<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">Are there multiple branches involved?
Is the same invite being processed (and manipulated by rtpengine)
multiple times, perhaps with different options (e.g. once for RTP
and once for SRTP)?</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Cheers</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 03/03/2022 06.07, [EXT] Rhys
Hanrahan wrote:<br>
</div>
<blockquote type="cite"
cite="mid:947b402041b0486581710b0ed3a8e0aa@nexusone.com.au">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi Everyone,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I have Kamailio sitting between MS Teams
and Asterisk, and using rtpengine to terminate SRTP on
Kamailio so that all my internal traffic is unencrypted. My
current config works fine for inbound calls where I initiate
the INVITE and Teams responds, but if Teams sends the INVITE I
am having an issue where SRTP cannot finish negotiating. Non
SRTP calls work fine with RTPEngine as well, so it’s just the
RTP to SRTP I am struggling with.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">According to this I believe I must pass
a=crypto in response to the INVITE which also has a=crypto:
<a
href="https://www.dialogic.com/-/media/1f8b54b43087407d9c2b38846c5c2cb5.ashx?h=408&w=622"
moz-do-not-send="true">
https://www.dialogic.com/-/media/1f8b54b43087407d9c2b38846c5c2cb5.ashx?h=408&w=622</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">You can see that in the initial invite from
Teams, I get RTP/SAVP with a=crypto, but I do not send one in
my OK response after 183 Session In Progress.
<b>As below – I am wondering if it’s because not all audio
channels seem to be getting swapped to SAVP?<o:p></o:p></b></p>
<p class="MsoNormal">I’d like to do a generic SRTP <> RTP
bridge config (I’ve tried below). However, I am not 100% sure
on how to detect when to swap between AVP and SAVP, so I’ve
also tried just doing rtpengine_manage() and relying on other
code to swap between SAVP or AVP *<b>only</b>* when going
to/from Teams to keep it simple. I also tried both with and
without “replace-origin replace-session-connection ICE=remove”
but I still get the same behaviour in all cases.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any advice appreciated, as this is my first
time dealing with SRTP (and rtpengine). Feeling very stuck.
Thanks!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">branch_route[MANAGE_BRANCH] {<o:p></o:p></p>
<p class="MsoNormal">…<o:p></o:p></p>
<p class="MsoNormal"> route(NATMANAGE);<o:p></o:p></p>
<p class="MsoNormal"> route(HANDLE_SRTP);<o:p></o:p></p>
<p class="MsoNormal">}<o:p></o:p></p>
<p class="MsoNormal">onreply_route[MANAGE_REPLY] {<o:p></o:p></p>
<p class="MsoNormal"> xdbg("incoming reply\n");<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> if(status=~"[12][0-9][0-9]") {<o:p></o:p></p>
<p class="MsoNormal"> route(NATMANAGE);<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal"> route(HANDLE_SRTP);<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">}<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">route[HANDLE_SRTP] {<o:p></o:p></p>
<p class="MsoNormal"> if (!has_body("application/sdp")) {<o:p></o:p></p>
<p class="MsoNormal"> return;<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal"> rtpengine_manage();<o:p></o:p></p>
<p class="MsoNormal"> return; # As a test, just do
rtpengine_manage() and set SAVP/AVP elsewhere. Same behaviour.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> # Handle bridging of RTP and SRTP<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> # Inbound traffic to SBC should be
converted from SRTP to RTP<o:p></o:p></p>
<p class="MsoNormal"> if (proto==TLS) {<o:p></o:p></p>
<p class="MsoNormal">
rtpengine_manage("RTP/AVP");<o:p></o:p></p>
<p class="MsoNormal"> # Outbound traffic destined to a
TLS destination should be converted from RTP to SRTP<o:p></o:p></p>
<p class="MsoNormal"> } else if ($ru =~ "transport=tls")
{<o:p></o:p></p>
<p class="MsoNormal">
rtpengine_manage("RTP/SAVP");<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal">}<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"># INVITE from teams<o:p></o:p></p>
<p class="MsoNormal">rtpengine_manage("replace-origin
replace-session-connection ICE=remove RTP/AVP");<o:p></o:p></p>
<p class="MsoNormal"># INVITE to teams<o:p></o:p></p>
<p class="MsoNormal">rtpengine_manage("replace-origin
replace-session-connection ICE=remove RTP/SAVP");<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">INVITE
<a class="moz-txt-link-freetext" href="sip:+614xxxx@rh.sbc-syd-01.teams.xxxx:5061;user=phone;transport=tls">sip:+614xxxx@rh.sbc-syd-01.teams.xxxx:5061;user=phone;transport=tls</a>
