Still no SRTP joy!

I posted last year about having TLS working but not being able to get SRTP playing. Part of the problem then was the softphone I was using (Media 5 phone). I never was able to get it to work. The suggestions made helped with the key lifetime issue but I still alays got the 488 not acceptable message and no connection so I put the whole thing on hold. Now I’m trying again with Bria and Blink Pro. I get the same results on all the phones except Media 5 still sends a crypto lifetime field Asterisk doesn’t like. A SIP debug dump for the Bria phone is down below. Bria does not appear to add a key lifetime parameter to the offer and looks the simplest so I think everything should ne working.

The system I am running is an nVidia Tegra2 (armv7tl) based computer with Ubuntu 11.10, libSRTP0 (1.4.4+), Asterisk 1.8.9.0 and FreePBX 2.10rc1. Everything appears to work perfectly except SRTP. Media 5 phone, Bria and Blink Pro all fail identically with ‘could not set local policy’ and 'can’t provide secure audio requested in SDP offer. Asterisk and FreePBX are built from source, libSTRP0 is a precompiled Arm binary from Ubuntu. Any help would be greatly appreciated! I just don’t completely understand what I’m looking at here. BTW- This is the result of trying to reach the VM, hence the *97. Mon secure calls et. work perfectly on all phones. Perhaps someone could offer some things I could try? Here’s the debug dump.

Thanks!

<— SIP read from TLS:192.168.1.10:49201 —>
INVITE sip:*97@192.168.1.23 SIP/2.0
Via: SIP/2.0/TLS 192.168.1.10:49201;rport;branch=z9hG4bKPj2OpHamHsr0i7RRQKB0U8Nnrqx33uMb5-;alias
Max-Forwards: 70
From: “Glen Sec 2” sip:9002@192.168.1.23;tag=u9ATHpMjZbbXmvpHqY4MduMNzkwy.dg7
To: sip:*97@192.168.1.23
Contact: “Glen Sec 2” sip:9002@192.168.1.10:49161;transport=TLS
Call-ID: tM8ubk-vUk1qUC3kq0XbqAXuz0qtXNSC
CSeq: 15569 INVITE
Allow: INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
Supported: replaces, timer, norefersub
Session-Expires: 1800
Min-SE: 90
User-Agent: Bria iPhone 1.3.6
Authorization: Digest username=“9002”, realm=“asterisk”, nonce=“2c4266b5”, uri=“sip:*97@192.168.1.23”, response=“ac9396f967dd03791c36be28345b5f34”, algorithm=MD5
Content-Type: application/sdp
Content-Length: 375

v=0
o=- 3537376331 3537376331 IN IP4 75.142.221.60
s=cpc_med
c=IN IP4 75.142.221.60
t=0 0
m=audio 4004 RTP/SAVP 0 96
a=rtpmap:0 PCMU/8000
a=sendrecv
a=rtpmap:96 telephone-event/8000
a=fmtp:96 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:BRES5UbMmGQh/4pyBL8kjeWOLP+RoA3bbqDnkMjR
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:XWtCmxRcWM4UOvNor0QyLyQjWoTRGw7nKtrrGKRl
<------------->
— (16 headers 12 lines) —
Sending to 192.168.1.10:49201 (no NAT)
Using INVITE request as basis request - tM8ubk-vUk1qUC3kq0XbqAXuz0qtXNSC
Found peer ‘9002’ for ‘9002’ from 192.168.1.10:49201
Found RTP audio format 0
Found RTP audio format 96
Found audio description format PCMU for ID 0
Found audio description format telephone-event for ID 96
Could not set local SRTP policy
Can’t provide secure audio requested in SDP offer

<— Reliably Transmitting (no NAT) to 192.168.1.10:49201 —>
SIP/2.0 488 Not acceptable here
Via: SIP/2.0/TLS 192.168.1.10:49201;branch=z9hG4bKPj2OpHamHsr0i7RRQKB0U8Nnrqx33uMb5-;alias;received=192.168.1.10;rport=49201
From: “Glen Sec 2” sip:9002@192.168.1.23;tag=u9ATHpMjZbbXmvpHqY4MduMNzkwy.dg7
To: sip:*97@192.168.1.23;tag=as69ef8cd7
Call-ID: tM8ubk-vUk1qUC3kq0XbqAXuz0qtXNSC
CSeq: 15569 INVITE
Server: FPBX-2.10.0rc1(1.8.9.0)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Length: 0