Asterisk 1.18.32 <> no SRTP ! <> Linphone 3.8

Hi all,

I would like to ask for pointing me to the right direction.

What I am trying to acomplish: Linphone to Linphone conversiation with SRTP encryption
What is my setup:
Ubuntu Server 12.04
Asterisk 1.18.32, compiled with all modules enabled and srtp is definitely there

[quote]./configure | grep -i srtp
checking for srtp_init in -lsrtp… yes
checking srtp/srtp.h usability… yes
checking srtp/srtp.h presence… yes
checking for srtp/srtp.h… yes
checking for the ability of -lsrtp to be linked in a shared object… yes
checking for srtp_shutdown in -lsrtp… yes
checking for srtp/srtp.h… (cached) yes[/quote]

Clients Linphone 3.8 (Linux/Windows)

I have gone through the instructions wiki.asterisk.org/wiki/display/ … g+Tutorial

Clients are connecting via TLS successfully. I use a self signed certificate.
server setup si according to remiphilippe.fr/asterisk-srtp-with-1-8/
but here comes my first question, where do the lines

exten => 9999,1,Set(_SIP_SRTP_SDES=1) exten => 9999,2,Set(_SIPSRTP=1) exten => 9999,3,Set(_SIPSRTP_CRYPTO=enable)
belong? I know, extensions.conf, but where exactly?

After setting up Linphone to SRTP and initiating a call, I can answer on the other end, there is sound and video, but I can only see “Secured with SRTP” on caller side, not on the callee. I can call the other way too, again with seeng “Secured with SRTP” only on caller side. This lead me to look at

on the server and there came an error

[quote][Mar 27 14:30:09] WARNING[25801]: res_srtp.c:407 ast_srtp_unprotect: SRTP unprotect failed with: authentication failure 10
[Mar 27 14:30:11] WARNING[25801]: res_srtp.c:407 ast_srtp_unprotect: SRTP unprotect failed with: authentication failure 10
== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Mar 27 14:30:12] WARNING[25823]: tcptls.c:669 handle_tcptls_connection: FILE * open failed![/quote]

So I definitely have no SRTP encryption. What does this error mean?

Back to the “Secure Calling Tutorial”, I a “Client certificate” was issued as well. Possibly I get it wrong, but what is a client certificate good for? Is it needed for SRTP? And how to provide this client certificate to Linphone? Why do I need to provide ca.crt (the Certificate Authority)?

I did

cp user1.key user1.pem cat user1.crt >> user1.pem cat ca.crt >> user1.pem
and for other users the same way
and then I imported the pem into Linphone like
(Windows) copied to the end of rootca.pem in Linphone installation dir and
(Ubunt) cp user1.pem /etc/ssl/certs/
I they really work and connect via TLS.

But what’s the problem with SRTP?

By the way, I thought, that RTP is peer-to-peer protocol. Why does all the traffic between the two clients still flow through the server. I can see rtp packes traveling on asterisk server via

From another point of view, there is a server. Far away, there are several clients behind another nat, all on the same local network. When calling from client1 to client2 and if rtp is peer-to-peer, why does all the traffic still go out, to the server and back to the client?

I appologize if I misunderstood some of the concepts (SRTP,TLS,RTP,…), but again, I really appreciate for pointing me to the right direction :smile: Thank you all in advance!

sip.conf

[code][general]
context=internal
videosupport=yes
textsupport=yes
textsupport=yes
accept_outofcall_message=yes
outofcall_message_context=messages
allowguest=no
allowoverlap=no
bindport=5060
bindaddr=192.168.1.108
srvlookup=no
disallow=all
allow=gsm
allow=speex
allow=mpeg4
allow=h264
allow=h263
allow=h263p
alwaysauthreject=yes
canreinvite=no
nat=yes
directrtpsetup=yes
session-timers=refuse
externip=xxx.xxx.xxx.xxx
localnet=192.168.1.0/255.255.255.0
accept_outofcall_message=yes
outofcall_message_context=internal
auth_message_requests=yes
tlsenable=yes
tlsbindaddr=192.168.1.108
;tlscertfile=/etc/asterisk/certificates/asterisk.p1p0.eu.pem
tlscertfile=/etc/asterisk/keys/asterisk.pem
;tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsdontverifyserver=no
tlsclientmethod=tlsv1
encryption=yes
transport=tls

[7001]
type=friend
host=dynamic
md5secret=db69093ccea73123044d83410eec31f5
context=internal

