<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:EN-US;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1122380453;
mso-list-template-ids:-1989382266;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1584147891;
mso-list-type:hybrid;
mso-list-template-ids:1971877226 1480502074 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="#0563C1" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-GB">Hi Richard,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">I’ve attached an annotated (and sanitised) sipdump log – hopefully that explains a bit better what the flow is. If this is too much info let me know and I’ll try and give you some better info (about to go to bed so might
be in the morning).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Overall: INVITE from Teams > Kamailio > Asterisk > Upstream Carrier (this is not visible in the sipdump).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Thanks for your guidance!<o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="color:black"><br>
<b>Rhys Hanrahan</b> | Chief Information Officer<br>
<b>e:</b> <a href="mailto:rhys@nexusone.com.au">rhys@nexusone.com.au</a> <br>
<br>
</span><a href="http://www.nexusone.com.au/"><span lang="EN-GB" style="color:black;text-decoration:none"><img border="0" width="229" height="57" style="width:2.3854in;height:.5937in" id="_x0000_i1030" src="cid:image001.png@01D82F64.15D9CCE0" alt="www.nexusone.com.au"></span></a><span lang="EN-GB" style="color:black"> </span><a href="http://www.fusiontech.com.au/"><span lang="EN-GB" style="color:black;text-decoration:none"><img border="0" width="197" height="59" style="width:2.052in;height:.6145in" id="_x0000_i1029" src="cid:image002.png@01D82F64.15D9CCE0" alt="signature_203132158"></span></a><span lang="EN-GB" style="font-size:12.0pt;color:black"><br>
</span><b><span lang="EN-GB" style="font-size:12.0pt;color:#0070C0"><br>
</span></b><b><span lang="EN-GB" style="font-size:12.0pt;color:#1F4E79">NEXUS ONE</span></b><b><span lang="EN-GB" style="font-size:12.0pt;color:#0070C0"> </span></b><b><span lang="EN-GB" style="font-size:12.0pt;color:black">|</span></b><b><span lang="EN-GB" style="font-size:12.0pt;color:#0070C0"> FUSION
TECHNOLOGY SOLUTIONS</span></b><b><span lang="EN-GB" style="color:#0070C0"><br>
</span></b><b><span lang="EN-GB" style="color:black">p:</span></b><span lang="EN-GB" style="color:black"> 1800 NEXUS1 (1800 639 871) or 1800 565 845 <b>|</b> <b>a:</b> Suite 12.03 Level 12, 227 Elizabeth Street, Sydney NSW 2000<br>
<a href="http://www.nexusone.com.au/">www.nexusone.com.au</a> <b>|</b> <a href="http://www.fusiontech.com.au/">www.fusiontech.com.au</a><br>
<br>
</span><i><span lang="EN-GB" style="font-size:9.0pt;color:#767171">The information in this email and any accompanying attachments may contain; a. Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; b. Legally
privileged information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; and or c. Copyright material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties. If you have received this email in error, please notify
the sender immediately and delete this message. Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd does not accept any responsibility for loss or damage arising from the use or distribution of this email.</span></i><span lang="EN-GB" style="font-size:10.0pt;color:black"><br>
<br>
</span><i><span lang="EN-GB" style="font-size:8.0pt;color:#1F4E79;mso-fareast-language:EN-GB">Please consider the environment before printing this email.</span></i><span style="font-size:12.0pt;color:black;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">sr-users <sr-users-bounces@lists.kamailio.org> on behalf of Rhys Hanrahan <rhys@nexusone.com.au><br>
<b>Reply to: </b>"Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org><br>
<b>Date: </b>Friday, 4 March 2022 at 12:57 am<br>
<b>To: </b>"Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org><br>
