[asterisk-users] Asterisk 11.11 with TCP/TLS SRTP and Grandstream gxp1450 not working
Jakob-Matthias Böttger
jakob at j-mb.de
Tue Aug 12 11:16:34 CDT 2014
Hey there
i'm trying to get an Asterisk 11.11 with encryption working with my
Grandstream phones. But i stuck.
To avoid NAT problems i'm using IPv6
Just with TCP/TLS it's working fine. Only the SRTP funktion is not working.
Asterisk tells me
WARNING[6938]: chan_sip.c:3906 __sip_xmit: sip_xmit of 0x7fa10800f5a0
(len 681) to [2a02:1205::...]:37635 returned -2: Success
and also
SSL certificate ok
== Problem setting up ssl connection: error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
WARNING[7421]: tcptls.c:668 handle_tcptls_connection: FILE * open failed!
Encryption is configured via
;-------------------------Encryption-----
encryption=yes
tlsenable=yes
tlsbindaddr=::
tlscertfile=/var/lib/asterisk/keys/asterisk.pem
tlscafile=/var/lib/asterisk/keys/ca.crt
tlscipher=ALL
srtpcapable=yes
;tlsclientmethod=tlsv1
tlsdontverifyserver=yes
and the phone is sourced by
context=default ; Default context for incoming calls
allowoverlap=no
udpbindaddr=::
tcpenable=yes
tcpbindaddr=::
srvlookup=yes
and
[IPV6](!,my-codecs)
dtmfmode=rfc2833
context=sip-out
type=friend
host=dynamic
transport=tls
encryption=yes
nat=no
qualify=yes
the phone it's self contains
[200](IPV6)
context=abc
callerid=123
defaultuser=123
fromuser=123
secret=secret
mailbox=123 at default
The rtp ports are defined via
rtpstart=15000
rtpend=20000
and the Firewall is open at TCP 5061 and udp 15000:20000
what did i miss in my configuration?
Best Regards Jakob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140812/3fda86c3/attachment-0001.pgp>
More information about the asterisk-users
mailing list