Error "No DTLS-SRTP support" on WebRTC call

Hello all,

I have downloaded Asterisk 11.11.0 and built from source by following
wiki.asterisk.org/wiki/display/ … rom+Source
and other resources on the web.

I am using
CentOS release 5.10 (Final). 2.6.18-371.8.1.el5
(Elastix 2.4 distro)

When I run ‘module show’ I can see

chan_multicast_rtp.so          Multicast RTP Paging Channel             0
res_rtp_asterisk.so            Asterisk RTP Stack                       0
res_rtp_multicast.so           Multicast RTP Engine                     0
res_srtp.so                    Secure RTP (SRTP)                        0
.... and other modules

The defined extension is

[4060] ; WebRTC client
type=friend
username=4060
host=dynamic
secret=secret
encryption=yes
avpf=yes
icesupport=yes
context=default
directmedia=no
transport=tls,ws,wss
disallow=all
allow=ulaw
dtlsenable=yes
dtlsverify=no ; testing
dtlsrekey=60
dtlscertfile=/etc/asterisk/keys/asterisk.pem
dtlsprivatekey=/etc/asterisk/keys/asterisk.pem
dtlscipher=ALL
dtlscapath=/etc/asterisk/keys/
dtlssetup = actpass

and the sip debug while call is in progress

localhost*CLI>

<--- SIP read from WS:192.168.0.133:63716 --->
INVITE sip:4061@192.168.6.165 SIP/2.0
Via: SIP/2.0/WSS 192.0.2.99;branch=z9hG4bK9224066
Max-Forwards: 70
To: <sip:4061@192.168.6.165>
From: <sip:4060@192.168.6.165>;tag=e2cjnj1j9b
Call-ID: ocpavo6pba2m0qbuf8b7
CSeq: 3821 INVITE
Contact: <sip:qtulobtj@192.0.2.99;transport=ws;ob>
Allow: ACK,CANCEL,BYE,OPTIONS,INFO,NOTIFY
Content-Type: application/sdp
Contact: <sip:qtulobtj@192.0.2.99;transport=ws;ob>
Allow: ACK,CANCEL,BYE,OPTIONS,INFO,NOTIFY
Content-Type: application/sdp
Supported: outbound
User-Agent: SIP.js/0.6.0
Content-Length: 1817

v=0
o=- 3291823943841511143 2 IN IP4 127.0.0.1
s=-
t=0 0
a=group:BUNDLE audio
a=msid-semantic: WMS iTYZXUtx8so8QMI2CSItub3PQvyLVhZMDOLr
m=audio 53671 RTP/SAVPF 111 103 104 0 8 106 105 13 126
c=IN IP4 192.168.0.133
a=rtcp:53671 IN IP4 192.168.0.133
a=candidate:3753400783 1 udp 2122260223 192.168.0.133 53671 typ host generation 0
a=candidate:3753400783 2 udp 2122260223 192.168.0.133 53671 typ host generation 0
a=candidate:3269629330 1 udp 2122194687 192.168.40.1 53672 typ host generation 0
a=candidate:3269629330 2 udp 2122194687 192.168.40.1 53672 typ host generation 0
a=candidate:2436605247 1 tcp 1518280447 192.168.0.133 0 typ host generation 0
a=candidate:2436605247 2 tcp 1518280447 192.168.0.133 0 typ host generation 0
a=candidate:2355194210 1 tcp 1518214911 192.168.40.1 0 typ host generation 0
a=candidate:2355194210 2 tcp 1518214911 192.168.40.1 0 typ host generation 0
a=ice-ufrag:4u4U3q9rdinPcbkd
a=ice-pwd:2iE3FHm5ixec00Um4iZyYZzX
a=ice-options:google-ice
a=fingerprint:sha-256 DF:BC:37:0B:4B:5D:62:A4:16:01:2B:1E:1F:7D:0B:EC:C5:11:2F:1A:62:2A:D8:8A:C0:08:88:A8:DC:09:E1:AE
a=setup:actpass
a=mid:audio
a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
a=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
a=sendrecv
a=rtcp-mux
a=rtpmap:111 opus/48000/2
a=fmtp:111 minptime=10
a=rtpmap:103 ISAC/16000
a=rtpmap:104 ISAC/32000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:106 CN/32000
a=rtpmap:105 CN/16000
a=rtpmap:13 CN/8000
a=rtpmap:126 telephone-event/8000
a=maxptime:60
a=ssrc:683280670 cname:aewJ8aQ0LiDQTt41
a=ssrc:683280670 msid:iTYZXUtx8so8QMI2CSItub3PQvyLVhZMDOLr b96d57b4-8b6f-49e9-9680-40869a31e56d
a=ssrc:683280670 mslabel:iTYZXUtx8so8QMI2CSItub3PQvyLVhZMDOLr
a=ssrc:683280670 label:b96d57b4-8b6f-49e9-9680-40869a31e56d
<------------->
--- (16 headers 42 lines) ---
Using INVITE request as basis request - ocpavo6pba2m0qbuf8b7
Found peer '4060' for '4060' from 192.168.0.133:63716

