DTLS bad signature on rtp instance

Scenario: There is webrtc endpoint and sip trunk based on tls transport and dtls media. When incoming call /invite received from sip trunk and asterisk answers and forward call to webrtc endpoint using dial, throws error : “res_rtp_asterisk.c:3348 __rtp_recvfrom: DTLS failure occurred on RTP instance ‘0x7efc9c042eb0’ due to reason ‘bad signature’, terminating”.

Some calls patches successfully, audio works perfectly. I have tried all the configuration in the endpoint using dtls auto generate certificate yes or no both. Mentioned static certficate and all.
This is my last config:

[*************] ; webrtc endpoint
type=endpoint
transport=transport-wss
context=w-c2c-outgoing
disallow=all
allow=alaw
allow=ulaw
aors=*************
force_rport=yes
rtp_symmetric=yes
rewrite_contact=yes
direct_media=no
media_encryption=dtls
media_encryption_optimistic=false
send_pai=yes
send_rpid=yes
dtls_auto_generate_cert=no
dtls_cert_file=/opt/mis/cert/asterisk.pem
dtls_private_key=/opt/mis/cert/asterisk.pem
dtls_verify=fingerprint
dtls_setup=active
dtls_rekey=0
trust_id_inbound=true
trust_id_outbound=true
rtp_timeout=60
rtp_keepalive=30
rtp_timeout_hold=120
rtcp_mux=true
rtcp_mux=true
webrtc=true

[*************] ; sip trunk
type=endpoint
transport=transport-tls
context=mis-incoming
disallow=all
allow=alaw
allow=ulaw
aors=*************
force_rport=yes
rtp_symmetric=yes
rewrite_contact=yes
direct_media=no
media_encryption=dtls
media_encryption_optimistic=false
from_domain=*************
from_user=*************
send_pai=yes
send_rpid=yes
dtls_auto_generate_cert=no
dtls_cert_file=/opt/mis/cert/asterisk.pem
dtls_private_key=/opt/mis/cert/asterisk.pem
dtls_verify=fingerprint
dtls_setup=passive
dtls_rekey=0
trust_id_inbound=true
trust_id_outbound=true
rtp_timeout=60
rtp_keepalive=30
rtp_timeout_hold=120
rtcp_mux=true
timers=no

There is no problem in openssl version or config. Still coudn’t solved it. Help.

First you have both endpoints configured with DTLS. Is this actually correct? Does the trunk support it? Which endpoint is actually exhibiting the issue?

Yes right, both endpoints configured with dtls. Yes trunk support it. Actually couldn’t say which endpoint is exhibiting the issue because, when we make call with trunk to trunk, webrtc to webrtc there is no issue. If we do webrtc to trunk still no issue.
We have different setup, never find this issue in webrtc, but first time there is a setup with trunk supporting dtls.
Issue exhibit when invite send to webrtc and is sends ringing packet, then dtls bad signature occured.

I would suggest a packet capture after which you can examine the DTLS negotiation and see which is failing.

Yes maybe issue is at trunk after examining the packets on trunk interface. After server key exchange packet recieved, throwing Alert( Level: Fatal, Description: Decrypt Error).
I did capture both endpoint packets but always error send from asterisk ip to trunk ip.

Still not found any solution to solve this. Tried many configuration changes. Can’t able to know why its happening