PJSIP calls with TLS/SRTP encryption fails

ejpb · August 4, 2014, 12:15pm

Hello. I’m trying to call encrypted between phones in Asterisk 12.4 with pjsip. I have a blank sip.conf. I created CA.crt and user certs.

[Aug 4 11:58:09] WARNING[2335]: res_pjsip_mwi.c:656 mwi_subscribe_single: AOR phone_2_udp has no configured mailboxes. MWI subscription failed -- Added contact 'sip:82370159@192.168.2.13:5062' to AOR 'phone_1_udp' with expiration of 600 seconds -- Added contact 'sip:78596321@192.168.2.10:5062' to AOR 'phone_2_udp' with expiration of 600 seconds -- Added contact 'sip:64230895@192.168.2.10:5063;transport=tls' to AOR 'phone_3_tls' with expiration of 600 seconds -- Added contact 'sip:27349158@192.168.2.13:5063;transport=tls' to AOR 'phone_4_tls' with expiration of 600 seconds
They all say they are registered but when I ask in the CLI it shows nothing…

[code]asterisk12*CLI> pjsip show registrations

<Registration/ServerURI…> <Auth…> <Status…>

No objects found.
[/code]
Is that normal?

udp -> udp ok:

-- Executing [802@ctx:1] Dial("PJSIP/phone_1_udp-0000000b", "PJSIP/phone_2_udp,20") in new stack -- Called PJSIP/phone_2_udp -- PJSIP/phone_2_udp-0000000c is ringing -- PJSIP/phone_2_udp-0000000c answered PJSIP/phone_1_udp-0000000b -- Channel PJSIP/phone_1_udp-0000000b joined 'simple_bridge' basic-bridge <e1b5f4f0-32c2-4bf4-a42d-88cd05e65f85> -- Channel PJSIP/phone_2_udp-0000000c joined 'simple_bridge' basic-bridge <e1b5f4f0-32c2-4bf4-a42d-88cd05e65f85> > Bridge e1b5f4f0-32c2-4bf4-a42d-88cd05e65f85: switching from simple_bridge technology to native_rtp > 0x7fb750055150 -- Probation passed - setting RTP source address to 192.168.2.13:19028 > 0x7fb75006d0f0 -- Probation passed - setting RTP source address to 192.168.2.10:19000 > 0x7fb750055150 -- Probation passed - setting RTP source address to 192.168.2.13:19028 -- Channel PJSIP/phone_1_udp-0000000b left 'native_rtp' basic-bridge <e1b5f4f0-32c2-4bf4-a42d-88cd05e65f85> == Spawn extension (ctx, 802, 1) exited non-zero on 'PJSIP/phone_1_udp-0000000b' -- Channel PJSIP/phone_2_udp-0000000c left 'native_rtp' basic-bridge <e1b5f4f0-32c2-4bf4-a42d-88cd05e65f85>
tls -> udp ok:

-- Executing [801@ctx:1] Dial("PJSIP/phone_3_tls-0000000f", "PJSIP/phone_1_udp,20") in new stack -- Called PJSIP/phone_1_udp -- PJSIP/phone_1_udp-00000010 is ringing -- PJSIP/phone_1_udp-00000010 answered PJSIP/phone_3_tls-0000000f -- Channel PJSIP/phone_3_tls-0000000f joined 'simple_bridge' basic-bridge <df34dec3-2ee4-45f3-addc-27fe7234c750> -- Channel PJSIP/phone_1_udp-00000010 joined 'simple_bridge' basic-bridge <df34dec3-2ee4-45f3-addc-27fe7234c750> > 0x7fb75007a380 -- Probation passed - setting RTP source address to 192.168.2.13:19032 > 0x7fb750072780 -- Probation passed - setting RTP source address to 192.168.2.10:19006 -- Channel PJSIP/phone_3_tls-0000000f left 'simple_bridge' basic-bridge <df34dec3-2ee4-45f3-addc-27fe7234c750> -- Channel PJSIP/phone_1_udp-00000010 left 'simple_bridge' basic-bridge <df34dec3-2ee4-45f3-addc-27fe7234c750> == Spawn extension (ctx, 801, 1) exited non-zero on 'PJSIP/phone_3_tls-0000000f'
tls -> tls fails:

-- Executing [804@ctx:1] Dial("PJSIP/phone_3_tls-00000011", "PJSIP/phone_4_tls,20") in new stack -- Called PJSIP/phone_4_tls [Aug 4 12:09:03] WARNING[2466]: pjsip:0 <?>: tsx0x7fb73c00c ...Failed to send Request msg INVITE/cseq=14187 (tdta0x7fb750028e60)! err=120013 (Permission denied) == Everyone is busy/congested at this time (1:0/1/0) -- Auto fallthrough, channel 'PJSIP/phone_3_tls-00000011' status is 'CONGESTION'
udp -> tls fails:

