Asterisk with TLS doesn't work

Hi!

I’m trying establish a TLS secured SIP-connection to Asterisk. But no matter what I try, it doesn’t work.

The “network” looks like this:

  • a LAN switch which connects all of the following hardware components
  • computer with Kubuntu 7.10 on which is installed
    – Twinkle as soft-phone (normally user 10)
    – VirtualBox with a command-line Kubuntu 7.10 and Asterisk inside the virtual machine
  • an other computer with Twinkle (Kubuntu 7.10) or Phoner (WinXP), which is connected if necessary
  • snom 300 hard-phone (normally user 11)

This setup must work without internet connection when installation and configuration is done.

I found many things about Asterisk + TLS but nothing worked and/or it seems like it is outdated.
At the moment, it seems for me like that a self-compiled Asterisk 1.6.0 beta 5 is the best approach because in the changelog is said that that version can TLS. Unencrypted connections are working very well over Asterisk, even with this beta. But Phoner can’t even register with TLS at Asterisk. TLS/SRTP directly between 2 WinXP computers (without Asterisk, SIP provider, etc.) with Phoner is working fine. On the virtual machine where Asterisk is running, netstat says that port 5061 isn’t open, no matter what I’m doing.
asterisk -vvvvvr doesn’t say anything about TLS. I couldn’t find anything that seems like an error message.
In make menuconfig I made it to change “res_crypto” from [XXX] to [*] by installing more packages concerning SSL/-dev.

In sip.conf I changed:
Added:
[10]
type=friend
username=10
secret=****
host=dynamic
disallow=all
allow=gsm
allow=ulaw
transport=tls
port=5061
context=default

and the same again for user 11.

I uncommented/set:
tlsenable=yes
tlsbindaddr=0.0.0.0
tlsdontverifyserver=yes

In extensions.conf I added
exten => 10,1,Dial(SIP/${EXTEN},60)
exten => 10,2,Congestion
exten => 10,102,Busy

and the same again for user 11 (exten => 11,…).

I even tryed to generate keys with astgenkey but I don’t know if they’re necessary and where to move them. There are many comments in sip.conf concerning TLS which I don’t understand (like strange suggested paths, but I think I don’t need them because of tlsdontverifyserver).

Could somebody help me please? Thanks in advance.

You had 187 views of your post and not a single response. Remarkable…

I posted a TLS question earlier. 12 people viewed it. I would have thought that at least one of them could have given even a partial answer!!!

Seems Asterisk 1.6.0 supports tls and sip, look here: svn.digium.com/view/asterisk/tru … iew=markup .
To find this information I used Google search and it took me just some minutes, so, rayj00, before complain because nobody answer to your post next time try a search.

Cheers.

Marco Bruni