[SR-Users] Configuration to use rtpengine for SRTP

David Cunningham dcunningham at voisonics.com
Mon Jul 31 05:01:12 CEST 2017


Hi Richard,

Thank you for the reply, it makes sense. We're using a line like this for
calls from plain RTP to SRTP, however the SDP arrives at the TLS phone with
no mention of encryption. Have you any idea what's wrong?

rtpengine_manage( "force trust-address replace-origin
replace-session-connection rtcp-mux-accept rtcp-mux-offer ICE=force
RTP/SAVPF" );

I've also attached the rtpengine log in case it helps.

Thanks very much.


On 27 July 2017 at 23:30, Richard Fuchs <rfuchs at sipwise.com> wrote:

> On 07/27/2017 12:01 AM, David Cunningham wrote:
>
>> Hi Daniel,
>>
>> Thanks very much for that reply. We now detect whether the destination is
>> using TLS successfully using $ru and pcre_match().
>>
>> Now when we call Asterisk -> Kamailio+rtpengine -> TLS phone, the TLS
>> phone rings but the call drops immediately when it answers. The issue is
>> that Asterisk doesn't like the 200 OK from the phone, which contains SRTP
>> information. The error logged by Asterisk is "Rejecting secure audio stream
>> without encryption details". I've included the SDP below.
>>
>>
>> Our questions now are:
>> 1) Our goal is to have Kamailio+rtpengine act as a TLS/SRTP <--> Plain
>> SIP/RTP bridge. Is it possible to configure Kamailio so that Asterisk never
>> sees the encryption information in the 200 OK?
>>
>
> Yes, you just need to instruct rtpengine to translate the SDP to plain RTP
> when sending to Asterisk. The appropriate flag to use in this case would be
> `RTP/AVP`. Other flags might be relevant (e.g. if Asterisk doesn't want to
> see any ICE information, use `ICE=remove`).
>
> 2) Is there anything wrong with the SDP returned by the TLS phone? For
>> example, you mentioned before SDES SRTP and I wonder if the type of SRTP is
>> not acceptable for some reason.
>>
>
> This is also something you can control with flags given to rtpengine in
> the other direction (plain RTP being translated to SRTP). By default, both
> SDES and DTLS are offered. Either can be disabled by `SDES-off` and
> `DTLS=off` respectively. Please see the docs at https://goo.gl/ivMQ6C
>
>
> Cheers
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>