-- Executing [804@ctx:1] Dial("PJSIP/phone_1_udp-00000013", "PJSIP/phone_4_tls,20") in new stack -- Called PJSIP/phone_4_tls [Aug 4 12:09:42] WARNING[2466]: pjsip:0 <?>: tsx0x7fb73c011 ...Failed to send Request msg INVITE/cseq=31070 (tdta0x7fb750028e60)! err=120013 (Permission denied) == Everyone is busy/congested at this time (1:0/1/0) -- Auto fallthrough, channel 'PJSIP/phone_1_udp-00000013' status is 'CONGESTION'
These are my config files (sip.conf is a blank file), I used non-standard ports but that should be ok. I have tried both sslv23 and tlsv1 as method.

pjsip.conf

[transport-udp]
type=transport
protocol=udp    ;udp,tcp,tls,ws,wss
bind=0.0.0.0:5062

[transport-local-tls]
type = transport
protocol = tls
bind = 0.0.0.0:5063
cert_file = /etc/asterisk/script/asterisk.crt
priv_key_file = /etc/asterisk/script/asterisk.key
ca_list_file = /etc/asterisk/script/ca.crt
method = sslv23

; -----

[phone_1_udp]
type = endpoint
context = ctx
disallow = all
allow = ulaw
auth = phone_1_udp
aors = phone_1_udp
transport = transport-udp

[phone_1_udp]
type = auth
auth_type = userpass
password = p1
username = phone_1_udp

[phone_1_udp]
type = aor
max_contacts = 4

; -----

[phone_2_udp]
type = endpoint
context = ctx
disallow = all
allow = ulaw
auth = phone_2_udp
aors = phone_2_udp
transport = transport-udp

[phone_2_udp]
type = auth
auth_type = userpass
password = p2
username = phone_2_udp

[phone_2_udp]
type = aor
max_contacts = 4

; -----
[phone_3_tls]
type = endpoint
context = ctx
disallow = all
allow = ulaw
auth = phone_3_tls
aors = phone_3_tls
transport = transport-local-tls
media_encryption = sdes
;direct_media = no
;disable_direct_media_on_nat = yes
;rewrite_contact = yes

[phone_3_tls]
type = auth
auth_type = userpass

[phone_3_tls]
type = aor
max_contacts = 1

; -----

[phone_4_tls]
type = endpoint
context = ctx
disallow = all
allow = ulaw
auth = phone_4_tls
aors = phone_4_tls
transport = transport-local-tls
media_encryption = sdes
;direct_media = no
;disable_direct_media_on_nat = yes
;rewrite_contact = yes

[phone_4_tls]
type = auth
auth_type = userpass
password = p4
username = phone_4_tls

[phone_4_tls]
type = aor
max_contacts = 1

; -----[/code]
extensions.conf
[code][ctx]

exten => 801,1,Dial(PJSIP/phone_1_udp,20)
exten => 802,1,Dial(PJSIP/phone_2_udp,20)
exten => 803,1,Dial(PJSIP/phone_3_tls,20)
exten => 804,1,Dial(PJSIP/phone_4_tls,20)

pjsip debug for tls to tls:

[code]asterisk12*CLI>
<— Received SIP request (1130 bytes) from TLS:192.168.2.10:51573 —>
INVITE sip:804@123.234.210.123 SIP/2.0
Via: SIP/2.0/TLS 192.168.2.10:51573;rport;branch=z9hG4bKPjc33a2a7b45aa467da6dc41a4f8e15df9;alias
Max-Forwards: 70
From: “p3_tls” sip:phone_3_tls@123.234.210.123;tag=1eb63905bc3845ca848a6e28f6e6c999
To: sip:804@123.234.210.123
Contact: sip:64230895@192.168.2.10:5063;transport=tls
Call-ID: d13a416e156d4f48a586ed82f6d28b5a
CSeq: 29248 INVITE
Allow: SUBSCRIBE, NOTIFY, PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: 100rel, replaces, norefersub, gruu
User-Agent: Blink 0.9.1.2 (Windows)
Content-Type: application/sdp
Content-Length: 515

v=0
o=- 3616144689 3616144689 IN IP4 192.168.2.10
s=Blink 0.9.1.2 (Windows)
t=0 0
m=audio 19018 RTP/SAVP 113 9 0 8 101
c=IN IP4 192.168.2.10
a=rtcp:19019
a=rtpmap:113 opus/48000
a=fmtp:113 useinbandfec=1
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:f+SNdS2DdmnP12uMNufZOmGVemhNUIe5pRJl8f6d
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:8xjQiGKZHZKOtWzAidRiWCnnfFBQD1F2vyP4IWr+
a=sendrecv