<--- Reliably Transmitting (no NAT) to 192.168.0.133:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/WSS 192.0.2.99;branch=z9hG4bK9224066;received=192.168.0.133
From: <sip:4060@192.168.6.165>;tag=e2cjnj1j9b
To: <sip:4061@192.168.6.165>;tag=as267d44f1
Call-ID: ocpavo6pba2m0qbuf8b7
CSeq: 3821 INVITE
Server: FPBX-2.8.1(11.7.0)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="194fb593"
Content-Length: 0


<------------>
Scheduling destruction of SIP dialog 'ocpavo6pba2m0qbuf8b7' in 32000 ms (Method: INVITE)

<--- SIP read from WS:192.168.0.133:63716 --->
ACK sip:4061@192.168.6.165 SIP/2.0
Via: SIP/2.0/WSS 192.0.2.99;branch=z9hG4bK9224066
To: <sip:4061@192.168.6.165>;tag=as267d44f1
From: <sip:4060@192.168.6.165>;tag=e2cjnj1j9b
Call-ID: ocpavo6pba2m0qbuf8b7
CSeq: 3821 ACK

<------------->
--- (6 headers 0 lines) ---

<--- SIP read from WS:192.168.0.133:63716 --->
INVITE sip:4061@192.168.6.165 SIP/2.0
Via: SIP/2.0/WSS 192.0.2.99;branch=z9hG4bK1819769
Max-Forwards: 70
To: <sip:4061@192.168.6.165>
From: <sip:4060@192.168.6.165>;tag=e2cjnj1j9b
Call-ID: ocpavo6pba2m0qbuf8b7
CSeq: 3822 INVITE
Authorization: Digest algorithm=MD5, username="4060", realm="asterisk", nonce="194fb593", uri="sip:4061@192.168.6.165", response="5422b26eb39925abcb4626b8559867fe"
Contact: <sip:qtulobtj@192.0.2.99;transport=ws;ob>
Allow: ACK,CANCEL,BYE,OPTIONS,INFO,NOTIFY
Content-Type: application/sdp
Contact: <sip:qtulobtj@192.0.2.99;transport=ws;ob>
Allow: ACK,CANCEL,BYE,OPTIONS,INFO,NOTIFY
Content-Type: application/sdp
Supported: outbound
User-Agent: SIP.js/0.6.0
Content-Length: 1817