<b>Subject: </b>Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto</span><span style="font-size:12.0pt;color:black;mso-fareast-language:EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal"><span lang="EN-GB">Hi Richard,</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB">Yes, from what I’ve seen in the logs there are multiple branches happening. One between Teams and Kamailio and one between Kamailio and Asterisk.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB">In terms of the rtpengine processing, I’ve tried lots of different variations, but right now I’ve got:</span><o:p></o:p></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo3"><span lang="EN-GB">Rtpengine_manage() by itself for new branches and replies (MANAGE_BRANCH, MANAGE_REPLY)</span><o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo3"><span lang="EN-GB">Rtpengine_manage(“RTP/AVP”) or rtpengine_manage(“RTP/SAVP”) essentially in request_route for the initial invites to/from Teams</span><o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0cm;mso-list:l1 level1 lfo3"><span lang="EN-GB">I do also have the stock NATMANAGE using rtpengine but there’s no NAT involved here so I don’t think it applies.</span><o:p></o:p></li></ul>
<div>
<div>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">So as far as I can tell, I shouldn’t be calling rtpengine_manage multiple times. Is this bad to do? I did have previous configs where I was doing this. E.g. during RELAY I would call
it with general options and then just modify AVP or SAVP in another section.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Interestingly, I noticed that a new branch is created just as I answer the call, and this is when it fails, so perhaps the issue is with how I’m handling new branches then? Below is a
bit of a log to try and summarise what’s happening. Unfortunately it’s not logging the MS Teams side of the call except for the initial invite.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">I will work on getting you a sip dump as it’s probably the easiest way to properly see what’s going on. Thanks!</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">root@sbc5-syd-01:/etc/kamailio# tail -f /var/log/syslog | grep RTPEngine</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Mar 4 00:39:38 sbc5-syd-01 kamailio[9240]: 44(9311) ERROR: {1 1 INVITE 5b76dfb297c455358bb0ec0dac3c1af7} <script>: -- RTPEngine: Converting Teams outbound call from SRTP to RTP before
relay.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Mar 4 00:39:38 sbc5-syd-01 kamailio[9240]: 44(9311) ERROR: {1 1 INVITE 5b76dfb297c455358bb0ec0dac3c1af7} <script>: -- RTPEngine: New Branch to sip:+61xxx@kamailio:5060</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Mar 4 00:39:38 sbc5-syd-01 kamailio[9240]: 44(9311) ERROR: {1 1 INVITE 5b76dfb297c455358bb0ec0dac3c1af7} <script>: RTPEngine: Converting to RTP</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Mar 4 00:39:38 sbc5-syd-01 kamailio[9240]: 11(9278) ERROR: {2 1 INVITE 5b76dfb297c455358bb0ec0dac3c1af7} <script>: -- RTPEngine: Reply 100 from kamailio:5060 to asterisk:5060</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Mar 4 00:39:40 sbc5-syd-01 kamailio[9240]: 9(9276) ERROR: {2 1 INVITE 5b76dfb297c455358bb0ec0dac3c1af7} <script>: -- RTPEngine: Reply 183 from kamailio:5060 to asterisk:5060</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Mar 4 00:39:40 sbc5-syd-01 kamailio[9240]: 9(9276) ERROR: {2 1 INVITE 5b76dfb297c455358bb0ec0dac3c1af7} <script>: RTPEngine: Sticking to SRTP</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Mar 4 00:39:40 sbc5-syd-01 kamailio[9240]: 15(9282) ERROR: {2 1 INVITE 5b76dfb297c455358bb0ec0dac3c1af7} <script>: -- RTPEngine: Reply 183 from kamailio:5060 to asterisk:5060</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Mar 4 00:39:40 sbc5-syd-01 kamailio[9240]: 15(9282) ERROR: {2 1 INVITE 5b76dfb297c455358bb0ec0dac3c1af7} <script>: RTPEngine: Sticking to SRTP</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Mar 4 00:39:49 sbc5-syd-01 kamailio[9240]: 16(9283) ERROR: {2 1 INVITE 5b76dfb297c455358bb0ec0dac3c1af7} <script>: -- RTPEngine: Reply 200 from kamailio:5060 to asterisk:5060</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Mar 4 00:39:49 sbc5-syd-01 kamailio[9240]: 16(9283) ERROR: {2 1 INVITE 5b76dfb297c455358bb0ec0dac3c1af7} <script>: RTPEngine: Sticking to SRTP</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">Mar 4 00:39:49 sbc5-syd-01 kamailio[9240]: 46(9314) ERROR: {1 2 BYE 5b76dfb297c455358bb0ec0dac3c1af7} <script>: -- RTPEngine: New Branch to sip:asterisk:5060</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB">*** Call fails here</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black;mso-fareast-language:EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="color:black"><br>
<b>Rhys Hanrahan</b> | Chief Information Officer<br>
<b>e:</b> <a href="mailto:rhys@nexusone.com.au">rhys@nexusone.com.au</a> <br>
