Check us out at: http://digium.com & http://asterisk.org



More information about the asterisk-users mailing list