<— Transmitting SIP response (542 bytes) to TLS:192.168.2.10:51573 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.2.10:51573;rport;received=192.168.2.10;branch=z9hG4bKPjc33a2a7b45aa467da6dc41a4f8e15df9;alias
Call-ID: d13a416e156d4f48a586ed82f6d28b5a
From: “p3_tls” sip:phone_3_tls@123.234.210.123;tag=1eb63905bc3845ca848a6e28f6e6c999
To: sip:804@123.234.210.123;tag=z9hG4bKPjc33a2a7b45aa467da6dc41a4f8e15df9
CSeq: 29248 INVITE
WWW-Authenticate: Digest realm=“asterisk”,nonce=“1407148762/21bd5ef08afa29d490581117da3de2b5”,opaque=“10dc011b79818ede”,algorithm=md5,qop="auth"
Content-Length: 0

<— Received SIP request (432 bytes) from TLS:192.168.2.10:51573 —>
ACK sip:804@123.234.210.123 SIP/2.0
Via: SIP/2.0/TLS 192.168.2.10:51573;rport;branch=z9hG4bKPjc33a2a7b45aa467da6dc41a4f8e15df9;alias
Max-Forwards: 70
From: “p3_tls” sip:phone_3_tls@123.234.210.123;tag=1eb63905bc3845ca848a6e28f6e6c999
To: sip:804@123.234.210.123;tag=z9hG4bKPjc33a2a7b45aa467da6dc41a4f8e15df9
Call-ID: d13a416e156d4f48a586ed82f6d28b5a
CSeq: 29248 ACK
User-Agent: Blink 0.9.1.2 (Windows)
Content-Length: 0

<— Received SIP request (1429 bytes) from TLS:192.168.2.10:51573 —>
INVITE sip:804@123.234.210.123 SIP/2.0
Via: SIP/2.0/TLS 192.168.2.10:51573;rport;branch=z9hG4bKPj72883ae17b024edfb03894553e254463;alias
Max-Forwards: 70
From: “p3_tls” sip:phone_3_tls@123.234.210.123;tag=1eb63905bc3845ca848a6e28f6e6c999
To: sip:804@123.234.210.123
Contact: sip:64230895@192.168.2.10:5063;transport=tls
Call-ID: d13a416e156d4f48a586ed82f6d28b5a
CSeq: 29249 INVITE
Allow: SUBSCRIBE, NOTIFY, PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: 100rel, replaces, norefersub, gruu
User-Agent: Blink 0.9.1.2 (Windows)
Authorization: Digest username=“phone_3_tls”, realm=“asterisk”, nonce=“1407148762/21bd5ef08afa29d490581117da3de2b5”, uri="sip:804@123.234.210.123", response=“3218235302fc9bb3dcd35dc31117994d”, algorithm=md5, cnonce=“d7f3afab65b944b582807eb075b8e691”, opaque=“10dc011b79818ede”, qop=auth, nc=00000001
Content-Type: application/sdp
Content-Length: 515

v=0
o=- 3616144689 3616144689 IN IP4 192.168.2.10
s=Blink 0.9.1.2 (Windows)
t=0 0
m=audio 19018 RTP/SAVP 113 9 0 8 101
c=IN IP4 192.168.2.10
a=rtcp:19019
a=rtpmap:113 opus/48000
a=fmtp:113 useinbandfec=1
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:f+SNdS2DdmnP12uMNufZOmGVemhNUIe5pRJl8f6d
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:8xjQiGKZHZKOtWzAidRiWCnnfFBQD1F2vyP4IWr+
a=sendrecv

<— Received SIP request (1253 bytes) from UDP:192.168.2.13:5062 —>
PUBLISH sip:phone_1_udp@123.234.210.123 SIP/2.0
Via: SIP/2.0/UDP 192.168.2.13:5062;rport;branch=z9hG4bKPjc666c89c767f4283871c44f22ba6ea81
Max-Forwards: 70
From: “p1” sip:phone_1_udp@123.234.210.123;tag=ad50d4cdd2cf41c1b858591aec780680
To: “p1” sip:phone_1_udp@123.234.210.123
Call-ID: 16c5a350d612427bb82e43858bacfe01
CSeq: 1 PUBLISH
Event: presence
Expires: 600
User-Agent: Blink 0.9.1.2 (Windows)
Content-Type: application/pidf+xml
Content-Length: 783