SIP/2.0^M<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">…<br>
<span style="background:white">v=0^M</span><br>
<span style="background:white">o=- 57931 0 IN IP4
127.0.0.1^M</span><br>
<span style="background:white">s=session^M</span><br>
<span style="background:white">c=IN IP4 52.113.76.53^M</span><br>
<span style="background:white">b=CT:10000000^M</span><br>
<span style="background:white">t=0 0^M</span><br>
<b><span style="background:white">m=audio 51398 RTP/SAVP 104
9 103 111 18 0 8 97 101 13 118^M</span></b><br>
<span style="background:white">c=IN IP4 52.113.76.53^M</span><br>
<span style="background:white">a=rtcp:51399^M</span><br>
<span style="background:white">a=ice-ufrag:C8ss^M</span><br>
<span style="background:white">a=ice-pwd:2bV9D6GcXF5f8m0px/wufQD/^M</span><br>
<span style="background:white">a=rtcp-mux^M</span><br>
<span style="background:white">a=candidate:1 1 UDP
2130706431 52.113.76.53 51398 typ srflx raddr 10.0.32.179
rport 51398^M</span><br>
<span style="background:white">a=candidate:1 2 UDP
2130705918 52.113.76.53 51399 typ srflx raddr 10.0.32.179
rport 51399^M</span><br>
<span style="background:white">a=candidate:2 1 tcp-act
2121006078 52.113.76.53 49152 typ srflx raddr 10.0.32.179
rport 49152^M</span><br>
<span style="background:white">a=candidate:2 2 tcp-act
2121006078 52.113.76.53 49152 typ srflx raddr 10.0.32.179
rport 49152^M</span><br>
<span style="background:white">a=label:main-audio^M</span><br>
<span style="background:white">a=<a class="moz-txt-link-freetext" href="mid:1^M">mid:1^M</a></span><br>
<b><span style="background:white">a=crypto:1
AES_CM_128_HMAC_SHA1_80
inline:geUHLB1mshmnI5hN83bnO57Hbdm2i7dD14sDAnpA|2^31^M</span></b><br>
<span style="background:white">a=sendrecv^M</span><br>
<span style="background:white">a=rtpmap:104 SILK/16000^M</span><br>
<span style="background:white">a=rtpmap:9 G722/8000^M</span><br>
<span style="background:white">a=rtpmap:103 SILK/8000^M</span><br>
<span style="background:white">a=rtpmap:111 SIREN/16000^M</span><br>
<span style="background:white">a=fmtp:111 bitrate=16000^M</span><br>
<span style="background:white">a=rtpmap:18 G729/8000^M</span><br>
<span style="background:white">a=fmtp:18 annexb=no^M</span><br>
<span style="background:white">a=rtpmap:0 PCMU/8000^M</span><br>
<span style="background:white">a=rtpmap:8 PCMA/8000^M</span><br>
<span style="background:white">a=rtpmap:97 RED/8000^M</span><br>
<span style="background:white">a=rtpmap:101
telephone-event/8000^M</span><br>
<span style="background:white">a=fmtp:101 0-16^M</span><br>
<span style="background:white">a=rtpmap:13 CN/8000^M</span><br>
<span style="background:white">a=rtpmap:118 CN/16000^M</span><br>
<span style="background:white">a=ptime:20^M<o:p></o:p></span></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">I
correctly convert to/from RTP/AVP and RTP/SAVP for the 183
Session in progress. It is RTP/SAVP before going to Teams:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">SIP/2.0
183 Session Progress^M<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">…<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">v=0^M</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><br>
<span style="background:white">o=- 57931 2 IN IP4 1.2.3.4^M</span><br>
<span style="background:white">s=NexusOne^M</span><br>
<span style="background:white">c=IN IP4 1.2.3.4^M</span><br>
<span style="background:white">t=0 0^M</span><br>
<b><span style="background:white">m=audio 37820 RTP/SAVP 9 8
0 101^M</span></b><br>
<span style="background:white">a=maxptime:150^M</span><br>
<span style="background:white">a=<a class="moz-txt-link-freetext" href="mid:1^M">mid:1^M</a></span><br>
<span style="background:white">a=rtpmap:9 G722/8000^M</span><br>
<span style="background:white">a=rtpmap:8 PCMA/8000^M</span><br>
<span style="background:white">a=rtpmap:0 PCMU/8000^M</span><br>
<span style="background:white">a=rtpmap:101
telephone-event/8000^M</span><br>
<span style="background:white">a=fmtp:101 0-16^M</span><br>
<span style="background:white">a=sendrecv^M</span><br>
<span style="background:white">a=rtcp:37821^M</span><br>
<span style="background:white">a=ptime:20^M</span><br>
<b><span style="background:white">m=audio 0 RTP/AVP 104 9
103 111 18 0 8 97 101 13 118^M</span><br>
<span style="background:white">m=audio 0 RTP/AVP 104 9 103
111 18 0 8 97 101 13 118^M</span></b><span
style="background:white"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">But
then when I send the OK after the 183, I am setting RTP/SAVP
before sending to MS Teams, but not setting a=crypto:<o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">Also
note that I can see there are _<i>some</i>_ channels still
as RTP/AVP so maybe this is part of the issue.<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">SIP/2.0
