Hello Everyone,

I have below architecture.

linphone1—>asterisk1-------->asterisk2------>linphone2.

I registered two extensions in different asterisk servers and trying to call from linphone1 to linphone2. Created a Pjsip trunk in asterisk1 which will register with asterisk2. Im able to place the call using TLS. However, the crypto key exchange is not happening between the asterisk systems. Linpnone1 is sending the keys but asterisk1 discarding the keys and sending the invite to asterisk2. I have enabled 256 flag on both asterisks. Can someone help me how I can acheive 256 encryption between two servers.
I also tried adding media_encryption parameter in trunk config but at that time I got negotiation error. Not sure how to acheive this. Does asterisk to asterisk support 256 encryption?

You would need to provide the actual configuration. Additionally, Asterisk is a B2BUA and not a proxy, each call leg is completely separate which includes encryption.

@jcolp,
Here is the configuration.

Asterisk1 pjsip.conf

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5162
external_media_address=XX XX XX XX
external_signaling_address=XX XX XX XX
ca_list_file=/etc/asterisk/keys_velapro/ca.crt
cert_file=/etc/asterisk/keys_velapro/velaprosip-fullchain.crt
priv_key_file=/etc/asterisk/keys_velapro/velaprosip.key
method=tlsv1_2

TRUNK

[12345]
type=registration
outbound_auth=12345
server_uri=sip:ASTERISK2:5162
client_uri=sip:12345@ASTERISK2
transport=transport-tls
retry_interval=60

[12345]
type=auth
auth_type=userpass
password=12345
username=12345

[12345]
type=endpoint
context=from-serverB
transport=transport-tls
disallow=all
allow=gsm,alaw,ulaw,g723
;media_encryption=sdes
outbound_auth=12345
aors=12345

[12345]
type=aor
max_contacts=1
contact=sip:12345@ASTERISK2:5162
remove_existing=no

extension configuration

[6005]
type=endpoint
;transport=transport-udp
context=to-serverB
;context=from-internal
;disallow=all
allow=ulaw
allow=alaw
allow=opus
allow=gsm
auth=6005
aors=6005
transport=transport-tls
media_encryption=sdes

[6005]
type=auth
auth_type=userpass
password=6005
username=6005

[6005]
type=aor
max_contacts=1
remove_existing=yes

extensions.conf

[to-serverB]
; route extensions starting with 6XXX to Server B
exten => _5XXX,1,set(CALLERID(num)=12345)
same => n,Dial(PJSIP/${EXTEN}@12345)
same => n,Hangup()

Asterisk2 pjsip.conf

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5162
external_media_address=YY YY YY YY
external_signaling_address=YY YY YY YY
ca_list_file=/etc/asterisk/keys_velapro/ca.crt
cert_file=/etc/asterisk/keys_velapro/velaprosip-fullchain.crt
priv_key_file=/etc/asterisk/keys_velapro/velaprosip.key
method=tlsv1_2
local_net=192.168.168.0/24

template
[endpoint-basic]
type=endpoint
context=from-internal
disallow=all
allow=alaw,ulaw,gsm,opus
device_state_busy_at=1
direct_media=no
dtmf_mode=rfc4733
;media_encryption=sdes

[auth-userpass]
type=auth
auth_type=userpass

[aor-single-reg]
type=aor
max_contacts=1
remove_existing=yes

;EXTENSION 12345
[12345]
transport=transport-tls
;media_encryption=sdes
auth=auth12345
aors=12345

auth12345
password=12345
username=12345

12345

extension to receive call

[5005]
type=endpoint
context=from-internal
;disallow=all
allow=ulaw
allow=alaw
allow=opus
allow=gsm
auth=5005
aors=5005
transport=transport-tls
media_encryption=sdes

[5005]
type=auth
auth_type=userpass
password=5005
username=5005

[5005]
type=aor
max_contacts=1
remove_existing=yes

extension.conf
[from-internal]
exten => 5001,1,Dial(PJSIP/5001)
exten => 5005,1,Dial(PJSIP/5005)

Im calling from 6005 to 5005. the traffic between softphone and asterisk is encrypting with 256 aes at both ends as we can see the key exchange but between asterisk to asterisk there is no key exchange its a plain invite

It started working now. Just the configuration issue. I have added media_encryption=sdes on both sides then it started working.

Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.