[7002]
type=friend
host=dynamic
md5secret=156cd9603a912a279359498d99fbed3b
context=internal

[pikolino]
type=friend
host=dynamic
md5secret=731cd0fbcae5a440d3a2a02128a2836b
context=internal
callerid=PikoLino <7003>
[/code]

extensions.conf

[code][internal]

exten => 7001,1,Set(_SIP_SRTP_SDES=1)
exten => 7001,n,Set(_SIPSRTP=1)
exten => 7001,n,Set(_SIPSRTP_CRYPTO=enable)
exten => 7001,n,Dial(SIP/7001,60)
exten => 7001,n,Answer()
exten => 7001,n,Playback(vm-nobodyavail)
exten => 7001,n,VoiceMail(7001@main)
exten => 7001,n,Hangup()

exten => 7002,1,Set(_SIP_SRTP_SDES=1)
exten => 7002,n,Set(_SIPSRTP=1)
exten => 7002,n,Set(_SIPSRTP_CRYPTO=enable)
exten => 7002,n,Dial(SIP/7002,60)
exten => 7002,n,Answer()
exten => 7002,n,Playback(vm-nobodyavail)
exten => 7002,n,VoiceMail(7002@main)
exten => 7002,n,Hangup()

exten => 7003,1,Set(_SIP_SRTP_SDES=1)
exten => 7003,n,Set(_SIPSRTP=1)
exten => 7003,n,Set(_SIPSRTP_CRYPTO=enable)
exten => 7003,n,Dial(SIP/pikolino,60)
exten => 7003,n,Answer()
exten => 7003,n,Playback(vm-nobodyavail)
exten => 7003,n,VoiceMail(pikolino@main)
exten => 7003,n,Hangup()

exten => 8001,1,VoicemailMain(7001@main)
exten => 8001,2,Hangup()

exten => 8002,1,VoicemailMain(7002@main)
exten => 8002,2,Hangup()

exten => 8003,1,VoicemailMain(pikolino@main)
exten => 8003,2,Hangup()

exten => 600,1,Playback(demo-echotest) ; Let them know what’s going on
exten => 600,n,Echo ; Do the echo test
exten => 600,n,Playback(demo-echodone) ; Let them know it’s over
exten => 600,n,hangup[/code]

netstat -an

netstat -an | grep :506 tcp 0 0 192.168.1.108:5061 0.0.0.0:* LISTEN tcp 0 0 192.168.1.108:5061 192.168.1.1:32861 ESTABLISHED tcp 0 0 192.168.1.108:5061 193.xx.xx.xx:51302 ESTABLISHED udp 0 0 192.168.1.108:5060 0.0.0.0:*

Ok guys,

for the sake of completeness I just tried two other clients (CSipSimple - Android, Blink - Ubuntu) and got exact the same issue. Caller has an icon or info “SRTP” or “session secured by SRTP…” and the callee has nothing but the info, that the signaling went through TLS, but no encryption.

One another important note is, that if i set “SRTP mandatory” in one of the clients I can’t call it anymore and get “nobody available” here.

[quote][Mar 27 23:41:44] NOTICE[12526]: chan_sip.c:25613 handle_request_subscribe: Received SIP subscribe for peer without mailbox: pikolino
== Using SIP VIDEO CoS mark 6
== Using SIP RTP CoS mark 5
– Executing [7003@internal:1] Set(“SIP/7002-00000006”, “_SIP_SRTP_SDES=1”) in new stack
– Executing [7003@internal:2] Set(“SIP/7002-00000006”, “_SIPSRTP=1”) in new stack
– Executing [7003@internal:3] Set(“SIP/7002-00000006”, “_SIPSRTP_CRYPTO=enable”) in new stack
– Executing [7003@internal:4] Dial(“SIP/7002-00000006”, “SIP/pikolino,60”) in new stack
== Using SIP VIDEO CoS mark 6
== Using SIP RTP CoS mark 5
– Called SIP/pikolino
== Everyone is busy/congested at this time (1:0/0/1)
– Executing [7003@internal:5] Answer(“SIP/7002-00000006”, “”) in new stack
– Executing [7003@internal:6] Playback(“SIP/7002-00000006”, “vm-nobodyavail”) in new stack
– <SIP/7002-00000006> Playing ‘vm-nobodyavail.gsm’ (language ‘en’)
[Mar 27 23:41:59] NOTICE[12383]: chan_sip.c:25613 handle_request_subscribe: Received SIP subscribe for peer without mailbox: 7001
– Executing [7003@internal:7] VoiceMail(“SIP/7002-00000006”, “pikolino@main”) in new stack
– <SIP/7002-00000006> Playing ‘vm-intro.gsm’ (language ‘en’)
– <SIP/7002-00000006> Playing ‘beep.gsm’ (language ‘en’)
– Recording the message
– x=0, open writing: /var/spool/asterisk/voicemail/main/pikolino/tmp/EaERyO format: wav, 0x7f81fc00e358
– User hung up
== Spawn extension (internal, 7003, 7) exited non-zero on ‘SIP/7002-00000006’
[/quote]