v=0
o=- 3291823943841511143 2 IN IP4 127.0.0.1
s=-
t=0 0
a=group:BUNDLE audio
a=msid-semantic: WMS iTYZXUtx8so8QMI2CSItub3PQvyLVhZMDOLr
m=audio 53671 RTP/SAVPF 111 103 104 0 8 106 105 13 126
c=IN IP4 192.168.0.133
a=rtcp:53671 IN IP4 192.168.0.133
a=candidate:3753400783 1 udp 2122260223 192.168.0.133 53671 typ host generation 0
a=candidate:3753400783 2 udp 2122260223 192.168.0.133 53671 typ host generation 0
a=candidate:3269629330 1 udp 2122194687 192.168.40.1 53672 typ host generation 0
a=candidate:3269629330 2 udp 2122194687 192.168.40.1 53672 typ host generation 0
a=candidate:2436605247 1 tcp 1518280447 192.168.0.133 0 typ host generation 0
a=candidate:2436605247 2 tcp 1518280447 192.168.0.133 0 typ host generation 0
a=candidate:2355194210 1 tcp 1518214911 192.168.40.1 0 typ host generation 0
a=candidate:2355194210 2 tcp 1518214911 192.168.40.1 0 typ host generation 0
a=ice-ufrag:4u4U3q9rdinPcbkd
a=ice-pwd:2iE3FHm5ixec00Um4iZyYZzX
a=ice-options:google-ice
a=fingerprint:sha-256 DF:BC:37:0B:4B:5D:62:A4:16:01:2B:1E:1F:7D:0B:EC:C5:11:2F:1A:62:2A:D8:8A:C0:08:88:A8:DC:09:E1:AE
a=setup:actpass
a=mid:audio
a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
a=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
a=sendrecv
a=rtcp-mux
a=rtpmap:111 opus/48000/2
a=fmtp:111 minptime=10
a=rtpmap:103 ISAC/16000
a=rtpmap:104 ISAC/32000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:106 CN/32000
a=rtpmap:105 CN/16000
a=rtpmap:13 CN/8000
a=rtpmap:126 telephone-event/8000
a=maxptime:60
a=ssrc:683280670 cname:aewJ8aQ0LiDQTt41
a=ssrc:683280670 msid:iTYZXUtx8so8QMI2CSItub3PQvyLVhZMDOLr b96d57b4-8b6f-49e9-9680-40869a31e56d
a=ssrc:683280670 mslabel:iTYZXUtx8so8QMI2CSItub3PQvyLVhZMDOLr
a=ssrc:683280670 label:b96d57b4-8b6f-49e9-9680-40869a31e56d
<------------->
--- (17 headers 42 lines) ---
Using INVITE request as basis request - ocpavo6pba2m0qbuf8b7
Found peer '4060' for '4060' from 192.168.0.133:63716
[Jul 11 10:04:00] ERROR[11710][C-00000003]: chan_sip.c:5852 dialog_initialize_dtls_srtp: No DTLS-SRTP support present on engine for RTP instance '0x9ca7c84', was it compiled with support for it?
[Jul 11 10:04:00] NOTICE[11710][C-00000003]: chan_sip.c:25679 handle_request_invite: Failed to authenticate device <sip:4060@192.168.6.165>;tag=e2cjnj1j9b

<--- Reliably Transmitting (no NAT) to 192.168.0.133:5060 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/WSS 192.0.2.99;branch=z9hG4bK1819769;received=192.168.0.133
From: <sip:4060@192.168.6.165>;tag=e2cjnj1j9b
To: <sip:4061@192.168.6.165>;tag=as267d44f1
Call-ID: ocpavo6pba2m0qbuf8b7
CSeq: 3822 INVITE
Server: FPBX-2.8.1(11.7.0)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


<------------>
Scheduling destruction of SIP dialog 'ocpavo6pba2m0qbuf8b7' in 32000 ms (Method: INVITE)

<--- SIP read from WS:192.168.0.133:63716 --->
ACK sip:4061@192.168.6.165 SIP/2.0
Via: SIP/2.0/WSS 192.0.2.99;branch=z9hG4bK1819769
To: <sip:4061@192.168.6.165>;tag=as267d44f1
From: <sip:4060@192.168.6.165>;tag=e2cjnj1j9b
Call-ID: ocpavo6pba2m0qbuf8b7
CSeq: 3822 ACK

<------------->
--- (6 headers 0 lines) ---
Really destroying SIP dialog 'u6304qqpc69uh3q2hrmcvi' Method: REGISTER
localhost*CLI>

The error:
ERROR[11710][C-00000003]: chan_sip.c:5852 dialog_initialize_dtls_srtp: No DTLS-SRTP support present on engine for RTP instance ‘0x9ca7c84’, was it compiled with support for it?

Why this error occurs even RTP related modules are already loaded?

Probaby because it was built without the developer libraries for encryption being present.

Hi david55.

I have built the libsrtp from the source
github.com/cisco/libsrtp/

and also configured the Asterisk as
./configure --with-crypto --with-ssl --with-srtp

Any further suggestions?

By the way I have successfully built and tested Asterisk 11.11.0 on Ubuntu 14.04.
WebRTC calling works on both Chrome 35 and Firefox 30, for inbound calls only though.
But that is not problem for me since I am interested on inbound calls only.
This was my test machine, but on production I use Elastix 2.4 distro (which is on top of Centos 5.10).
Followed the similar steps like on test machine but unfortunately there is error on the topic of
this thread…

The last time I was used Elastix for WebRTC without media gateways I have recompiled all from sources. Make sure you are compiling the complete list of modules in the original modules folder or Elastix will not work(backup the folder).

When you compile again asterisk remove all old modules and use the new ones, see if my patch still works for enable the webrtc values in the Elastix GUI(raspimods.blogspot.com/2013/12/m … o-con.html) and try again.