Outbound call fails when SRTP enabled

I’m using a fresh install of 16.8-cert 8. TLS works fine but if I enable media_encryption=sdes outbound calls fail. I either get CHANUNAVAIL or it acts like it is going to connect then times out and disconnects but the error log looks nearly the same. I thought it might be an issue with the voip provider but the attached capture says it might be a bug so I wanted to check it out before contacting them.

srtp_bug.txt (885 Bytes)

What is the configuration of rtp.conf? What is the full endpoint configuration?

beaglebone*CLI> [Jun  6 04:43:08] ERROR[2451]: res_pjsip_session.c:5044 create_local_sdp:  PJSIP/telnyx-00No such command '[Jun  6 04:43:08] ERROR[2451]: res_rtp_asterisk.c:3705 rtp_allocate_transport: Oh dear... we couldn't allocate a port for RTP instance '0xb471d4e0'' (type 'core show help for other possible commands)
No such command '[Jun  6 04:43:08] WARNING[2451]: res_rtp_asterisk.c:2783 dtls_srtp_stop_timeout_timer: Unable to cancel schedule ID 0.  This is probably a bug (res_rtp_asterisk.c: dtls_srtp_stop_timeout_timer, line 2783).' (type 'core show help for other possible commands)
No such command '[Jun  6 04:43:08] ERROR[2451]: res_pjsip_sdp_rtp.c:249 create_rtp: Unable to create RTP ibeaglebone*CLI> [Jun  6 04:43:08] ERROR[2451]: res_pjsip_session.c:5044 create_local_sdp:  PJSIP/telnyx-0000000b: Couldn't add sdp streams for stream 0:audio-0:audio:sendrecv (ulaw)

This is very confusing to read. It looks like you pasted part of the log into the CLI terminal and then scraped the resulting error messages.

Please use the log files (as text) not a screen scrape, and, if possible, post them in line, marked up as pre-formatted text.

; RTP Configuration
[general]
; Configure RTP port start and end
rtpstart=16400
rtpend=16409
icesupport=false
;stunaddr=stun.callwithus.com
;ice_blacklist = 192.168.6.0/19

[transport_tls]
type=transport
protocol=tls
local_net=172.16.20.0/27
bind=172.16.20.27:5591
external_signaling_address=mymachine.twilightparadox.com
external_media_address=mymachine.twilightparadox.com
method=sslv23
cert_file=/etc/letsencrypt/live/mymachine.twilightparadox.com/fullchain.pem
priv_key_file=/etc/letsencrypt/live/mymachine.twilightparadox.com/privkey.pem
verify_server=yes
ca_list_path=/etc/ssl/certs/

;======================== Telnyx
[telnyx]
type = aor
contact = sip:sip.telnyx.com;transport=tls

[telnyx]
type = endpoint
aors = telnyx
disallow=all
allow = ulaw
from_domain = callcentric.com
allow_transfer = no
direct_media=no
timers_sess_expires=600
timers=yes ;default
media_encryption=sdes
ignore_183_without_sdp=yes
send_pai=yes

You’re limited to 4 or 5 calls (I’d have to double check the code to be sure which). If you increase that, do things change?

Additionally your configuration isn’t forcing TLS for that. You’d need:

contact = sip:sip.telnyx.com\;transport=tls

If it’s in the .conf file to do that.

Shouldn’t that be legs? I thought odd ports were always RTCP.

Yes, I meant call legs. Odd ports are always RTCP, but I don’t remember what the code does if you specify an odd port for the end. I want to say it would result in 4 call legs.

The web post didn’t show the escape character. The file has one. I tried increasing the ports to 30. It may have had an effect. Changed the errors some but still getting CHANUNAVAIL. Doesn’t seen to be complaining about “no such command” now. I’m beginning to think SRTP isn’t ready for prime time at the provider.

[Jun 6 17:16:37] ERROR[3170]: res_pjsip_session.c:5044 create_local_sdp: PJSIP/telnyx-00000003: Couldn’t add sdp streams for stream 0:audio-0:audio:sendrecv (ulaw)
[Jun 6 17:17:23] ERROR[3170]: res_pjsip_session.c:5044 create_local_sdp: PJSIP/telnyx-00000005: Couldn’t add sdp streams for stream 0:audio-0:audio:sendrecv (ulaw)

If it’s an outgoing call, then the above is happening before then. I assume res_srtp is loaded?

Oh, my gosh. :flushed: Originally I was on 16.3 and discovered lib_srtp was not installed on the OS. Then when I rebuilt everything on 16.8 I made sure res_srtp was included when I ran configure but I never gave modules.conf a thought. I’ve really wanted to enable tls/srtp every since they started to become available. This is for our “daily driver”. Thank you.

That’s because you didn’t mark up the relevant bits as pre-formatted text, using the </> button.