When switched back to “SRTP optional” the client is available again.

[quote][Mar 27 23:37:54] NOTICE[12526]: chan_sip.c:25613 handle_request_subscribe: Received SIP subscribe for peer without mailbox: pikolino
== Using SIP VIDEO CoS mark 6
== Using SIP RTP CoS mark 5
– Executing [7003@internal:1] Set(“SIP/7002-00000004”, “_SIP_SRTP_SDES=1”) in new stack
– Executing [7003@internal:2] Set(“SIP/7002-00000004”, “_SIPSRTP=1”) in new stack
– Executing [7003@internal:3] Set(“SIP/7002-00000004”, “_SIPSRTP_CRYPTO=enable”) in new stack
– Executing [7003@internal:4] Dial(“SIP/7002-00000004”, “SIP/pikolino,60”) in new stack
== Using SIP VIDEO CoS mark 6
== Using SIP RTP CoS mark 5
– Called SIP/pikolino
– SIP/pikolino-00000005 is ringing[/quote]

Then I went back to the mentioned “Secure Calling Tutorial” still thinking about what the client-side certificate, pem, crt, ca.crt all have to do with each other and with SRTP.
Then re-read this:

[quote]Problems with server verification

If the host or IP you used for the common name on your cert doesn’t match up with your server then you may run into problems when your client is calling Asterisk. Make sure the client is configured to not verify the server against the cert.

When calling from Asterisk to Blink or another client, you might run into an ERROR on the Asterisk CLI similar to this:

[Jan 29 16:04:11] DEBUG[11217]: tcptls.c:248 handle_tcptls_connection: SSL Common Name compare s1=‘10.24.18.124’ s2=‘phone1.mycompany.com
[Jan 29 16:04:11] ERROR[11217]: tcptls.c:256 handle_tcptls_connection: Certificate common name did not match (10.24.18.124)

This is the opposite scenario, where Asterisk is acting as the client and by default attempting to verify the destination server against the cert.

You can set tlsdontverifyserver=yes in sip.conf to prevent Asterisk from attempting to verify the server.

;tlsdontverifyserver=[yes|no]
; If set to yes, don’t verify the servers certificate when acting as
; a client. If you don’t have the server’s CA certificate you can
; set this and it will connect without requiring tlscafile to be set.
; Default is no.

[/quote]

I don’t quite get it, but is the Asterisk acting as client only when it connects to some other sip registrar? Or is it acting as client all the time when calling the “other side” of the two participants? If the later is true, then I would kind of understand, why the clients also have their keys, certificates and the ca.crt as well. Asterisk does connect to them and verifies a matching certificate. But how can a client certificate be issued, when the clients IP is changing most of the time (3G network, other NATs, etc…) or if the clients have no hostname assigned in the form of phone1.linphone.org like it’s mentioned in the tutorial?

Nevertheless I tried with the option tlsdontverifyserver=yes and no both and to no avail, SRTP did not appear on the callee side.

And I am still confused why clients like Blink and CSipSimple do have a option to provide TLS certificates, keys, ca.crt and the Linphone client does not. Even worse, you have to manually twist a rootca.pem (Android/Windows) or copy to /etc/ssl/certs/ to at least get the TLS connection up and running.

Last thing I am curious about is why does the TLS connection work if I put only the ca.crt into /etc/ssl/certs? If instead I put the user1.pem there, there’s no go, SSL handshake fails. Is the ca.crt the server certificate? or is it the certificate authority? what is it used for in this TLS <> SRTP <> Asterisk scenario?