<?xml version='1.0' encoding='UTF-8'?>

closedagp-pidf:extendedoffline</agp-pidf:extended>caps:servcaps/sip%3Aphone_1_udp%40123.234.210.1232014-08-04T11:59:14.524125+02:00<dm:person id=“PID-8c43abcbf6138e658a4acb9c93f3c882”>rpid:activities rpid:otheroffline</rpid:other></rpid:activities>dm:timestamp2014-08-04T11:59:14.524125+02:00</dm:timestamp></dm:person>
<— Transmitting SIP response (541 bytes) to UDP:192.168.2.13:5062 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.2.13:5062;rport;received=192.168.2.13;branch=z9hG4bKPjc666c89c767f4283871c44f22ba6ea81
Call-ID: 16c5a350d612427bb82e43858bacfe01
From: “p1” sip:phone_1_udp@123.234.210.123;tag=ad50d4cdd2cf41c1b858591aec780680
To: “p1” sip:phone_1_udp@123.234.210.123;tag=z9hG4bKPjc666c89c767f4283871c44f22ba6ea81
CSeq: 1 PUBLISH
WWW-Authenticate: Digest realm=“asterisk”,nonce=“1407148762/c34e918b2d15c3e5501c5c834df5a525”,opaque=“629a86ee75ce5544”,algorithm=md5,qop="auth"
Content-Length: 0

<— Transmitting SIP response (343 bytes) to TLS:192.168.2.10:51573 —>
SIP/2.0 100 Trying
Via: SIP/2.0/TLS 192.168.2.10:51573;rport;received=192.168.2.10;branch=z9hG4bKPj72883ae17b024edfb03894553e254463;alias
Call-ID: d13a416e156d4f48a586ed82f6d28b5a
From: “p3_tls” sip:phone_3_tls@123.234.210.123;tag=1eb63905bc3845ca848a6e28f6e6c999
To: sip:804@123.234.210.123
CSeq: 29249 INVITE
Content-Length: 0

-- Executing [804@ctx:1] Dial("PJSIP/phone_3_tls-00000006", "PJSIP/phone_4_tls,20") in new stack
-- Called PJSIP/phone_4_tls

[Aug 4 12:39:32] WARNING[2572]: pjsip:0 <?>: tsx0x1491908 …Failed to send Request msg INVITE/cseq=21798 (tdta0xfdda80)! err=120013 (Permission denied)
== Everyone is busy/congested at this time (1:0/1/0)
– Auto fallthrough, channel ‘PJSIP/phone_3_tls-00000006’ status is ‘CONGESTION’
<— Transmitting SIP response (421 bytes) to TLS:192.168.2.10:51573 —>
SIP/2.0 503 Service Unavailable
Via: SIP/2.0/TLS 192.168.2.10:51573;rport;received=192.168.2.10;branch=z9hG4bKPj72883ae17b024edfb03894553e254463;alias
Call-ID: d13a416e156d4f48a586ed82f6d28b5a
From: “p3_tls” sip:phone_3_tls@123.234.210.123;tag=1eb63905bc3845ca848a6e28f6e6c999
To: sip:804@123.234.210.123;tag=985f2983-e6ad-4ece-a59d-77c950facb4a
CSeq: 29249 INVITE
Reason: Q.850;cause=34
Content-Length: 0

<— Received SIP request (427 bytes) from TLS:192.168.2.10:51573 —>
ACK sip:804@123.234.210.123 SIP/2.0
Via: SIP/2.0/TLS 192.168.2.10:51573;rport;branch=z9hG4bKPj72883ae17b024edfb03894553e254463;alias
Max-Forwards: 70
From: “p3_tls” sip:phone_3_tls@123.234.210.123;tag=1eb63905bc3845ca848a6e28f6e6c999
To: sip:804@123.234.210.123;tag=985f2983-e6ad-4ece-a59d-77c950facb4a
Call-ID: d13a416e156d4f48a586ed82f6d28b5a
CSeq: 29249 ACK
User-Agent: Blink 0.9.1.2 (Windows)
Content-Length: 0

<— Received SIP request (1253 bytes) from UDP:192.168.2.10:5062 —>
PUBLISH sip:phone_2_udp@123.234.210.123 SIP/2.0
Via: SIP/2.0/UDP 192.168.2.10:5062;rport;branch=z9hG4bKPj78ba19a75f5649d68341f751bfe5db3b
Max-Forwards: 70
From: “p2” sip:phone_2_udp@123.234.210.123;tag=f2a856d08cf44ff1b42331e81a303cc0
To: “p2” sip:phone_2_udp@123.234.210.123
Call-ID: ba2dc99ba55f4650822d0046e9dcec0f
CSeq: 1 PUBLISH
Event: presence
Expires: 600
User-Agent: Blink 0.9.1.2 (Windows)
Content-Type: application/pidf+xml
Content-Length: 783

