Hello all,
I’m wondering if anyone has gotten SRTP to work with Asterisk 11? I was able to set up TLS and make calls to another extension but SRTP is not working. IP phones have TLS and SRTP enabled. Please config and logs below. Thanks.
SIP.CONF
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
[office](!)
type=peer
secret=s3cr3t
host=dynamic
context=local
dtmfmode=rfc2833
disallow=all
allow=ulaw
transport=tls
encryption=yes
ignorecryptolifetime=yes
srtpcapable=yes
context=local
[loza](office)
[tessa](office)
[linda](office)
Extensions.conf
exten => 102,1,Dial(SIP/loza)
exten => 102,1,Dial(SIP/linda)
Asterisk logs
[Jan 16 17:33:02] NOTICE[52917][C-00000007]: sip/sdp_crypto.c:250 sdp_crypto_process: Crypto life time unsupported: crypto:1 AES_CM_128_HMAC_SHA1_80 inline:sAMD9QjblD1UJkT52HS5ot53JiluOJh8rWrfJ9Dc|2^31
[Jan 16 17:33:02] NOTICE[52917][C-00000007]: sip/sdp_crypto.c:260 sdp_crypto_process: SRTP crypto offer not acceptable
[Jan 16 17:33:02] NOTICE[52917][C-00000007]: sip/sdp_crypto.c:250 sdp_crypto_process: Crypto life time unsupported: crypto:2 AES_CM_128_HMAC_SHA1_32 inline:Fxe7B9J7Osfjw9onysplVbcQ+bQ9IMQRlBFe7Yon|2^31
[Jan 16 17:33:02] NOTICE[52917][C-00000007]: sip/sdp_crypto.c:260 sdp_crypto_process: SRTP crypto offer not acceptable
[Jan 16 17:33:02] WARNING[52917][C-00000007]: chan_sip.c:10372 process_sdp: Can't provide secure audio requested in SDP of fer