Configuration of SRTP in Asterisk 1.8.1

Asterisk Asterisk Support
1

Hi,
I am working with jitsi and asterisk 1.8.1. I successfully configured TLS between them. Its working fine.
Now i am configuring SRTP between them.

following are config files.

sip.conf

[general]
context=incoming
allowguest=no
alwaysauthreject=yes
allow=ulaw
allow=alaw
allow=gsm


tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/newbie.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1

[user1]
type=peer
defaultuser=user1
secret=1000
dtmfmode=rfc2833
callerid="User one"
host=dynamic        ; The device must always register
canreinvite=no
nat=yes
encryption=yes
transport=tls

; Deny registration from anywhere first
deny=0.0.0.0/0.0.0.0
; Replace the IP address and mask below with the actual IP address and mask
; of the computer running the softphone, or the address of the hardware phone,
; either a host address and full mask, or a network address and correct mask,
; registering will be allowed from that host/network.
permit=192.168.51.0/255.255.255.0
context=myphones

[user2]
type=peer
defaultuser=user2
secret=1001
dtmfmode=rfc2833
callerid="User two"
host=dynamic        ; The device must always register
canreinvite=no
nat=yes
encryption=yes
transport=tls

; Deny registration from anywhere first
deny=0.0.0.0/0.0.0.0
; Replace the IP address and mask below with the actual IP address and mask
; of the computer running the softphone, or the address of the hardware phone,
; either a host address and full mask, or a network address and correct mask,
; registering will be allowed from that host/network.
permit=192.168.51.0/255.255.255.0
context=myphones

extension.conf

[code][general]
static=yes
writeprotect=no
clearglobalvars=no

[incoming]
exten => s,1,Hangup()

[myphones]
exten => user1,1,Set(CHANNEL(secure_bridge_signaling)=1)
exten => user1,n,Set(CHANNEL(secure_bridge_media)=1)
exten => user1,n,Dial(SIP/user1)
exten => user1,n,Hangup()

exten => user2,1,Set(CHANNEL(secure_bridge_signaling)=1)
exten => user2,n,Set(CHANNEL(secure_bridge_media)=1)
exten => user2,n,Dial(SIP/user2)
exten => user2,n,Hangup()

exten => 201,1,Answer()
exten => 201,n,Playback(tt-monty-knights)
exten => 201,n,Hangup()
exten => 202,1,Answer()
exten => 202,n,Playback(welcome)
exten => 202,n,Playback(demo-echotest)
exten => 202,n,Echo()
exten => 202,n,Playback(demo-echodone)
exten => 202,n,Playback(vm-goodbye)
exten => 202,n,Hangup()

[/code]

i upload srtp module also. it got loaded. But when user1 call to user2 my asterisk server getting segmentation fault and shut down.

Is here any help that how to configure srtp. whether i did it correct or any problem is there…

THanks in advance.,

2

Hi, I tried it the implementation of TLS in asterisk 1.8.4.3 on ubuntu 10.04. I follow the tutorial: wiki.asterisk.org/wiki/display/ … g+Tutorial. and I use blink as a softphone in ny client in windows. for regular communication process (without TLS) smoothly, but when it just follow the tutorial, it is always error on his softphone: transport error.

my configuration like this:

certificate for the server : . /ast_tls_cert -C 10.4.71.27 -O “My Super Company” -d /etc/asterisk/keys

certificate for Client 1 : . /ast_tls_cert -m client -c /etc/asterisk/keys/ca.crt -k /etc/asterisk/keys/ca.key -C 10.4.71.24 -O “My Super Company” -d /etc/asterisk/keys -o 1001

certificate for Client 2 : . /ast_tls_cert -m client -c /etc/asterisk/keys/ca.crt -k /etc/asterisk/keys/ca.key -C 10.4.71.23 -O “My Super Company” -d /etc/asterisk/keys -o 1002

sip.conf:

[general]
context = default
udpbindaddr = 0.0.0.0
tcpenable = no
tcpbindaddr = 0.0.0.0
allowguest = no
allow = ulaw
allow = alaw
allow = gsm
allow = g722

tlsenable = yes
tlsbindaddr = 0.0.0.0
tlscertfile = / etc / asterisk / keys / asterisk.pem
tlscafile = / etc / asterisk / keys / ca.crt
tlscipher = ALL
tlsclientmethod = TLSv1

[1001]
context = default
type = friend
username = 1001
secret = 1000
dtmfmode = rfc2833
callerid = 1001
host = dynamic
transport = tls

[1002]
context = default
type = friend
username = 1002
secret = 1002
dtmfmode = rfc2833
host = dynamic
transport = tls

extensions.conf:

[general]
static = yes
WriteProtect = no

[default]
exten => 1001.1, Dial (SIP/1001, 30, tr)
exten => 1001.2, Hangup
exten => 1002.1, Dial (SIP/1002, 30, tr)
exten => 1002.2, Hangup

do you know where’s my mistake?
thanks.