Ok, down on the Tutorial page I noticed a comment from Malcolm

Link is full of patches. How to apply them correctly?
I now tried to

in the asterisk source dir but ended up with

[quote]patching file channels/chan_sip.c
Hunk #1 succeeded at 1559 with fuzz 1 (offset 18 lines).
Hunk #2 FAILED at 5203.
Hunk #3 succeeded at 11642 (offset 1064 lines).
Hunk #4 succeeded at 28506 (offset 2110 lines).
Hunk #5 succeeded at 30571 (offset 2337 lines).
Hunk #6 FAILED at 28258.
Hunk #7 succeeded at 30615 (offset 2343 lines).
Hunk #8 succeeded at 30624 (offset 2337 lines).
2 out of 8 hunks FAILED – saving rejects to file channels/chan_sip.c.rej
patching file channels/sip/include/sip.h
Hunk #1 FAILED at 335.
1 out of 1 hunk FAILED – saving rejects to file channels/sip/include/sip.h.rej
patching file channels/sip/include/sdp_crypto.h
patching file channels/sip/include/srtp.h
patching file channels/sip/sdp_crypto.c
Hunk #1 succeeded at 54 with fuzz 1 (offset 7 lines).
Hunk #2 FAILED at 302.
1 out of 2 hunks FAILED – saving rejects to file channels/sip/sdp_crypto.c.rej
patching file include/asterisk/res_srtp.h
Hunk #1 succeeded at 54 (offset 10 lines).
[/quote]
and running

returns

[quote]CC=“cc” CXX="" LD="" AR="" RANLIB="" CFLAGS="" make -C menuselect CONFIGURE_SILENT="–silent" makeopts
make[1]: Entering directory /home/iqon/asterisk_src/asterisk-1.8.32.2/menuselect' make[1]:makeopts’ is up to date.
make[1]: Leaving directory `/home/iqon/asterisk_src/asterisk-1.8.32.2/menuselect’
Generating input for menuselect …
menuselect/menuselect --check-deps menuselect.makeopts
menuselect/menuselect --check-deps menuselect.makeopts
Generating embedded module rules …
[CC] chan_multicast_rtp.c -> chan_multicast_rtp.o
[LD] chan_multicast_rtp.o -> chan_multicast_rtp.so
[CC] chan_sip.c -> chan_sip.o
chan_sip.c: In function ‘sip_call’:
chan_sip.c:5828:3: error: too few arguments to function ‘setup_srtp’
chan_sip.c:1562:12: note: declared here
chan_sip.c:5833:3: error: too few arguments to function ‘setup_srtp’
chan_sip.c:1562:12: note: declared here
chan_sip.c:5838:3: error: too few arguments to function ‘setup_srtp’
chan_sip.c:1562:12: note: declared here
chan_sip.c: In function ‘build_peer’:
chan_sip.c:28510:5: error: ‘SIP_PAGE2_USE_SRTP_AES_80’ undeclared (first use in this function)
chan_sip.c:28510:5: note: each undeclared identifier is reported only once for each function it appears in
chan_sip.c:28511:5: error: ‘SIP_PAGE2_USE_SRTP_AES_32’ undeclared (first use in this function)
chan_sip.c:28512:5: error: ‘SIP_PAGE2_USE_SRTP_F8_80’ undeclared (first use in this function)
chan_sip.c:28513:5: error: ‘SIP_PAGE2_USE_SRTP_NULL’ undeclared (first use in this function)
chan_sip.c: In function ‘process_crypto’:
chan_sip.c:30627:2: error: ‘suite’ undeclared (first use in this function)
make[1]: *** [chan_sip.o] Error 1
make: *** [channels] Error 2[/quote]

Ok, now I got “Secured with SRTP” on both ends…

the trick was to move the

[quote]translport=tls
encryption=yes[/quote]

in sip.conf from the global scope “internal” down to every each client.
When I check the SRTP mandatory on clients (tried all), get ringing and I can answer the call. There is sound and it basically works.

I am not sure if I need the lines

[quote]exten => 9999,1,Set(_SIP_SRTP_SDES=1)
exten => 9999,2,Set(_SIPSRTP=1)
exten => 9999,3,Set(_SIPSRTP_CRYPTO=enable)[/quote]
because it works with and without them too.

But I have a bunch of messages

[quote] == Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Mar 28 16:29:15] WARNING[2039]: tcptls.c:669 handle_tcptls_connection: FILE * open failed!/quote]
when initiating a call.
[/quote]
I found a possible cause here mail-archive.com/asterisk-u … 74038.html

[quote]On 24-03-14 21:28, Patrick Laimbock wrote:
[snip]

   == Problem setting up ssl connection: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[Mar 24 21:20:56] WARNING[28467]: tcptls.c:272 handle_tcptls_connection:

So others may find the fix: make sure the server and client certificates have the proper keyUsage. The ast_gen_tls script does not set them and this caused the handshake/verification to fail.