<br>
</span><a href="http://www.nexusone.com.au/"><span style="color:windowtext;text-decoration:none"><span lang="EN-GB" style="color:black"><img border="0" width="229" height="57" style="width:2.3854in;height:.5937in" id="_x0000_i1028" src="cid:image003.png@01D82F64.15D9CCE0"></span></span></a><span lang="EN-GB" style="color:black"> </span><a href="http://www.fusiontech.com.au/"><span style="color:windowtext;text-decoration:none"><span lang="EN-GB" style="color:black"><img border="0" width="197" height="59" style="width:2.052in;height:.6145in" id="_x0000_i1027" src="cid:image004.png@01D82F64.15D9CCE0" alt="signature_769552444"></span></span></a><span lang="EN-GB" style="font-size:12.0pt;color:black"><br>
</span><b><span lang="EN-GB" style="font-size:12.0pt;color:#0070C0"><br>
</span></b><b><span lang="EN-GB" style="font-size:12.0pt;color:#1F4E79">NEXUS ONE</span></b><b><span lang="EN-GB" style="font-size:12.0pt;color:#0070C0"> </span></b><b><span lang="EN-GB" style="font-size:12.0pt;color:black">|</span></b><b><span lang="EN-GB" style="font-size:12.0pt;color:#0070C0"> FUSION
TECHNOLOGY SOLUTIONS</span></b><b><span lang="EN-GB" style="color:#0070C0"><br>
</span></b><b><span lang="EN-GB" style="color:black">p:</span></b><span lang="EN-GB" style="color:black"> 1800 NEXUS1 (1800 639 871) or 1800 565 845 <b>|</b> <b>a:</b> Suite 12.03 Level 12, 227 Elizabeth Street, Sydney NSW 2000<br>
<a href="http://www.nexusone.com.au/">www.nexusone.com.au</a> <b>|</b> <a href="http://www.fusiontech.com.au/">www.fusiontech.com.au</a><br>
<br>
</span><i><span lang="EN-GB" style="font-size:9.0pt;color:#767171">The information in this email and any accompanying attachments may contain; a. Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; b. Legally
privileged information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; and or c. Copyright material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties. If you have received this email in error, please notify
the sender immediately and delete this message. Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd does not accept any responsibility for loss or damage arising from the use or distribution of this email.</span></i><span lang="EN-GB" style="font-size:10.0pt;color:black"><br>
<br>
</span><i><span lang="EN-GB" style="font-size:8.0pt;color:#1F4E79;mso-fareast-language:EN-GB">Please consider the environment before printing this email.</span></i><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB"> </span><o:p></o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">sr-users <sr-users-bounces@lists.kamailio.org> on behalf of Richard Fuchs <rfuchs@sipwise.com><br>
<b>Organisation: </b>Sipwise GmbH<br>
<b>Reply to: </b>"Kamailio (SER) - Users Mailing List" <sr-users@lists.kamailio.org><br>
<b>Date: </b>Friday, 4 March 2022 at 12:10 am<br>
<b>To: </b>"sr-users@lists.kamailio.org" <sr-users@lists.kamailio.org><br>
<b>Subject: </b>Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Are there multiple branches involved? Is the same invite being processed (and manipulated by rtpengine) multiple times, perhaps with different options (e.g. once for RTP and once for SRTP)?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Cheers<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">On 03/03/2022 06.07, [EXT] Rhys Hanrahan wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi Everyone,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I have Kamailio sitting between MS Teams and Asterisk, and using rtpengine to terminate SRTP on Kamailio so that all my internal traffic is unencrypted. My current config works fine for inbound calls where I initiate the INVITE and Teams
responds, but if Teams sends the INVITE I am having an issue where SRTP cannot finish negotiating. Non SRTP calls work fine with RTPEngine as well, so it’s just the RTP to SRTP I am struggling with.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">According to this I believe I must pass a=crypto in response to the INVITE which also has a=crypto:
<a href="https://www.dialogic.com/-/media/1f8b54b43087407d9c2b38846c5c2cb5.ashx?h=408&w=622">
https://www.dialogic.com/-/media/1f8b54b43087407d9c2b38846c5c2cb5.ashx?h=408&w=622</a><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">You can see that in the initial invite from Teams, I get RTP/SAVP with a=crypto, but I do not send one in my OK response after 183 Session In Progress.
