[SR-Users] "Discarded invalid SRTP packet: authentication failed" warning

Daniel-Constantin Mierla miconda at gmail.com
Mon Jan 7 09:15:03 CET 2019


Hello,

thanks for sharing, very useful to know.

Was the wrong location of the iptables module a result of ugrading some
packages (like kernel or iptables)? I assume the initial installation
deploys the module in the right location. Asking to see if one needs to
do a re-install of the rtpengine after kernel or other specific updates.

Can step 2 be solved by a reboot of the server?

Cheers,
Daniel

On 07.01.19 02:42, David Cunningham wrote:
> Hello all,
>
> We solved this issue with the help of Richard Fuchs. There were two
> issues:
>
> 1. The iptables module was in the wrong location and thus wasn't
> loaded. The daemon thought that the kernel was handling packets and
> took the ROC updates from it, but didn't actually see any packets and
> so the ROC reset, resulting in decryption errors. The correct location
> can be found with "pkg-config xtables --variable=xtlibdir".
>
> 2. Even after fixing the above, the iptables module didn't load
> properly until rtpengine was stopped, the iptables rules removed, the
> kernel module unloaded, and then this process reversed to load
> everything again.
>
> I hope this helps someone else in the future.
>
>
> On Wed, 12 Dec 2018 at 11:05, David Cunningham
> <dcunningham at voisonics.com <mailto:dcunningham at voisonics.com>> wrote:
>
>     Hello,
>
>     We're having an issue with rtpengine (used by Kamailio) where
>     audio works initially, but then after an apparently random amount
>     of time stop working. We see that when audio stops working
>     rtpengine logs this:
>
>     Dec 10 09:58:57 hostname rtpengine[376]: WARNING:
>     [Pl1SeGDssOsDNWQdvey4lg.. port 48766]: Discarded invalid SRTP
>     packet: authentication failed
>
>     It then logs similar messages until the call hangs up. No such
>     messages were logged while audio was working.
>
>     Searching for this error message suggests that a change in the
>     SSRC can cause the problem, but we don't see any such change in
>     the PCAP. The source IP, port, codec, and SSRC all stay the same,
>     and the Sequence increments as normal.
>
>     Does anyone have suggestions on where to look next? We can share
>     the PCAP privately if that would help anyone.
>
>     Thanks for any advice!
>
>     -- 
>     David Cunningham, Voisonics Limited
>     http://voisonics.com/
>     USA: +1 213 221 1092
>     New Zealand: +64 (0)28 2558 3782
>
>
>
> -- 
> David Cunningham, Voisonics Limited
> http://voisonics.com/
> USA: +1 213 221 1092
> New Zealand: +64 (0)28 2558 3782
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - May 6-8, 2019 -- www.kamailioworld.com
Kamailio Advanced Training - Mar 4-6, 2019 in Berlin; Mar 25-27, 2019, in Washington, DC, USA -- www.asipto.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190107/1d0339a6/attachment.html>


More information about the sr-users mailing list