Pjsip media transport issue

Serp · October 25, 2018, 8:54am

Hello.
I have Asterisk 14 and I’m trying to use two devices with different transport protocol (udp and tls) on one extension by pjsip channel driver. I expect simultaneous calls on these devices when the extension is called. Here’s my pjsip settings and call sip debug.

/etc/asterisk/pjsip.transport.conf

type or[0.0.0.0-udp]
type=transport
protocol=udp
bind=0.0.0.0:5061
external_media_address=XXX.XXX.XXX.XXX
external_signaling_address=XXX.XXX.XXX.XXX
allow_reload=no
tos=cs3
cos=3
local_net=10.200.0.0/13
local_net=192.168.5.0/24
local_net=192.168.101.0/24
local_net=10.222.0.0/16
local_net=10.223.0.0/24
local_net=172.16.1.100/32
local_net=10.224.0.0/24
local_net=192.168.88.0/24
local_net=192.168.118.0/24
local_net=10.100.6.0/16

[0.0.0.0-tls]
type=transport
protocol=tls
bind=0.0.0.0:5161
external_media_address=XXX.XXX.XXX.XXX
external_signaling_address=XXX.XXX.XXX.XXX
ca_list_file=/etc/pki/tls/certs/ca-bundle.crt
cert_file=/etc/asterisk/keys/1.pem
priv_key_file=/etc/asterisk/keys/2.key
method=tlsv1
allow_reload=no
tos=cs3
cos=3
local_net=10.200.0.0/13
local_net=192.168.5.0/24
local_net=192.168.101.0/24
local_net=10.222.0.0/16
local_net=10.223.0.0/24
local_net=172.16.1.100/32
local_net=10.224.0.0/24
local_net=192.168.88.0/24
local_net=192.168.118.0/24
local_net=10.100.6.0/16 paste code here

/etc/asterisk/pjsip.endpoint.conf

[564596]
type=endpoint
aors=564596
auth=564596-auth
tos_audio=ef
tos_video=af41
cos_audio=5
cos_video=4
allow=ulaw,alaw,g729,ilbc,g722,opus,slin,h264,mpeg4,vp8,h263p,h263
context=from-internal
callerid=564596 <564596>
dtmf_mode=rfc4733
aggregate_mwi=yes
use_avpf=no
rtcp_mux=no
ice_support=no
media_use_received_transport=no
trust_id_inbound=yes
media_encryption=sdes
timers=yes
media_encryption_optimistic=yes
send_pai=yes
rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes
language=ru
one_touch_recording=on
record_on_feature=apprecord
record_off_feature=apprecord

<--- Transmitting SIP request (1596 bytes) to TLS:YYY.YYY.YYY.YYY:20027 --->
INVITE sip:564596@XXX.XXX.XXX.XXX:20027;transport=TLS;rinstance=C7E71B65 SIP/2.0
Via: SIP/2.0/TLS XXX.XXX.XXX.XXX:5161;rport;branch=z9hG4bKPj91e059d6-0c54-4ae6-b7fa-e94bad8172e8;alias
From: "564594" <sip:564594@10.200.0.15>;tag=6bce001b-0687-4dff-bcb3-9a24ebbf3f90
To: <sip:564596@YYY.YYY.YYY.YYY;rinstance=C7E71B65>
Contact: <sip:asterisk@XXX.XXX.XXX.XXX:5161;transport=TLS>
Call-ID: b0f2bcaa-add3-46a4-a3a4-1e09e26e5d02
CSeq: 8743 INVITE
Allow: OPTIONS, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REGISTER, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub
Session-Expires: 1800
Min-SE: 90
P-Asserted-Identity: "564594" <sip:564594@10.200.0.15>
Max-Forwards: 70
User-Agent: FPBX-14.0.3.6(13.19.1)
Content-Type: application/sdp
Content-Length:   793

v=0
o=- 1714808513 1714808513 IN IP4 XXX.XXX.XXX.XXX
s=Asterisk
c=IN IP4 XXX.XXX.XXX.XXX
t=0 0
m=audio 19866 **RTP/AVP** 0 8 18 97 9 107 10 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:+vGbcAFanrY5d55CL0eCDbVYqQ3r4q+twtRRMZZJ
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:97 iLBC/8000
a=rtpmap:9 G722/8000
a=rtpmap:107 opus/48000/2
a=fmtp:107 useinbandfec=1
a=rtpmap:10 L16/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:20
a=sendrecv
m=video 13100 **RTP/AVP** 99 104 100 98 34
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:ZEa+pEONfnSZPczuK5qac4JMvZXDM0FXKYkGdCsO
a=rtpmap:99 H264/90000
a=rtpmap:104 MP4V-ES/90000
a=rtpmap:100 VP8/90000
a=rtpmap:98 h263-1998/90000
a=rtpmap:34 H263/90000
a=sendrecv


<--- Received SIP response (689 bytes) from TLS:YYY.YYY.YYY.YYY:20027 --->
SIP/2.0 488 Not Acceptable Here
Via: SIP/2.0/TLS XXX.XXX.XXX.XXX:5161;rport=5161;branch=z9hG4bKPj91e059d6-0c54-4ae6-b7fa-e94bad8172e8;alias;received=XXX.XXX.XXX.XXX
Contact: <sip:564596@XXX.XXX.XXX.XXX:20027;transport=tls>
From: "564594" <sip:564594@10.200.0.15>;tag=6bce001b-0687-4dff-bcb3-9a24ebbf3f90
Call-ID: b0f2bcaa-add3-46a4-a3a4-1e09e26e5d02
CSeq: 8743 INVITE
To:<sip:564596@YYY.YYY.YYY.YYY;rinstance=C7E71B65>;tag=B4369BEB0E5F1740C9759CCF3C150BCE
Allow: OPTIONS, INVITE, ACK, REFER, CANCEL, BYE, NOTIFY
Supported: replaces, path
Warning: 399 10.14.181.18 "RTP start failed."
User-Agent: Groundwire/5.2.5 (build 1097267; Android 7.0; armeabi-v7a-neon)
Content-Length: 0

As we can see, Asterisk send incorrect media transport RTP/AVP (highlighted with bold) in SDP instead of RTP/SAVP to the tls device. Then, as expected result, tls device returns 488 No Acceptaple here error.

Are my settings incorrect? what do I need to change? Is it possible correct behavior with two different media transports on one extension at all?

jcolp · October 25, 2018, 9:12am

You’ve enabled optimistic encryption which uses RTP/AVP in that place, as that is how optimistic works. If you disable optimistic it will be RTP/SAVP but if the non-TLS device isn’t configured for SRTP, then that will fail. You can’t have a single endpoint configured in differing ways for different devices ultimately.

Serp · October 25, 2018, 9:38am

Thank you for your reply. I tried to play with optimistic and all you tell was confirmed.

Topic		Replies	Views
PJSIP Incoming Calls, Multiple Transports Asterisk Support	1	602	November 24, 2014
Configure 2 providers in 1 pjsip account Asterisk SIP	16	1498	November 2, 2017
Pjsip asterisk 16 + pjsip - ip rtp wrong multi internet link Asterisk SIP	0	615	February 10, 2019
Asterisk 13 and distinct source IP addresses Asterisk Support	0	244	April 24, 2015
PJSIP: cannot create tls transport Asterisk SIP	2	1044	June 4, 2020

Pjsip media transport issue

Related topics