<?xml version='1.0' encoding='UTF-8'?>

closedagp-pidf:extendedoffline</agp-pidf:extended>caps:servcaps/sip%3Aphone_2_udp%40123.234.210.1232014-08-04T12:37:40.475974+02:00<dm:person id=“PID-d834c58e247911c9ac2f584d637ab4a9”>rpid:activities rpid:otheroffline</rpid:other></rpid:activities>dm:timestamp2014-08-04T12:37:40.475974+02:00</dm:timestamp></dm:person>
<— Transmitting SIP response (541 bytes) to UDP:192.168.2.10:5062 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.2.10:5062;rport;received=192.168.2.10;branch=z9hG4bKPj78ba19a75f5649d68341f751bfe5db3b
Call-ID: ba2dc99ba55f4650822d0046e9dcec0f
From: “p2” sip:phone_2_udp@123.234.210.123;tag=f2a856d08cf44ff1b42331e81a303cc0
To: “p2” sip:phone_2_udp@123.234.210.123;tag=z9hG4bKPj78ba19a75f5649d68341f751bfe5db3b
CSeq: 1 PUBLISH
WWW-Authenticate: Digest realm=“asterisk”,nonce=“1407148781/b3ea75313afeab1ef7d49083a320b40a”,opaque=“27a001cc214f97d3”,algorithm=md5,qop="auth"
Content-Length: 0

<— Received SIP request (1253 bytes) from UDP:192.168.2.13:5062 —>
PUBLISH sip:phone_1_udp@123.234.210.123 SIP/2.0
Via: SIP/2.0/UDP 192.168.2.13:5062;rport;branch=z9hG4bKPj676cfa59536249b183569c7230db2679
Max-Forwards: 70
From: “p1” sip:phone_1_udp@123.234.210.123;tag=bac47d38bfb942b4835fd3e74db9a5e3
To: “p1” sip:phone_1_udp@123.234.210.123
Call-ID: c95a08e50570487d980617c37a32e25c
CSeq: 1 PUBLISH
Event: presence
Expires: 600
User-Agent: Blink 0.9.1.2 (Windows)
Content-Type: application/pidf+xml
Content-Length: 783

<?xml version='1.0' encoding='UTF-8'?>

closedagp-pidf:extendedoffline</agp-pidf:extended>caps:servcaps/sip%3Aphone_1_udp%40123.234.210.1232014-08-04T11:59:14.524125+02:00<dm:person id=“PID-8c43abcbf6138e658a4acb9c93f3c882”>rpid:activities rpid:otheroffline</rpid:other></rpid:activities>dm:timestamp2014-08-04T11:59:14.524125+02:00</dm:timestamp></dm:person>
<— Transmitting SIP response (541 bytes) to UDP:192.168.2.13:5062 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.2.13:5062;rport;received=192.168.2.13;branch=z9hG4bKPj676cfa59536249b183569c7230db2679
Call-ID: c95a08e50570487d980617c37a32e25c
From: “p1” sip:phone_1_udp@123.234.210.123;tag=bac47d38bfb942b4835fd3e74db9a5e3
To: “p1” sip:phone_1_udp@123.234.210.123;tag=z9hG4bKPj676cfa59536249b183569c7230db2679
CSeq: 1 PUBLISH
WWW-Authenticate: Digest realm=“asterisk”,nonce=“1407148802/b737f2bf9a6169415e2022449295f610”,opaque=“2d3e2a3515558db2”,algorithm=md5,qop="auth"
Content-Length: 0

asterisk12*CLI>
[/code]

I can play back a capture in Wireshark of the tls-to-udp, so it doesn’t seem to be properly encrypted, although the Blink tls-client shows both padlocks for tls and srtp. So I guess the one I need to figure out is tls-tls for it to be encrypted.
What am I missing…?

Thanks in advance.

ejpb · August 6, 2014, 9:39am

I have tried some more but the only progress was running echo 0 > /selinux/enforce to disable SELinux temporarily. That got rid of the line WARNING[2466]: pjsip:0 <?>: tsx0x7fb73c011 ...Failed to send Request msg INVITE/cseq=31070 (tdta0x7fb750028e60)! err=120013 (Permission denied)So instead of CONGESTION it seems to call and wait for the pickup when I try calling tls to tls but it never rings on the other end.