-- 
David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
Australia: +61 (0) 2 8063 9019
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20170731/8bbb4ebf/attachment.html>
-------------- next part --------------
Jul 30 19:57:39 hostname /sbin/kamailio[27506]: DEBUG: rtpengine [rtpengine_funcs.c:148]: check_content_type(): type <application/sdp> found valid
Jul 30 19:57:39 hostname rtpengine[14113]: INFO: [2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070]: Received command 'offer' from xx.xx.xx.78:51771
Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070]: Dump for 'offer' from xx.xx.xx.78:51771: { "sdp": "v=0#015#012o=root 579620384 579620384 IN IP4 xx.xx.xx.78#015#012s=Asterisk PBX 11.25.1#015#012c=IN IP4 xx.xx.xx.78#015#012t=0 0#015#012m=audio 12242 RTP/AVP 0 9 8 10 3 111 5 7 110 97 101#015#012a=rtpmap:0 PCMU/8000#015#012a=rtpmap:9 G722/8000#015#012a=rtpmap:8 PCMA/8000#015#012a=rtpmap:10 L16/8000#015#012a=rtpmap:3 GSM/8000#015#012a=rtpmap:111 G726-32/8000#015#012a=rtpmap:5 DVI4/8000#015#012a=rtpmap:7 LPC/8000#015#012a=rtpmap:110 speex/8000#015#012a=rtpmap:97 iLBC/8000#015#012a=rtpmap:101 telephone-event/8000#015#012a=fmtp:101 0-16#015#012a=ptime:2 ...
Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070]: ... 0#015#012a=sendrecv#015#012", "ICE": "force", "flags": [ "force", "trust-address" ], "replace": [ "origin", "session-connection" ], "transport-protocol": "RTP/SAVPF", "rtcp-mux": [ "accept", "offer" ], "call-id": "2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070", "received-from": [ "IP4", "xx.xx.xx.78" ], "from-tag": "as4df4c384", "command": "offer" }
Jul 30 19:57:39 hostname rtpengine[14113]: WARNING: [2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070]: Unknown flag encountered: 'force'
Jul 30 19:57:39 hostname rtpengine[14113]: NOTICE: [2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070]: Creating new call
Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070]: set FILLED flag for stream xx.xx.xx.78:12242
Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070]: set FILLED flag for stream xx.xx.xx.78:12243
Jul 30 19:57:39 hostname rtpengine[14113]: INFO: [2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070]: offer time = 0.000338 sec
Jul 30 19:57:39 hostname rtpengine[14113]: INFO: [2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070]: Replying to 'offer' from xx.xx.xx.78:51771
Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070]: Response dump for 'offer' to xx.xx.xx.78:51771: { "sdp": "v=0#015#012o=root 579620384 579620384 IN IP4 xx.xx.xx.78#015#012s=Asterisk PBX 11.25.1#015#012c=IN IP4 xx.xx.xx.78#015#012t=0 0#015#012m=audio 48144 RTP/SAVPF 0 9 8 10 3 111 5 7 110 97 101#015#012a=rtpmap:0 PCMU/8000#015#012a=rtpmap:9 G722/8000#015#012a=rtpmap:8 PCMA/8000#015#012a=rtpmap:10 L16/8000#015#012a=rtpmap:3 GSM/8000#015#012a=rtpmap:111 G726-32/8000#015#012a=rtpmap:5 DVI4/8000#015#012a=rtpmap:7 LPC/8000#015#012a=rtpmap:110 speex/8000#015#012a=rtpmap:97 iLBC/8000#015#012a=rtpmap:101 telephone-event/8000#015#012a=fmtp:101 0-16#015#012 ...
Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [2efc3439125a167d24efa2d609912131 at xx.xx.xx.78:5070]: ... a=ptime:20#015#012a=sendrecv#015#012a=rtcp:48145#015#012a=rtcp-mux#015#012a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8kPQ4PUH3WRN/kALaLWkBh82FX2WW0WVRVMuAb1O#015#012a=setup:actpass#015#012a=fingerprint:sha-1 8E:5F:0B:B1:BA:AC:62:3C:C7:A6:F5:04:23:DA:0F:90:48:A3:C6:EF#015#012a=ice-ufrag:upBKkEvw#015#012a=ice-pwd:DgtxAvMgPSz41tmqDbIU825CqE#015#012a=candidate:io9MsxHW16F9fQY8 1 UDP 2130706431 xx.xx.xx.78 48144 typ host#015#012a=candidate:io9MsxHW16F9fQY8 2 UDP 2130706430 xx.xx.xx.78 48145 typ host#015#012", "result": "ok" }
Jul 30 19:57:39 hostname /sbin/kamailio[27506]: DEBUG: rtpengine [rtpengine.c:1448]: rtpp_function_call(): proxy reply: d3:sdp883:v=0#015#012o=root 579620384 579620384 IN IP4 xx.xx.xx.78#015#012s=Asterisk PBX 11.25.1#015#012c=IN IP4 xx.xx.xx.78#015#012t=0 0#015#012m=audio 48144 RTP/SAVPF 0 9 8 10 3 111 5 7 110 97 101#015#012a=rtpmap:0 PCMU/8000#015#012a=rtpmap:9 G722/8000#015#012a=rtpmap:8 PCMA/8000#015#012a=rtpmap:10 L16/8000#015#012a=rtpmap:3 GSM/8000#015#012a=rtpmap:111 G726-32/8000#015#012a=rtpmap:5 DVI4/8000#015#012a=rtpmap:7 LPC/8000#015#012a=rtpmap:110 speex/8000#015#012a=rtpmap:97 iLBC/8000#015#012a=rtpmap:101 telephone-event/8000#015#012a=fmtp:101 0-16#015#012a=ptime:20#015#012a=sendrecv#015#012a=rtcp:48145#015#012a=rtcp-mux#015#012a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8kPQ4PUH3WRN/kALaLWkBh82FX2WW0WVRVMuAb1O#015#012a=setup:actpass#015#012a=fingerprint:sha-1 8E:5F:0B:B1:BA:AC:62:3C:C7:A6:F5:04:23:DA:0F:90:48:A3:C6:EF#015#012a=ice-ufrag:upBKkEvw#015#012a=ice-pwd:DgtxAvMgPSz41tmqDbIU825CqE#015#012a=candidate:io9MsxHW16F9fQY8 1 UDP 2130706431 xx.xx.xx.78 48144 typ host#015#012a=candidate:io9MsxHW16F9fQY8 2 UDP 2130706430 xx.xx.xx.78 48145 typ host#015#0126:result2:oke



More information about the sr-users mailing list