[SR-Users] rtpengine - SRTP <> RTP missing a=crypto

Rhys Hanrahan rhys at nexusone.com.au
Thu Mar 3 14:13:15 CET 2022

Hey Matthias,

Thanks for the reply, and the pointers!

I guess the thing that’s confusing me most is that in my existing config, the 183 reply from Asterisk comes in as RTP/AVP and then Kamailio *does* change it to RTP/SAVP in the 183 forwarded to teams *and* the same thing happens for the subsequent 200 OK. So to me that indicates that rtpengine_manage is already re-writing the SDP offers between RTP and SRTP to some level? But for some reason the crypto attribute is still missing in this one case.

If I remove my attempts to re-write to/from RTP/SAVP then it’s RTP/AVP all the way through (as that’s what Asterisk sends to Kamailio) and it gets rejected because SRTP is required, whereas right now it fails because SRTP fails to negotiate – so it’s not the same error.

Regardless, I am still working on a solution based on what you’ve said where I more explicitly call rtpengine_manage and pass in RTP/AVP or SAVP in MANAGE_BRANCH and MANAGE_REPLY. But no luck yet! Still missing the crypto attribute in the same spot unfortunately.


Rhys Hanrahan | Chief Information Officer
e: rhys at nexusone.com.au<mailto:rhys at nexusone.com.au>

[www.nexusone.com.au]<http://www.nexusone.com.au/>   [signature_21907561] <http://www.fusiontech.com.au/>

p: 1800 NEXUS1 (1800 639 871) or 1800 565 845 | a: Suite 12.03 Level 12, 227 Elizabeth Street, Sydney NSW 2000
www.nexusone.com.au<http://www.nexusone.com.au/> | www.fusiontech.com.au<http://www.fusiontech.com.au/>

The information in this email and any accompanying attachments may contain; a. Confidential information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; b. Legally privileged information of Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties; and or c. Copyright material Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd or third parties. If you have received this email in error, please notify the sender immediately and delete this message. Fusion Technology Solutions Pty Ltd, Nexus One Pty Ltd does not accept any responsibility for loss or damage arising from the use or distribution of this email.

Please consider the environment before printing this email.

From: sr-users <sr-users-bounces at lists.kamailio.org> on behalf of Matthias Urlichs <matthias at urlichs.de>
Reply to: "Kamailio (SER) - Users Mailing List" <sr-users at lists.kamailio.org>
Date: Thursday, 3 March 2022 at 11:06 pm
To: "sr-users at lists.kamailio.org" <sr-users at lists.kamailio.org>
Subject: Re: [SR-Users] rtpengine - SRTP <> RTP missing a=crypto

On 03.03.22 12:07, Rhys Hanrahan wrote:
Any advice appreciated, as this is my first time dealing with SRTP (and rtpengine). Feeling very stuck. Thanks!

Yeah, me too. ;-)

Basically you need to call "rtpengine_manage" with the correct parameter, i.e. either RTP/AVP or RTP/SAVP, based on whether audio to the destination of the message is to be encrypted or not. This applies to basically any message with "application/sdp" content, i.e. both the INVITE *and* the 183 or 200 reply.

Thus if you relay from encrypted to plaintext, the INVITE's handler needs to call rtpengine_manage("… RTP/AVP") and the response handler needs to call rtpengine_manage("… RTP/SAVP").

In my code I discover these settings (for both call source and destination) during the INVITE, then I save them in a couple of XAVU variables. All the other handlers just select source / destination based on whether the message's source IP address is the same as the INVITE's.

IMHO it's way easier to program the whole thing in Python instead of Kamailio's language. This in turn would be much simpler if Kamailio used threads instead of separate processes and shared memory, but apparently you can't have everything. :-P


-- Matthias Urlichs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220303/4ceeb24a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 13849 bytes
Desc: image001.png
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220303/4ceeb24a/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 9101 bytes
Desc: image002.png
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220303/4ceeb24a/attachment-0001.png>

More information about the sr-users mailing list