<html>
<head>
<base href="https://wiki.asterisk.org/wiki">
<link rel="stylesheet" href="/wiki/s/2036/1/7/_/styles/combined.css?spaceKey=AST&forWysiwyg=true" type="text/css">
</head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
<h2><a href="https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial?focusedCommentId=11338315#comment-11338315">Secure Calling Tutorial</a></h2>
<h4>Comment edited by <a href="https://wiki.asterisk.org/wiki/display/~gilles">gilles</a>
:</h4>
<br/>
<h4>Changes (1)</h4>
<div id="page-diffs">
<table class="diff" cellpadding="0" cellspacing="0">
<tr><td class="diff-snipped" >...<br></td></tr>
<tr><td class="diff-unchanged" >But in Wireshark, I can see that, on the server side, the signaling goes through port 5061. <br> <br></td></tr>
<tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">And last but not least, many</span> <span class="diff-added-words"style="background-color: #dfd;">Many</span> people use the following variables in their dialplan when setting sRTP : <br></td></tr>
<tr><td class="diff-unchanged" >_SIP_SRTP_SDES=1 <br>_SIPSRTP=enable <br></td></tr>
<tr><td class="diff-snipped" >...<br></td></tr>
</table>
</div> <h4>Full Content</h4>
<div class="notificationGreySide">
<p>I tried my registered biz version (2.30) and the free version of Zoipper (2.36) for Windows, in both this TLS Certificate file option isn't there. However, I can see it disabled in the Linux version (1.18). So I'm now using PhonerLite where I could find it. Thanks for that.</p>
<p>But, by default, TLS works fine without the user certificate.<br/>
And I can't see any client certificate request from the server in Wireshark, should I set it somewhere ?<br/>
I couldn't find anything in sip.conf or in Asterisk 1.8 doc about it.</p>
<p>Also, when my client registers, I get something like :<br/>
– Registered SIP 'phonerlite' at 10.100.5.61:49296<br/>
But in Wireshark, I can see that, on the server side, the signaling goes through port 5061.</p>
<p>Many people use the following variables in their dialplan when setting sRTP :<br/>
_SIP_SRTP_SDES=1<br/>
_SIPSRTP=enable<br/>
_SIPSRTP_CRYPTO=enable<br/>
Why don't you use it ? Are they unnecessary ?<br/>
Do you know if they are documented somewhere ?</p>
<p>When I set SRTP (both on clients and server sides), the only difference I can see with TLS is that the media goes through the server and not straight to the other client. Like with TLS only, for the media, I don't see the UDP/RTP layer anymore, but UDP/Data. Also, with or without sRTP set, UDP/Data begins with 800 hex code, like with UDP, that makes me think sRTP doesn't work for me. Also, I always get this error message :<br/>
<span class="error">[Jan 28 17:29:14]</span> WARNING<span class="error">[9646]</span>: res_srtp.c:338 ast_srtp_unprotect: SRTP unprotect: authentication failure<br/>
What does it mean ? What do I need to do to make it work ?</p>
<p>Thanks for your help,<br/>
Gilles</p>
</div>
<div id="commentsSection" class="wiki-content pageSection">
<div style="float: right;">
<a href="https://wiki.asterisk.org/wiki/users/viewnotifications.action" class="grey">Change Notification Preferences</a>
</div>
<a href="https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial?focusedCommentId=11338315#comment-11338315">View Online</a>
|
<a id="reply-11338315" href="https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial?replyToComment=11338315#comment-11338315">Reply To This</a>
</div>
</div>
</div>
</div>
</div>
</body>
</html>