-- Executing [803@ctx:1] Dial("PJSIP/phone_4_tls-00000025", "PJSIP/phone_3_tls,20") in new stack -- Called PJSIP/phone_3_tls -- Nobody picked up in 20000 ms -- Auto fallthrough, channel 'PJSIP/phone_4_tls-00000025' status is 'NOANSWER'
The new debug log:

[code]asterisk12*CLI> pjsip set logger on
PJSIP Logging enabled
<— Received SIP request (1129 bytes) from TLS:192.168.2.13:2297 —>
INVITE sip:803@123.234.210.123 SIP/2.0
Via: SIP/2.0/TLS 192.168.2.13:2297;rport;branch=z9hG4bKPj3dd8764d43e74c11a2ea2371fde7c09c;alias
Max-Forwards: 70
From: “p4_tls” sip:phone_4_tls@123.234.210.123;tag=0ed6dae60fb04a0ba13719654b51d1c9
To: sip:803@123.234.210.123
Contact: sip:94607152@192.168.2.13:5063;transport=tls
Call-ID: 5cd2e3fed4d648d9b490e0e74e8f067a
CSeq: 15869 INVITE
Allow: SUBSCRIBE, NOTIFY, PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: 100rel, replaces, norefersub, gruu
User-Agent: Blink 0.9.1.2 (Windows)
Content-Type: application/sdp
Content-Length: 515

v=0
o=- 3616311939 3616311939 IN IP4 192.168.2.13
s=Blink 0.9.1.2 (Windows)
t=0 0
m=audio 19008 RTP/SAVP 113 9 0 8 101
c=IN IP4 192.168.2.13
a=rtcp:19009
a=rtpmap:113 opus/48000
a=fmtp:113 useinbandfec=1
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:neIPg10UvUOrq13TiocTe7i4zi9V0cg+mQvIYFbx
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:9RQr3rHg1JMWSrlLHavTk7JsgbWIyW5GYjKDSNti
a=sendrecv

<— Transmitting SIP response (541 bytes) to TLS:192.168.2.13:2297 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.2.13:2297;rport;received=192.168.2.13;branch=z9hG4bKPj3dd8764d43e74c11a2ea2371fde7c09c;alias
Call-ID: 5cd2e3fed4d648d9b490e0e74e8f067a
From: “p4_tls” sip:phone_4_tls@123.234.210.123;tag=0ed6dae60fb04a0ba13719654b51d1c9
To: sip:803@123.234.210.123;tag=z9hG4bKPj3dd8764d43e74c11a2ea2371fde7c09c
CSeq: 15869 INVITE
WWW-Authenticate: Digest realm=“asterisk”,nonce=“1407316027/b91d963812ec3c5c0caf25f660809347”,opaque=“32dc358c1b20a111”,algorithm=md5,qop="auth"
Content-Length: 0

<— Received SIP request (431 bytes) from TLS:192.168.2.13:2297 —>
ACK sip:803@123.234.210.123 SIP/2.0
Via: SIP/2.0/TLS 192.168.2.13:2297;rport;branch=z9hG4bKPj3dd8764d43e74c11a2ea2371fde7c09c;alias
Max-Forwards: 70
From: “p4_tls” sip:phone_4_tls@123.234.210.123;tag=0ed6dae60fb04a0ba13719654b51d1c9
To: sip:803@123.234.210.123;tag=z9hG4bKPj3dd8764d43e74c11a2ea2371fde7c09c
Call-ID: 5cd2e3fed4d648d9b490e0e74e8f067a
CSeq: 15869 ACK
User-Agent: Blink 0.9.1.2 (Windows)
Content-Length: 0

<— Received SIP request (1428 bytes) from TLS:192.168.2.13:2297 —>
INVITE sip:803@123.234.210.123 SIP/2.0
Via: SIP/2.0/TLS 192.168.2.13:2297;rport;branch=z9hG4bKPjeff1cf0c83ec40259abe892a312d4e94;alias
Max-Forwards: 70
From: “p4_tls” sip:phone_4_tls@123.234.210.123;tag=0ed6dae60fb04a0ba13719654b51d1c9
To: sip:803@123.234.210.123
Contact: sip:94607152@192.168.2.13:5063;transport=tls
Call-ID: 5cd2e3fed4d648d9b490e0e74e8f067a
CSeq: 15870 INVITE
Allow: SUBSCRIBE, NOTIFY, PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, MESSAGE, REFER
Supported: 100rel, replaces, norefersub, gruu
User-Agent: Blink 0.9.1.2 (Windows)
Authorization: Digest username=“phone_4_tls”, realm=“asterisk”, nonce=“1407316027/b91d963812ec3c5c0caf25f660809347”, uri="sip:803@123.234.210.123", response=“bed80fa6c379984b27d5bd9bda2bb5d6”, algorithm=md5, cnonce=“d2d85fa4a4404f4ea80edd152d45d684”, opaque=“32dc358c1b20a111”, qop=auth, nc=00000001
Content-Type: application/sdp
Content-Length: 515

