<html>
<head>
<base href="https://wiki.asterisk.org/wiki">
<link rel="stylesheet" href="/wiki/s/2036/1/7/_/styles/combined.css?spaceKey=AST&forWysiwyg=true" type="text/css">
</head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
<h2><a href="https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial?focusedCommentId=11338331#comment-11338331">Secure Calling Tutorial</a></h2>
<h4>Page
<b>comment added</b> by <a href="https://wiki.asterisk.org/wiki/display/~mdavenport">Malcolm Davenport</a>
</h4>
<br/>
<div class="notificationGreySide">
<p>The asterisk-users list is a great place for long discussions and lots of questions.</p>
<div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent">
<pre>[Jan 28 17:29:14] WARNING9646: res_srtp.c:338 ast_srtp_unprotect: SRTP unprotect: authentication failure
What does it mean ? What do I need to do to make it work ?
</pre>
</div></div>
<p>It probably means your client isn't capable of AES_CM_128_HMAC_SHA1_80, but instead only AES_CM_128_HMAC_SHA1_32. Asterisk invites back to the client only with AES_CM_128_HMAC_SHA1_80 currently. See:</p>
<p><a href="https://issues.asterisk.org/view.php?id=18674" class="external-link" rel="nofollow">https://issues.asterisk.org/view.php?id=18674</a></p>
</div>
<div style="border-bottom: 1px solid #ddd; padding: 10px 20px 7px 20px;">
<strong>In reply to a comment by <a href="/wiki/display/~gilles"
class="url fn confluence-userlink" data-username="gilles"
>gilles</a>:</strong><br/>
<p>I tried my registered biz version (2.30) and the free version of Zoipper (2.36) for Windows, in both this TLS Certificate file option isn't there. However, I can see it disabled in the Linux version (1.18). So I'm now using PhonerLite where I could find it. Thanks for that.</p>
<p>But, by default, TLS works fine without the user certificate.<br/>
And I can't see any client certificate request from the server in Wireshark, should I set it somewhere ?<br/>
I couldn't find anything in sip.conf or in Asterisk 1.8 doc about it.</p>
<p>Also, when my client registers, I get something like :<br/>
– Registered SIP 'phonerlite' at 10.100.5.61:49296<br/>
But in Wireshark, I can see that, on the server side, the signaling goes through port 5061.</p>
<p>Many people use the following variables in their dialplan when setting sRTP :<br/>
_SIP_SRTP_SDES=1<br/>
_SIPSRTP=enable<br/>
_SIPSRTP_CRYPTO=enable<br/>
Why don't you use it ? Are they unnecessary ?<br/>
Do you know if they are documented somewhere ?</p>
<p>When I set SRTP (both on clients and server sides), the only difference I can see with TLS is that the media goes through the server and not straight to the other client. Like with TLS only, for the media, I don't see the UDP/RTP layer anymore, but UDP/Data. Also, with or without sRTP set, UDP/Data begins with 800 hex code, like with UDP, that makes me think sRTP doesn't work for me. Also, I always get this error message :<br/>
<span class="error">[Jan 28 17:29:14]</span> WARNING<a href="/wiki/pages/createpage.action?spaceKey=AST&title=9646" class="createlink">9646</a>: res_srtp.c:338 ast_srtp_unprotect: SRTP unprotect: authentication failure<br/>
What does it mean ? What do I need to do to make it work ?</p>
<p>Thanks for your help,<br/>
Gilles</p>
</div>
<div id="commentsSection" class="wiki-content pageSection">
<div style="float: right;">
<a href="https://wiki.asterisk.org/wiki/users/viewnotifications.action" class="grey">Change Notification Preferences</a>
</div>
<a href="https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial?focusedCommentId=11338331#comment-11338331">View Online</a>
|
<a id="reply-11338331" href="https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial?replyToComment=11338331#comment-11338331">Reply To This</a>
</div>
</div>
</div>
</div>
</div>
</body>
</html>