<b>As below – I am wondering if it’s because not all audio channels seem to be getting swapped to SAVP?</b><o:p></o:p></p>
<p class="MsoNormal">I’d like to do a generic SRTP <> RTP bridge config (I’ve tried below). However, I am not 100% sure on how to detect when to swap between AVP and SAVP, so I’ve also tried just doing rtpengine_manage() and relying on other code to swap between
SAVP or AVP *<b>only</b>* when going to/from Teams to keep it simple. I also tried both with and without “replace-origin replace-session-connection ICE=remove” but I still get the same behaviour in all cases.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Any advice appreciated, as this is my first time dealing with SRTP (and rtpengine). Feeling very stuck. Thanks!<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">branch_route[MANAGE_BRANCH] {<o:p></o:p></p>
<p class="MsoNormal">…<o:p></o:p></p>
<p class="MsoNormal"> route(NATMANAGE);<o:p></o:p></p>
<p class="MsoNormal"> route(HANDLE_SRTP);<o:p></o:p></p>
<p class="MsoNormal">}<o:p></o:p></p>
<p class="MsoNormal">onreply_route[MANAGE_REPLY] {<o:p></o:p></p>
<p class="MsoNormal"> xdbg("incoming reply\n");<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> if(status=~"[12][0-9][0-9]") {<o:p></o:p></p>
<p class="MsoNormal"> route(NATMANAGE);<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal"> route(HANDLE_SRTP);<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">}<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">route[HANDLE_SRTP] {<o:p></o:p></p>
<p class="MsoNormal"> if (!has_body("application/sdp")) {<o:p></o:p></p>
<p class="MsoNormal"> return;<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal"> rtpengine_manage();<o:p></o:p></p>
<p class="MsoNormal"> return; # As a test, just do rtpengine_manage() and set SAVP/AVP elsewhere. Same behaviour.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> # Handle bridging of RTP and SRTP<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> # Inbound traffic to SBC should be converted from SRTP to RTP<o:p></o:p></p>
<p class="MsoNormal"> if (proto==TLS) {<o:p></o:p></p>
<p class="MsoNormal"> rtpengine_manage("RTP/AVP");<o:p></o:p></p>
<p class="MsoNormal"> # Outbound traffic destined to a TLS destination should be converted from RTP to SRTP<o:p></o:p></p>
<p class="MsoNormal"> } else if ($ru =~ "transport=tls") {<o:p></o:p></p>
<p class="MsoNormal"> rtpengine_manage("RTP/SAVP");<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal">}<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"># INVITE from teams<o:p></o:p></p>
<p class="MsoNormal">rtpengine_manage("replace-origin replace-session-connection ICE=remove RTP/AVP");<o:p></o:p></p>
<p class="MsoNormal"># INVITE to teams<o:p></o:p></p>
<p class="MsoNormal">rtpengine_manage("replace-origin replace-session-connection ICE=remove RTP/SAVP");<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">INVITE
<a href="sip:+614xxxx@rh.sbc-syd-01.teams.xxxx:5061;user=phone;transport=tls">sip:+614xxxx@rh.sbc-syd-01.teams.xxxx:5061;user=phone;transport=tls</a> SIP/2.0^M</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">…<br>
<span style="background:white">v=0^M</span><br>
<span style="background:white">o=- 57931 0 IN IP4 127.0.0.1^M</span><br>
<span style="background:white">s=session^M</span><br>
<span style="background:white">c=IN IP4 52.113.76.53^M</span><br>
<span style="background:white">b=CT:10000000^M</span><br>
<span style="background:white">t=0 0^M</span><br>
<b><span style="background:white">m=audio 51398 RTP/SAVP 104 9 103 111 18 0 8 97 101 13 118^M</span></b><br>
<span style="background:white">c=IN IP4 52.113.76.53^M</span><br>
<span style="background:white">a=rtcp:51399^M</span><br>
<span style="background:white">a=ice-ufrag:C8ss^M</span><br>
<span style="background:white">a=ice-pwd:2bV9D6GcXF5f8m0px/wufQD/^M</span><br>
<span style="background:white">a=rtcp-mux^M</span><br>
<span style="background:white">a=candidate:1 1 UDP 2130706431 52.113.76.53 51398 typ srflx raddr 10.0.32.179 rport 51398^M</span><br>
<span style="background:white">a=candidate:1 2 UDP 2130705918 52.113.76.53 51399 typ srflx raddr 10.0.32.179 rport 51399^M</span><br>