v=0
o=- 3616311939 3616311939 IN IP4 192.168.2.13
s=Blink 0.9.1.2 (Windows)
t=0 0
m=audio 19008 RTP/SAVP 113 9 0 8 101
c=IN IP4 192.168.2.13
a=rtcp:19009
a=rtpmap:113 opus/48000
a=fmtp:113 useinbandfec=1
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:neIPg10UvUOrq13TiocTe7i4zi9V0cg+mQvIYFbx
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:9RQr3rHg1JMWSrlLHavTk7JsgbWIyW5GYjKDSNti
a=sendrecv

<— Transmitting SIP response (342 bytes) to TLS:192.168.2.13:2297 —>
SIP/2.0 100 Trying
Via: SIP/2.0/TLS 192.168.2.13:2297;rport;received=192.168.2.13;branch=z9hG4bKPjeff1cf0c83ec40259abe892a312d4e94;alias
Call-ID: 5cd2e3fed4d648d9b490e0e74e8f067a
From: “p4_tls” sip:phone_4_tls@123.234.210.123;tag=0ed6dae60fb04a0ba13719654b51d1c9
To: sip:803@123.234.210.123
CSeq: 15870 INVITE
Content-Length: 0

-- Executing [803@ctx:1] Dial("PJSIP/phone_4_tls-00000025", "PJSIP/phone_3_tls,20") in new stack
-- Called PJSIP/phone_3_tls

<— Transmitting SIP request (1031 bytes) to TLS:192.168.2.10:5063 —>
INVITE sip:64230895@192.168.2.10:5063;transport=tls SIP/2.0
Via: SIP/2.0/TLS 123.234.210.123:5063;rport;branch=z9hG4bKPjbb95f757-f675-4740-afd0-54384cd7cbc5
From: “p4_tls” sip:phone_4_tls@123.234.210.123;tag=17e1ce06-75e3-49b6-a730-e379a1d02296
To: sip:64230895@192.168.2.10
Contact: sip:29175f31-dd4e-4bff-b545-1beabf103324@123.234.210.123:5063;transport=TLS
Call-ID: e0dd04b7-6e65-404c-be1c-34316dde3e10
CSeq: 30504 INVITE
Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, MESSAGE, REFER, REGISTER
Supported: 100rel, timer, replaces, norefersub
Session-Expires: 1800
Min-SE: 90
Content-Type: application/sdp
Content-Length: 345

v=0
o=- 1411220357 1411220357 IN IP4 asterisk12
s=Asterisk
c=IN IP4 123.234.210.123
t=0 0
m=audio 14206 RTP/SAVP 0 101
c=IN IP4 123.234.210.123
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:zsGzTHIaWO724UYHdZgmm5tweyfi1DnOVrh7BMbT
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv

-- Nobody picked up in 20000 ms
-- Auto fallthrough, channel 'PJSIP/phone_4_tls-00000025' status is 'NOANSWER'

<— Transmitting SIP response (407 bytes) to TLS:192.168.2.13:2297 —>
SIP/2.0 603 Decline
Via: SIP/2.0/TLS 192.168.2.13:2297;rport;received=192.168.2.13;branch=z9hG4bKPjeff1cf0c83ec40259abe892a312d4e94;alias
Call-ID: 5cd2e3fed4d648d9b490e0e74e8f067a
From: “p4_tls” sip:phone_4_tls@123.234.210.123;tag=0ed6dae60fb04a0ba13719654b51d1c9
To: sip:803@123.234.210.123;tag=e4c440d8-7aef-4fdb-bedb-c03114f1cb09
CSeq: 15870 INVITE
Reason: Q.850;cause=0
Content-Length: 0

<— Received SIP request (426 bytes) from TLS:192.168.2.13:2297 —>
ACK sip:803@123.234.210.123 SIP/2.0
Via: SIP/2.0/TLS 192.168.2.13:2297;rport;branch=z9hG4bKPjeff1cf0c83ec40259abe892a312d4e94;alias
Max-Forwards: 70
From: “p4_tls” sip:phone_4_tls@123.234.210.123;tag=0ed6dae60fb04a0ba13719654b51d1c9
To: sip:803@123.234.210.123;tag=e4c440d8-7aef-4fdb-bedb-c03114f1cb09
Call-ID: 5cd2e3fed4d648d9b490e0e74e8f067a
CSeq: 15870 ACK
User-Agent: Blink 0.9.1.2 (Windows)
Content-Length: 0

