No audio when trying out TLS?

I tried posting this to the asterisk-users mailing list where I usually ask my questions but got caught by the moderator for the size of the post so I thought I’d post it here too while I wait.

I’m playing with encrypted signalling and media today for the first time.

Using Asterisk 13.8.2 and a Yealink T27P running Firmware 2.73.0.50

Settings are:

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/letsencrypt/live/pi.lzrd.net/fullchain.pem
priv_key_file=/etc/letsencrypt/live/pi.lzrd.net/privkey.pem
external_media_address=64.119.36.19
external_signaling_address=64.119.36.19
method=tlsv1

[johntest]
type=aor
max_contacts=1
remove_existing=yes
qualify_frequency=2000

[johntest]
type=auth
auth_type=userpass
username=johntest
password=

[johntest]
type=endpoint
aors=johntest
auth=johntest
context=local
disallow=all
allow=ulaw
dtmf_mode=rfc4733
media_encryption=sdes

I’m not getting any audio and wondering if it’s a firewall setting, If I switch my phone from TLS/5061 to UDP/5060 it works and has audio.

Do I need to open different RTP ports for using TLS or is there something else I’m missing?

I’ve thrown a log of my console up on pastebin because it’s too big for the forum here.

http://pastebin.com/Wkefgp17

I havent use TLS, but did you an rtp debug ( rtp set debug on ), when using TLS/5061 and UDP/5060 and compare it. Also SIP trace for both signaling methods would be good

RDP looks the same to me, I just answered on speaker so it may be hearing itself thus the RTP coming back on the UDP call?

UDP:

-- Started music on hold, class 'default', on channel 'PJSIP/johntest-00000003'

Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012356, ts 000160, len 000170)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012357, ts 000320, len 000170)
> 0x2cfb1d8 – Probation passed - setting RTP source address to 67.212.192.66:11788
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016814, ts 006480, len 000160)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012358, ts 000480, len 000170)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012359, ts 000640, len 000170)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016815, ts 006640, len 000160)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016816, ts 006800, len 000160)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012360, ts 000800, len 000170)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016817, ts 006960, len 000160)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012361, ts 000960, len 000170)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016818, ts 007120, len 000160)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012362, ts 001120, len 000170)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016819, ts 007280, len 000160)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012363, ts 001280, len 000170)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016820, ts 007440, len 000160)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012364, ts 001440, len 000170)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016821, ts 007600, len 000160)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012365, ts 001600, len 000170)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016822, ts 007760, len 000160)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012366, ts 001760, len 000170)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016823, ts 007920, len 000160)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012367, ts 001920, len 000170)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012368, ts 002080, len 000170)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016824, ts 008080, len 000160)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016825, ts 008240, len 000160)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012369, ts 002240, len 000170)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016826, ts 008400, len 000160)
Sent RTP packet to 67.212.192.66:11788 (type 00, seq 012370, ts 002400, len 000170)
Got RTP packet from 67.212.192.66:11788 (type 00, seq 016827, ts 008560, len 000160)

TLS

-- Started music on hold, class 'default', on channel 'PJSIP/johntest-00000004'

Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045133, ts 000160, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045134, ts 000320, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045135, ts 000480, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045136, ts 000640, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045137, ts 000800, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045138, ts 000960, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045139, ts 001120, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045140, ts 001280, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045141, ts 001440, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045142, ts 001600, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045143, ts 001760, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045144, ts 001920, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045145, ts 002080, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045146, ts 002240, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045147, ts 002400, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045148, ts 002560, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045149, ts 002720, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045150, ts 002880, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045151, ts 003040, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045152, ts 003200, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045153, ts 003360, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045154, ts 003520, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045155, ts 003680, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045156, ts 003840, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045157, ts 004000, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045158, ts 004160, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045159, ts 004320, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045160, ts 004480, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045161, ts 004640, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045162, ts 004800, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045163, ts 004960, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045164, ts 005120, len 000170)
Sent RTP packet to 67.212.192.66:11790 (type 00, seq 045165, ts 005280, len 000170)