The client certificate needs something like:
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth

The server certificate needs something like:
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth

HTH,
Patrick[/quote]

but I am still lost in how to implement what Patrick says…
I tried generating keys manually with openssl according to this thread voip-info.org/wiki/view/SIP%20TLS and I made several keys using the script

and

with renaming to my needs

No luck with the above mentioned errors… how to get it right?

so the error messages have definitely to do with Linphone clients…

Now tested CSipSimple and Blink and no errors about tls connections.

As the SRTP has to do with exchanging keys between the two peers, does this mean that if the tls connection is failing, the keys are exchanged in plaintext over insecure UDP?
Do these error messages anyway have to do with SRTP?
What is the best way to check, that the RTP packets are encrypted? Or if the keys were exchanged in plain text? I am a little bit familiar with Wireshark…

If there is no TLS connection, chan_sip, at least, will reject the call completely.

Hi david55, thank you for your info. I was guessing the same. All clients can connect to server via TLS and are reachable, callable and they can accept incomming call, there is sound…
The error message comes after a long while after a connection is established. So at least in the beginning, TLS signaling, key exchange and the SRTP itself “should” be fine…

I continued my investigation of

[quote]== Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
[Mar 28 16:29:15] WARNING[2039]: tcptls.c:669 handle_tcptls_connection: FILE * open failed!/quote][/quote]
and it comes from Linphone client, that is refusing the self signed cert somehow even with the ca.crt placed in /etc/ssl/certs/.
I added

to the [sip] portion of ~/.linphonerc file and at least ubuntu is starting linphone and connecting via TLS correctly, without specifying any additional certificates in /etc/ssl/certs/…
Afterwards this message vanished completely. Another proof of valid TLS connection.
Unfortunately changing linphonerc for my mobile Linphone client is not as easy and demands compiling by myself…

But the error

continues. And again, only with Linphone client. If I establish a call between say CSipSimple and Blink, it does not appear and thus I assume, it has to be Client specific. Either a SRTP implementation, or the AES 32 vs 80 suite or something else…
I tried SRTP with UDP instead of TLS and it is the same, error comes after a while. Not to say that this is not secure anyhow.

To be sure it’s not asterisk 1.8.32 I just upgraded to 13.2 version and error “SRTP unprotect” continues to appear.

Does this error message have any valid meaning and does it influence the quality of SRTP protection? Can I ignore it? Is there any way to eventually “see” the difference between encrypted and unencrypted SIP signaling or RTP packets? Wireshark? That would be proof enough maybe…

So I ended up compiling android linphone client by myself with modified linphonerc, to disable verifying server self signed cert. Working fine.

I also had to switch back to asterisk 1.8.32.2 from 13.2 because there was no video for some reason. I did not investigate further…

Currently the only working setup looks like:
asterisk 1.8.32.2
linphone Linphone/3.8.0 (belle-sip/1.4.0) (Ubuntu)
linphone custom build - LinphoneAndroid/2.3.2-348-g885743b (belle-sip/1.4.0)
linphone Windows (original Linphone from their download site)

I have:
working TLS
working SRTP (at least Linphone says so)
sound (gsm codec)
video (mpeg4 codec)

If anybody can explain the message

and

I’ll be very thankfull.
This thread can be marked as SOLVED and closed :smile:

One more little update for those, who experience very bad media quality, especially video…

I struggled with the last problem mentioned in my first post: Asterisk server proxying all the RTP packets and thus limiting and consuming the bandwidth.

Solution:
sip.conf -> add

and observe the server activity CLI

If you still see huge amount of data flowing through there, it is because SRTP and Direct RTP obviously coincide. After disabling SRTP I saw in the asterisk CLI

and no more RTP packets proxied :smile:
Then I removed the lines

from sip.conf from all users and happily switched to ZRTP, which is supported by Linphone clients.
Another neat and necessary feature for getting direct RTP packets done is to have something like ICE on the NATted client running.
Media quality improved alot!!!

Current updated setup:
server: Asterisk 11 (with SIP SMS support :smile: )
clients: Linphone (Ubuntu/Windows/Android)
audio codec: gsm
video codec: h264
encryption: ZRTP
signaling: TLS

So only XMPP with Jingle can beat it. Unfortunately there are still not so many clients for multiple platforms. Jitsi is probably the only way there…