SRTP. No audio with Asterisk, but can hear audio with AsteriskNow


#1

Hi.
I’m trying to setup encryption using SRTP.

  1. Two Yealink phones with imported certificates. Configured to connect to static server ip address. Phones work perfectly, so at this moment i’m not touch their config at all (see below).

  2. Now i have main virtual machine with debian 8, asterisk 15.4.1 (compiled from source) and libsrtp0 1.4.5 (from repo). Need help to configure asterisk on VM.

  3. I’m trying to get simplest asterisk config with low resource usage, that’s why pure asterisk and not asterisknow, freepbx etc. No firewall, no NAT, only local connections, chan_sip.

  4. Current configs:
    sip.conf:

[general]
allowguest=no
udpbindaddr=192.168.1.131:5060
tcpenable=no
tlsenable=yes
tlsbindaddr=192.168.1.131:5061
tlscafile=/etc/asterisk/crt/AST_CA.crt
tlscertfile=/etc/asterisk/crt/AST_server.pem
tlscipher=ALL
websocket_enabled=false

transport=tls

language=ru

callcounter=yes
sendrpid=yes
;trustrpid=yes

mohinterpret=default
mohsuggest=default
;videosupport=no
contactdeny=0.0.0.0/0.0.0.0
contactpermit=192.168.1.0/255.255.255.0

match_auth_username=yes
useragent=Asterisk PBX
authfailureevents=yes
alwaysauthreject=yes
allowsubscribe=yes
nat=no
directmedia=yes
sdpsession=Asterisk PBX
jbenable=yes
qualify=yes

[testuser](!)
type=friend
context=home
host=dynamic
subscribecontext=home
encryption=yes
[301](testuser)
username=301
secret=u301
callerid="Alice" <301>
disallow=all
allow=g722,ilbc,alaw

[311](testuser)
username=311
secret=u311
callerid="Bob" <311>
disallow=all
allow=g722,ilbc,alaw

extentions.conf:

[general]
static=yes
writeprotect=no

[demo]
exten => 600,1,Playback(demo-echotest)
exten => 600,n,Echo
exten => 600,n,Playback(demo-echodone)
exten => 600,n,Goto(s,1)

[home]
exten => 301,1,Dial(SIP/301)
exten => 311,1,Dial(SIP/311)
exten => 312,1,Dial(SIP/312)
include => demo
  1. I set up another VM with AsteriskNow to test audio. Asterisk 13, libsrtp 1.4.4 (rpm -q libsrtp). Same ip, same users, chan_sip, same certificates. Shutdown one VM and start other, no need to change settings on yealink phones.

  2. Tests (what tested - result):
    Pure Asterisk w/ TLS, w/o SRTP, call another phone - can hear audio
    Pure Asterisk w/ TLS, w/ SRTP, call 600 (demo-echotest) - can hear audio
    Pure Asterisk w/ TLS, w/ SRTP, call another phone - no audio on both ends
    AsteriskNow w/ TLS, w/ SRTP, call another phone - can hear audio

  3. TLS and SRTP usage was confirmed by “sip show channel channelname

 Transport:              TLS
  Media:                  SRTP
  1. When “rtp set debug on” screen get flooded with
Got  RTP packet from    192.168.1.121:11886 (type 00, seq 001279, ts 222240, len 000160)
Sent RTP packet to      192.168.1.120:11878 (type 00, seq 012273, ts 222240, len 000170)
Got  RTP packet from    192.168.1.120:11878 (type 00, seq 007627, ts 008000, len 000160)
Sent RTP packet to      192.168.1.121:11886 (type 00, seq 032692, ts 008000, len 000170)
Got  RTP packet from    192.168.1.121:11886 (type 00, seq 001280, ts 222400, len 000160)
  1. Do you need any logs? What exactly do you need and how to get it? Where to upload if logs are too long?