<span style="background:white">a=candidate:2 1 tcp-act 2121006078 52.113.76.53 49152 typ srflx raddr 10.0.32.179 rport 49152^M</span><br>
<span style="background:white">a=candidate:2 2 tcp-act 2121006078 52.113.76.53 49152 typ srflx raddr 10.0.32.179 rport 49152^M</span><br>
<span style="background:white">a=label:main-audio^M</span><br>
<span style="background:white">a=<a href="mid:1%5eM">mid:1^M</a></span><br>
<b><span style="background:white">a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:geUHLB1mshmnI5hN83bnO57Hbdm2i7dD14sDAnpA|2^31^M</span></b><br>
<span style="background:white">a=sendrecv^M</span><br>
<span style="background:white">a=rtpmap:104 SILK/16000^M</span><br>
<span style="background:white">a=rtpmap:9 G722/8000^M</span><br>
<span style="background:white">a=rtpmap:103 SILK/8000^M</span><br>
<span style="background:white">a=rtpmap:111 SIREN/16000^M</span><br>
<span style="background:white">a=fmtp:111 bitrate=16000^M</span><br>
<span style="background:white">a=rtpmap:18 G729/8000^M</span><br>
<span style="background:white">a=fmtp:18 annexb=no^M</span><br>
<span style="background:white">a=rtpmap:0 PCMU/8000^M</span><br>
<span style="background:white">a=rtpmap:8 PCMA/8000^M</span><br>
<span style="background:white">a=rtpmap:97 RED/8000^M</span><br>
<span style="background:white">a=rtpmap:101 telephone-event/8000^M</span><br>
<span style="background:white">a=fmtp:101 0-16^M</span><br>
<span style="background:white">a=rtpmap:13 CN/8000^M</span><br>
<span style="background:white">a=rtpmap:118 CN/16000^M</span><br>
<span style="background:white">a=ptime:20^M</span></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">I correctly convert to/from RTP/AVP and RTP/SAVP for the 183 Session in progress. It is RTP/SAVP before going to Teams:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">SIP/2.0 183 Session Progress^M</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">…</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">v=0^M</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><br>
<span style="background:white">o=- 57931 2 IN IP4 1.2.3.4^M</span><br>
<span style="background:white">s=NexusOne^M</span><br>
<span style="background:white">c=IN IP4 1.2.3.4^M</span><br>
<span style="background:white">t=0 0^M</span><br>
<b><span style="background:white">m=audio 37820 RTP/SAVP 9 8 0 101^M</span></b><br>
<span style="background:white">a=maxptime:150^M</span><br>
<span style="background:white">a=<a href="mid:1%5eM">mid:1^M</a></span><br>
<span style="background:white">a=rtpmap:9 G722/8000^M</span><br>
<span style="background:white">a=rtpmap:8 PCMA/8000^M</span><br>
<span style="background:white">a=rtpmap:0 PCMU/8000^M</span><br>
<span style="background:white">a=rtpmap:101 telephone-event/8000^M</span><br>
<span style="background:white">a=fmtp:101 0-16^M</span><br>
<span style="background:white">a=sendrecv^M</span><br>
<span style="background:white">a=rtcp:37821^M</span><br>
<span style="background:white">a=ptime:20^M</span><br>
<b><span style="background:white">m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M</span><br>
<span style="background:white">m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M</span></b></span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">But then when I send the OK after the 183, I am setting RTP/SAVP before sending to MS Teams, but not setting a=crypto:</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">Also note that I can see there are _<i>some</i>_ channels still as RTP/AVP so maybe this is part of the issue.</span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">SIP/2.0 200 OK^M</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">…</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black;background:white">v=0^M</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><br>
<span style="background:white">o=- 57931 2 IN IP4 1.2.3.4^M</span><br>
<span style="background:white">s=NexusOne^M</span><br>
<span style="background:white">c=IN IP4 1.2.3.4^M</span><br>
<span style="background:white">t=0 0^M</span><br>
<b><span style="background:white">m=audio 37820 RTP/SAVP 9 8 0 101^M</span><br>
</b><span style="background:white">a=maxptime:150^M</span><br>
<span style="background:white">a=<a href="mid:1%5eM">mid:1^M</a></span><br>