<— Received SIP request (711 bytes) from TLS:192.168.2.10:57171 —>
SUBSCRIBE sip:phone_3_tls@123.234.210.123 SIP/2.0
Via: SIP/2.0/TLS 192.168.2.10:57171;rport;branch=z9hG4bKPj42f26762479b48e083e832db42500547;alias
Max-Forwards: 70
From: “p3_tls” sip:phone_3_tls@123.234.210.123;tag=6aeac2021e4e4d1c8b98bab66355e61e
To: sip:phone_3_tls@123.234.210.123
Contact: sip:64230895@192.168.2.10:5063;transport=tls
Call-ID: f783b321c54d45bd91dff00a87e28f3e
CSeq: 20479 SUBSCRIBE
Event: message-summary
Expires: 600
Supported: 100rel, replaces, norefersub, gruu
Accept: application/simple-message-summary
Allow-Events: conference, message-summary, dialog, presence, presence.winfo, xcap-diff, dialog.winfo, refer
User-Agent: Blink 0.9.1.2 (Windows)
Content-Length: 0

<— Transmitting SIP response (553 bytes) to TLS:192.168.2.10:57171 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.2.10:57171;rport;received=192.168.2.10;branch=z9hG4bKPj42f26762479b48e083e832db42500547;alias
Call-ID: f783b321c54d45bd91dff00a87e28f3e
From: “p3_tls” sip:phone_3_tls@123.234.210.123;tag=6aeac2021e4e4d1c8b98bab66355e61e
To: sip:phone_3_tls@123.234.210.123;tag=z9hG4bKPj42f26762479b48e083e832db42500547
CSeq: 20479 SUBSCRIBE
WWW-Authenticate: Digest realm=“asterisk”,nonce=“1407316057/d082437d0d70406824cc43577fae7c02”,opaque=“50cf446b436ceaa1”,algorithm=md5,qop="auth"
Content-Length: 0

<— Received SIP request (1018 bytes) from TLS:192.168.2.10:57171 —>
SUBSCRIBE sip:phone_3_tls@123.234.210.123 SIP/2.0
Via: SIP/2.0/TLS 192.168.2.10:57171;rport;branch=z9hG4bKPj68b39265ce49442e9e6da23502d2a279;alias
Max-Forwards: 70
From: “p3_tls” sip:phone_3_tls@123.234.210.123;tag=6aeac2021e4e4d1c8b98bab66355e61e
To: sip:phone_3_tls@123.234.210.123
Contact: sip:64230895@192.168.2.10:5063;transport=tls
Call-ID: f783b321c54d45bd91dff00a87e28f3e
CSeq: 20480 SUBSCRIBE
Event: message-summary
Expires: 600
Supported: 100rel, replaces, norefersub, gruu
Accept: application/simple-message-summary
Allow-Events: conference, message-summary, dialog, presence, presence.winfo, xcap-diff, dialog.winfo, refer
User-Agent: Blink 0.9.1.2 (Windows)
Authorization: Digest username=“phone_3_tls”, realm=“asterisk”, nonce=“1407316057/d082437d0d70406824cc43577fae7c02”, uri="sip:phone_3_tls@123.234.210.123", response=“d9e71bfbb2dcdb9a50325cf3f5832f59”, algorithm=md5, cnonce=“3c4968bf5a2a49968aa8eda035dd2292”, opaque=“50cf446b436ceaa1”, qop=auth, nc=00000001
Content-Length: 0

[Aug 6 11:07:37] WARNING[7376]: res_pjsip_mwi.c:656 mwi_subscribe_single: AOR phone_3_tls has no configured mailboxes. MWI subscription failed
<— Transmitting SIP response (415 bytes) to TLS:192.168.2.10:57171 —>
SIP/2.0 500 Internal Server Error
Via: SIP/2.0/TLS 192.168.2.10:57171;rport;received=192.168.2.10;branch=z9hG4bKPj68b39265ce49442e9e6da23502d2a279;alias
Call-ID: f783b321c54d45bd91dff00a87e28f3e
From: “p3_tls” sip:phone_3_tls@123.234.210.123;tag=6aeac2021e4e4d1c8b98bab66355e61e
To: sip:phone_3_tls@123.234.210.123;tag=z9hG4bKPj68b39265ce49442e9e6da23502d2a279
CSeq: 20480 SUBSCRIBE
Content-Length: 0

asterisk12*CLI> pjsip set logger off
PJSIP Logging disabled
[/code]