200 OK^M<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">…<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">v=0^M</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><br>
<span style="background:white">o=- 57931 2 IN IP4 1.2.3.4^M</span><br>
<span style="background:white">s=NexusOne^M</span><br>
<span style="background:white">c=IN IP4 1.2.3.4^M</span><br>
<span style="background:white">t=0 0^M</span><br>
<b><span style="background:white">m=audio 37820 RTP/SAVP 9 8
0 101^M</span><br>
</b><span style="background:white">a=maxptime:150^M</span><br>
<span style="background:white">a=<a class="moz-txt-link-freetext" href="mid:1^M">mid:1^M</a></span><br>
<span style="background:white">a=rtpmap:9 G722/8000^M</span><br>
<span style="background:white">a=rtpmap:8 PCMA/8000^M</span><br>
<span style="background:white">a=rtpmap:0 PCMU/8000^M</span><br>
<span style="background:white">a=rtpmap:101
telephone-event/8000^M</span><br>
<span style="background:white">a=fmtp:101 0-16^M</span><br>
<span style="background:white">a=sendrecv^M</span><br>
<span style="background:white">a=rtcp:37821^M</span><br>
<span style="background:white">a=ptime:20^M</span><br>
<b><span style="background:white">m=audio 0 RTP/AVP 104 9
103 111 18 0 8 97 101 13 118^M</span><br>
<span style="background:white">m=audio 0 RTP/AVP 104 9 103
111 18 0 8 97 101 13 118^M</span></b><span
style="background:white"><o:p></o:p></span></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="color:black;mso-fareast-language:EN-AU" lang="EN-GB"><br>
<b>Rhys Hanrahan</b> | Chief Information Officer<br>
<b>e:</b> <a href="mailto:rhys@nexusone.com.au"
moz-do-not-send="true"><span style="color:#0563C1">rhys@nexusone.com.au</span></a>
<br>
<br>
</span><a href="http://www.nexusone.com.au/"
moz-do-not-send="true"><span
style="color:black;mso-fareast-language:EN-AU;text-decoration:none"><img
id="Picture_x0020_1"
src="cid:part1.CgPeAtje.RUtFWofM@sipwise.com"
alt="www.nexusone.com.au" class="" width="229"
height="57" border="0"></span></a><span
style="color:black;mso-fareast-language:EN-AU" lang="EN-GB"> </span><a
href="http://www.fusiontech.com.au/" moz-do-not-send="true"><span
style="color:black;mso-fareast-language:EN-AU;text-decoration:none"><img
id="Picture_x0020_2"
src="cid:part2.0b0HiBLX.PjI0gqCA@sipwise.com"
alt="signature_1116663581" class="" width="197"
height="59" border="0"></span></a><span
style="color:black;mso-fareast-language:EN-AU" lang="EN-GB"><br>
</span><b><span
style="color:#0070C0;mso-fareast-language:EN-AU"
lang="EN-GB"><br>
</span></b><b><span
style="color:#1F4E79;mso-fareast-language:EN-AU"
lang="EN-GB">NEXUS ONE</span></b><b><span
style="color:#0070C0;mso-fareast-language:EN-AU"
lang="EN-GB"> </span></b><b><span
style="color:black;mso-fareast-language:EN-AU"
lang="EN-GB">|</span></b><b><span
style="color:#0070C0;mso-fareast-language:EN-AU"
lang="EN-GB"> FUSION TECHNOLOGY SOLUTIONS<br>
</span></b><b><span
style="color:black;mso-fareast-language:EN-AU"
lang="EN-GB">p:</span></b><span
style="color:black;mso-fareast-language:EN-AU" lang="EN-GB"> 1800
NEXUS1 (1800 639 871) or 1800 565 845 <b>|</b> <b>a:</b> Suite
12.03 Level 12, 227 Elizabeth Street, Sydney NSW 2000<br>
<a href="http://www.nexusone.com.au/" moz-do-not-send="true"><span
style="color:#0563C1">www.nexusone.com.au</span></a> <b>|</b> <a
href="http://www.fusiontech.com.au/"
moz-do-not-send="true"><span style="color:#0563C1">www.fusiontech.com.au</span></a><br>
<br>
</span><i><span
style="font-size:9.0pt;color:#767171;mso-fareast-language:EN-AU"
lang="EN-GB">The information in this email and any
accompanying attachments may contain; a. Confidential
information of Fusion Technology Solutions Pty Ltd, Nexus
One Pty Ltd or third parties; b. Legally privileged
information of Fusion Technology Solutions Pty Ltd, Nexus
One Pty Ltd or third parties; and or c. Copyright material
Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or
third parties. If you have received this email in error,
please notify the sender immediately and delete this
message. Fusion Technology Solutions Pty Ltd, Nexus One
Pty Ltd does not accept any responsibility for loss or
damage arising from the use or distribution of this email.</span></i><span
style="font-size:10.0pt;color:black;mso-fareast-language:EN-AU"
lang="EN-GB"><br>
<br>
</span><i><span
style="font-size:8.0pt;color:#1F4E79;mso-fareast-language:EN-GB"
lang="EN-GB">Please consider the environment before
printing this email.</span></i><span
style="font-size:12.0pt;color:black;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* <a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* <a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
</body>
</html>