Enabling srtp

hi all,
i’m new to asterisk server. i tried to enable srtp on astersisk and end up with following errors while reloading sip.

[Aug 12 00:06:16] ERROR[3666]: netsock2.c:269 ast_sockaddr_resolve: getaddrinfo(“voip.lk”, “(null)”, …): Name or service not known
[Aug 12 00:06:16] WARNING[3666]: acl.c:833 resolve_first: Unable to lookup ‘voip.lk’
[Aug 12 00:06:36] ERROR[3666]: netsock2.c:269 ast_sockaddr_resolve: getaddrinfo(“A.ROOT-SERVERS.NET”, “(null)”, …): Name or service not known
[Aug 12 00:06:36] WARNING[3666]: acl.c:833 resolve_first: Unable to lookup ‘A.ROOT-SERVERS.NET’
== Using SIP CoS mark 4
== Parsing ‘/etc/asterisk/sip_notify.conf’: Found
Reloading SIP

my sample sip.conf is showed below:

[demo1]
type=friend
host=dynamic
secret=123
context=users
deny=0.0.0.0/0
permit=192.168.0.0/255.255.0.0
encryption=yes

[demo2]
type=friend
host=dynamic
secret=123
context=users
deny=0.0.0.0/0
permit=192.168.0.0/255.255.0.0
encryption=yes

any ideas what might be the cause??

please help…
thanks…

Add your hostname to your /etc/hosts in order to resolve the VoIP.lk

thnax…it solved the problem.
but when i tried to make a call it fails and give this error…

== Using SIP RTP CoS mark 5
[Aug 12 03:01:10] ERROR[17503][C-00000006]: chan_sip.c:33043 setup_srtp: No SRTP module loaded, can’t setup SRTP session.
[Aug 12 03:01:10] ERROR[17503][C-00000006]: chan_sip.c:33043 setup_srtp: No SRTP module loaded, can’t setup SRTP session.
[Aug 12 03:01:10] WARNING[17503][C-00000006]: chan_sip.c:10454 process_sdp: Rejecting secure audio stream without encryption details: audio 50000 RTP/SAVP 108 99 98 9 0 8 96

output for SRTP check

[root@voip Desktop]# ldd /usr/sbin/asterisk | egrep 'ssl|srtp’
libasteriskssl.so.1 => /usr/lib/libasteriskssl.so.1 (0x0000003fc1a00000)
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00000030af800000)

[root@voip Desktop]# ls -l /usr/lib64/asterisk/modules/res_srtp.so
-rwxr-xr-x 1 root root 284069 Aug 12 00:03 /usr/lib64/asterisk/modules/res_srtp.so

Try loading the module from the asterisk cli: module load res_srtp.so

when i try to call from 192.168.196.1 to 192.168.196.159 i get the following error.

[Aug 15 01:03:16] ERROR[26064]: tcptls.c:243 handle_tcptls_connection: Certificate common name did not match (192.168.196.159)

i have created two pem files for both softphones.
6001.pem
6002.pem

this is my sip.conf

[general]
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1

[6001]
type=friend
host=dynamic
secret=123456
context=users
deny=0.0.0.0/0
permit=192.168.0.0/255.255.0.0
transport=tls
encryption=yes

[6002]
type=friend
host=dynamic
secret=123456
context=users
deny=0.0.0.0/0
permit=192.168.0.0/255.255.0.0
transport=tls
encryption=yes

and my extensions.conf

[users]
exten=>6001,1,Dial(SIP/6001,20)
exten=>6002,1,Dial(SIP/6002,20)

i used this method to create CAs

./ast_tls_cert -C pbx.mycompany.com -O “My Super Company” -d /etc/asterisk/keys

./ast_tls_cert -m client -c /etc/asterisk/keys/ca.crt -k /etc/asterisk/keys/ca.key -C phone1.mycompany.com -O “My Super Company” -d /etc/asterisk/keys -o 6001

Most likely you are getting this error when you have not installed the patch which comes with your corresponding asterisk source. Download the source and patch form the same place. I was working with the latest asterisk source

wget downloads.asterisk.org/pub/telep … 1.5.tar.gz
wget downloads.asterisk.org/pub/telep … 1-patch.gz

untar and unzip your asterisk source

patch it with its corresponding version

./configure

make clean

make menuselect

make

make install

amportal restart

Had a similar issue and error which got resolved after I patched my asterisk installation.

The complaint is that the -C parameter on the client certificate generation doesn’t actually match the address being used by the client.