<div dir="ltr"><div dir="ltr"><div>Hi Daniel,</div><div><br></div><div>The location was always wrong, but it wasn't noticed because it doesn't cause calls to fail straight away. It's only after a while that encryption stops working. This can be verified by watching to see if the values in /proc/rtpengine/0/list change, or do not change which indicates the kernel module isn't receiving packets.</div><div><br></div><div>Step 2 should be solved by a reboot, yes.</div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, 7 Jan 2019 at 21:15, Daniel-Constantin Mierla <<a href="mailto:miconda@gmail.com">miconda@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF">
    <p>Hello,</p>
    <p>thanks for sharing, very useful to know.</p>
    <p>Was the wrong location of the iptables module a result of
      ugrading some packages (like kernel or iptables)? I assume the
      initial installation deploys the module in the right location.
      Asking to see if one needs to do a re-install of the rtpengine
      after kernel or other specific updates.</p>
    <p>Can step 2 be solved by a reboot of the server?</p>
    <p>Cheers,<br>
      Daniel<br>
    </p>
    <div class="gmail-m_1888517344630297694moz-cite-prefix">On 07.01.19 02:42, David Cunningham
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div dir="ltr">
          <div dir="ltr">
            <div>Hello all,</div>
            <div><br>
            </div>
            <div>We solved this issue with the help of Richard Fuchs.
              There were two issues:</div>
            <div><br>
            </div>
            <div>1. The iptables module was in the wrong location and
              thus wasn't loaded. The daemon thought that the kernel was
              handling packets and took the ROC updates from it, but
              didn't actually see any packets and so the ROC reset,
              resulting in decryption errors. The correct location can
              be found with "pkg-config xtables --variable=xtlibdir".<br>
            </div>
            <div><br>
            </div>
            <div>2. Even after fixing the above, the iptables module
              didn't load properly until rtpengine was stopped, the
              iptables rules removed, the kernel module unloaded, and
              then this process reversed to load everything again.</div>
            <div><br>
            </div>
            <div>I hope this helps someone else in the future.</div>
            <div><br>
            </div>
          </div>
        </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr">On Wed, 12 Dec 2018 at 11:05, David Cunningham
          <<a href="mailto:dcunningham@voisonics.com" target="_blank">dcunningham@voisonics.com</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div dir="ltr">
            <div>Hello,</div>
            <div><br>
            </div>
            <div>We're having an issue with rtpengine (used by Kamailio)
              where audio works initially, but then after an apparently
              random amount of time stop working. We see that when audio
              stops
              working rtpengine logs this:</div>
            <div><br>
            </div>
            <div>
              <div>Dec 10 09:58:57 hostname rtpengine[376]: WARNING:
                [Pl1SeGDssOsDNWQdvey4lg.. port 48766]: Discarded invalid
                SRTP packet: authentication failed </div>
            </div>
            <div><br>
            </div>
            <div>
              <div>It then logs similar messages until the call hangs
                up. No such messages were logged while audio was
                working.</div>
              <div><br>
              </div>
              <div>Searching for this error message suggests that a
                change in the SSRC can cause the problem, but we don't
                see any such change in the PCAP. The source IP, port,
                codec, and SSRC all stay the same, and the Sequence
                increments as normal.</div>
              <div><br>
              </div>
              <div>Does anyone have suggestions on where to look next?
                We can share the PCAP privately if that would help
                anyone.<br>
              </div>
              <div><br>
              </div>
              <div>Thanks for any advice!</div>
              <div><br>
              </div>
              -- <br>
              <div dir="ltr" class="gmail-m_1888517344630297694gmail-m_7942576689105597943gmail-m_290238346964966543gmail-m_-1278714969932943124gmail_signature">
                <div dir="ltr">
                  <div>
                    <div dir="ltr">
                      <div>
                        <div dir="ltr">
                          <div>
                            <div dir="ltr">
                              <div>
                                <div dir="ltr">
                                  <div>David Cunningham, Voisonics
                                    Limited<br>
                                    <a href="http://voisonics.com/" target="_blank">http://voisonics.com/</a><br>
                                    USA: +1 213 221 1092<br>
                                    New Zealand: +64 (0)28 2558 3782</div>
                                </div>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </blockquote>
      </div>
      <br clear="all">
      <br>
      -- <br>
      <div dir="ltr" class="gmail-m_1888517344630297694gmail-m_7942576689105597943gmail-m_290238346964966543gmail_signature">
        <div dir="ltr">
          <div>
            <div dir="ltr">
              <div>
                <div dir="ltr">
                  <div>
                    <div dir="ltr">
                      <div>
                        <div dir="ltr">
                          <div>David Cunningham, Voisonics Limited<br>
                            <a href="http://voisonics.com/" target="_blank">http://voisonics.com/</a><br>
                            USA: +1 213 221 1092<br>
                            New Zealand: +64 (0)28 2558 3782</div>
                        </div>
                      </div>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="gmail-m_1888517344630297694mimeAttachmentHeader"></fieldset>
      <pre class="gmail-m_1888517344630297694moz-quote-pre">_______________________________________________
Kamailio (SER) - Users Mailing List
<a class="gmail-m_1888517344630297694moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a>
<a class="gmail-m_1888517344630297694moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
    </blockquote>
    <pre class="gmail-m_1888517344630297694moz-signature" cols="72">-- 
Daniel-Constantin Mierla -- <a class="gmail-m_1888517344630297694moz-txt-link-abbreviated" href="http://www.asipto.com" target="_blank">www.asipto.com</a>
<a class="gmail-m_1888517344630297694moz-txt-link-abbreviated" href="http://www.twitter.com/miconda" target="_blank">www.twitter.com/miconda</a> -- <a class="gmail-m_1888517344630297694moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda" target="_blank">www.linkedin.com/in/miconda</a>
Kamailio World Conference - May 6-8, 2019 -- <a class="gmail-m_1888517344630297694moz-txt-link-abbreviated" href="http://www.kamailioworld.com" target="_blank">www.kamailioworld.com</a>
Kamailio Advanced Training - Mar 4-6, 2019 in Berlin; Mar 25-27, 2019, in Washington, DC, USA -- <a class="gmail-m_1888517344630297694moz-txt-link-abbreviated" href="http://www.asipto.com" target="_blank">www.asipto.com</a></pre>
  </div>

</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>David Cunningham, Voisonics Limited<br><a href="http://voisonics.com/" target="_blank">http://voisonics.com/</a><br>USA: +1 213 221 1092<br>New Zealand: +64 (0)28 2558 3782</div></div></div></div></div></div></div></div></div></div></div>