Hi.
I’m trying to setup encryption using SRTP.
-
Two Yealink phones with imported certificates. Configured to connect to static server ip address. Phones work perfectly, so at this moment i’m not touch their config at all (see below).
-
Now i have main virtual machine with debian 8, asterisk 15.4.1 (compiled from source) and libsrtp0 1.4.5 (from repo). Need help to configure asterisk on VM.
-
I’m trying to get simplest asterisk config with low resource usage, that’s why pure asterisk and not asterisknow, freepbx etc. No firewall, no NAT, only local connections, chan_sip.
-
Current configs:
sip.conf:
[general]
allowguest=no
udpbindaddr=192.168.1.131:5060
tcpenable=no
tlsenable=yes
tlsbindaddr=192.168.1.131:5061
tlscafile=/etc/asterisk/crt/AST_CA.crt
tlscertfile=/etc/asterisk/crt/AST_server.pem
tlscipher=ALL
websocket_enabled=false
transport=tls
language=ru
callcounter=yes
sendrpid=yes
;trustrpid=yes
mohinterpret=default
mohsuggest=default
;videosupport=no
contactdeny=0.0.0.0/0.0.0.0
contactpermit=192.168.1.0/255.255.255.0
match_auth_username=yes
useragent=Asterisk PBX
authfailureevents=yes
alwaysauthreject=yes
allowsubscribe=yes
nat=no
directmedia=yes
sdpsession=Asterisk PBX
jbenable=yes
qualify=yes
[testuser](!)
type=friend
context=home
host=dynamic
subscribecontext=home
encryption=yes
[301](testuser)
username=301
secret=u301
callerid="Alice" <301>
disallow=all
allow=g722,ilbc,alaw
[311](testuser)
username=311
secret=u311
callerid="Bob" <311>
disallow=all
allow=g722,ilbc,alaw
extentions.conf:
[general]
static=yes
writeprotect=no
[demo]
exten => 600,1,Playback(demo-echotest)
exten => 600,n,Echo
exten => 600,n,Playback(demo-echodone)
exten => 600,n,Goto(s,1)
[home]
exten => 301,1,Dial(SIP/301)
exten => 311,1,Dial(SIP/311)
exten => 312,1,Dial(SIP/312)
include => demo
-
I set up another VM with AsteriskNow to test audio. Asterisk 13, libsrtp 1.4.4 (rpm -q libsrtp). Same ip, same users, chan_sip, same certificates. Shutdown one VM and start other, no need to change settings on yealink phones.
-
Tests (what tested - result):
Pure Asterisk w/ TLS, w/o SRTP, call another phone - can hear audio
Pure Asterisk w/ TLS, w/ SRTP, call 600 (demo-echotest) - can hear audio
Pure Asterisk w/ TLS, w/ SRTP, call another phone - no audio on both ends
AsteriskNow w/ TLS, w/ SRTP, call another phone - can hear audio -
TLS and SRTP usage was confirmed by “sip show channel channelname”
Transport: TLS
Media: SRTP
- When “rtp set debug on” screen get flooded with
Got RTP packet from 192.168.1.121:11886 (type 00, seq 001279, ts 222240, len 000160)
Sent RTP packet to 192.168.1.120:11878 (type 00, seq 012273, ts 222240, len 000170)
Got RTP packet from 192.168.1.120:11878 (type 00, seq 007627, ts 008000, len 000160)
Sent RTP packet to 192.168.1.121:11886 (type 00, seq 032692, ts 008000, len 000170)
Got RTP packet from 192.168.1.121:11886 (type 00, seq 001280, ts 222400, len 000160)
- Do you need any logs? What exactly do you need and how to get it? Where to upload if logs are too long?