Hello all,

We solved this issue with the help of Richard Fuchs. There were two issues:

1. The iptables module was in the wrong location and thus wasn't loaded. The daemon thought that the kernel was handling packets and took the ROC updates from it, but didn't actually see any packets and so the ROC reset, resulting in decryption errors. The correct location can be found with "pkg-config xtables --variable=xtlibdir".

2. Even after fixing the above, the iptables module didn't load properly until rtpengine was stopped, the iptables rules removed, the kernel module unloaded, and then this process reversed to load everything again.

I hope this helps someone else in the future.


On Wed, 12 Dec 2018 at 11:05, David Cunningham <dcunningham@voisonics.com> wrote:
Hello,

We're having an issue with rtpengine (used by Kamailio) where audio works initially, but then after an apparently random amount of time stop working. We see that when audio stops working rtpengine logs this:

Dec 10 09:58:57 hostname rtpengine[376]: WARNING: [Pl1SeGDssOsDNWQdvey4lg.. port 48766]: Discarded invalid SRTP packet: authentication failed

It then logs similar messages until the call hangs up. No such messages were logged while audio was working.

Searching for this error message suggests that a change in the SSRC can cause the problem, but we don't see any such change in the PCAP. The source IP, port, codec, and SSRC all stay the same, and the Sequence increments as normal.

Does anyone have suggestions on where to look next? We can share the PCAP privately if that would help anyone.

Thanks for any advice!

--
David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782


--
David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782