[SR-Users] Configuration to use rtpengine for SRTP

[Richard Fuchs]

On 07/27/2017 12:01 AM, David Cunningham wrote:
> Hi Daniel,
>
> Thanks very much for that reply. We now detect whether the destination 
> is using TLS successfully using $ru and pcre_match().
>
> Now when we call Asterisk -> Kamailio+rtpengine -> TLS phone, the TLS 
> phone rings but the call drops immediately when it answers. The issue 
> is that Asterisk doesn't like the 200 OK from the phone, which 
> contains SRTP information. The error logged by Asterisk is "Rejecting 
> secure audio stream without encryption details". I've included the SDP 
> below.
>
>
> Our questions now are:
> 1) Our goal is to have Kamailio+rtpengine act as a TLS/SRTP <--> Plain 
> SIP/RTP bridge. Is it possible to configure Kamailio so that Asterisk 
> never sees the encryption information in the 200 OK?

Yes, you just need to instruct rtpengine to translate the SDP to plain 
RTP when sending to Asterisk. The appropriate flag to use in this case 
would be `RTP/AVP`. Other flags might be relevant (e.g. if Asterisk 
doesn't want to see any ICE information, use `ICE=remove`).

> 2) Is there anything wrong with the SDP returned by the TLS phone? For 
> example, you mentioned before SDES SRTP and I wonder if the type of 
> SRTP is not acceptable for some reason.

This is also something you can control with flags given to rtpengine in 
the other direction (plain RTP being translated to SRTP). By default, 
both SDES and DTLS are offered. Either can be disabled by `SDES-off` and 
`DTLS=off` respectively. Please see the docs at https://goo.gl/ivMQ6C


Cheers