<span style="background:white">a=rtpmap:9 G722/8000^M</span><br>
<span style="background:white">a=rtpmap:8 PCMA/8000^M</span><br>
<span style="background:white">a=rtpmap:0 PCMU/8000^M</span><br>
<span style="background:white">a=rtpmap:101 telephone-event/8000^M</span><br>
<span style="background:white">a=fmtp:101 0-16^M</span><br>
<span style="background:white">a=sendrecv^M</span><br>
<span style="background:white">a=rtcp:37821^M</span><br>
<span style="background:white">a=ptime:20^M</span><br>
<b><span style="background:white">m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M</span><br>
<span style="background:white">m=audio 0 RTP/AVP 104 9 103 111 18 0 8 97 101 13 118^M</span></b></span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-GB" style="color:black;mso-fareast-language:EN-AU"><br>
<b>Rhys Hanrahan</b> | Chief Information Officer<br>
<b>e:</b> <a href="mailto:rhys@nexusone.com.au">rhys@nexusone.com.au</a> <br>
<br>
</span><a href="http://www.nexusone.com.au/"><span style="color:windowtext;text-decoration:none"><span style="color:black;mso-fareast-language:EN-AU"><img border="0" width="229" height="57" style="width:2.3854in;height:.5937in" id="Picture_x0020_1" src="cid:image005.png@01D82F64.15D9CCE0" alt="www.nexusone.com.au"></span></span></a><span lang="EN-GB" style="color:black;mso-fareast-language:EN-AU"> </span><a href="http://www.fusiontech.com.au/"><span style="color:windowtext;text-decoration:none"><span style="color:black;mso-fareast-language:EN-AU"><img border="0" width="197" height="59" style="width:2.052in;height:.6145in" id="Picture_x0020_2" src="cid:image006.png@01D82F64.15D9CCE0" alt="signature_1116663581"></span></span></a><span lang="EN-GB" style="color:black;mso-fareast-language:EN-AU"><br>
</span><b><span lang="EN-GB" style="color:#0070C0;mso-fareast-language:EN-AU"><br>
</span></b><b><span lang="EN-GB" style="color:#1F4E79;mso-fareast-language:EN-AU">NEXUS ONE</span></b><b><span lang="EN-GB" style="color:#0070C0;mso-fareast-language:EN-AU"> </span></b><b><span lang="EN-GB" style="color:black;mso-fareast-language:EN-AU">|</span></b><b><span lang="EN-GB" style="color:#0070C0;mso-fareast-language:EN-AU"> FUSION
TECHNOLOGY SOLUTIONS<br>
</span></b><b><span lang="EN-GB" style="color:black;mso-fareast-language:EN-AU">p:</span></b><span lang="EN-GB" style="color:black;mso-fareast-language:EN-AU"> 1800 NEXUS1 (1800 639 871) or 1800 565 845 <b>|</b> <b>a:</b> Suite 12.03 Level 12, 227 Elizabeth
Street, Sydney NSW 2000<br>
<a href="http://www.nexusone.com.au/">www.nexusone.com.au</a> <b>|</b> <a href="http://www.fusiontech.com.au/">www.fusiontech.com.au</a><br>
<br>
</span><i><span lang="EN-GB" style="font-size:9.0pt;color:#767171;mso-fareast-language:EN-AU">The information in this email and any accompanying attachments may contain; a. Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or
third parties; b. Legally privileged information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; and or c. Copyright material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties. If you have received this email
in error, please notify the sender immediately and delete this message. Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd does not accept any responsibility for loss or damage arising from the use or distribution of this email.</span></i><span lang="EN-GB" style="font-size:10.0pt;color:black;mso-fareast-language:EN-AU"><br>
<br>
</span><i><span lang="EN-GB" style="font-size:8.0pt;color:#1F4E79;mso-fareast-language:EN-GB">Please consider the environment before printing this email.</span></i><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-GB"><br>
<br>
<br>
</span><o:p></o:p></p>
<pre>__________________________________________________________<o:p></o:p></pre>
<pre>Kamailio - Users Mailing List - Non Commercial Discussions<o:p></o:p></pre>
<pre> * <a href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a><o:p></o:p></pre>
<pre>Important: keep the mailing list in the recipients, do not reply only to the sender!<o:p></o:p></pre>
<pre>Edit mailing list options or unsubscribe:<o:p></o:p></pre>
<pre> * <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><o:p></o:p></pre>
</blockquote>
</div>
</body>
</html>