TLS / SRTP DTMFs not working

Asterisk Asterisk SIP
1

Hi all,

I’m setting up an asterisk server that must communicate with the outside world through TLS/SRTP. A client of ours has no problem sending encrypted SIP / SRTP, but I’m having issues with DTMFs. Looking at a wireshark capture, I’m seeing 9 SRTP messages sent to our server any time a DTMF is pressed. That said, when I turn on RTP debugging in the asterisk console, usually only 0-3 of those are seen by asterisk. Does anybody have any ideas as to how that may be?

Below are some of my configuration values:

PJSIP configuration for this client:

type=transport
protocol=tls
bind=0.0.0.0:5063
local_net = <my-private-ip>/20
external_media_address = <my-public-ip>
external_signaling_address = <my-public-ip>
cert_file=/etc/asterisk/keys/asterisk-public-cert.crt
priv_key_file=/etc/asterisk/keys/asterisk-private-key.key
ca_list_path=/etc/asterisk/keys/
method=tlsv1

[client0pstn]
type=endpoint
context=from-phones
disallow=all
allow=ulaw
transport=transport-tls
media_encryption=sdes
media_encryption_optimistic=no
aors=client0pstn-aors

[client0pstn-aors]
type=aor
max_contacts=1000
contact=sip:<public-ip>:5063

[client0pstn-ident]
type=identify
endpoint=client0pstn
match=<public-ip>```

Here’s the SDP for the invite and OK:

INVITE

v=0
o=placeholder 188 1 IN IP4 1.1.1.1
s=Session Controller
c=IN IP4 2.2.2.2
t=0 0
m=audio randomint RTP/SAVP 0 18 101
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=maxptime:20
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:somesecret

------------------
OK

v=0
o=- 188 3 IN IP4 3.3.3.3
s=Asterisk
c=IN IP4 3.3.3.3
t=0 0
m=audio randomint RTP/SAVP 0 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:anothersecret
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv
2

What’s the actual RTP debug as shown in Asterisk?

3

Hi all, running into a similar issue figured I’d tack on here:

PJSIP configuration

[transport-tls-srtp]
type=transport
protocol=tls
bind=0.0.0.0:5061
local_net = <my-private-ip>/20
external_media_address = <my-public-ip>
external_signaling_address = <my-public-ip>
cert_file=/etc/asterisk/keys/asterisk-public-cert.crt
priv_key_file=/etc/asterisk/keys/asterisk-private-key.key
ca_list_file=/etc/asterisk/keys/ca_file.crt
method=tlsv1

[client0pstn]
type=endpoint
context=from-phones
disallow=all
allow=ulaw
transport=transport-tls-srtp
media_encryption=sdes
media_encryption_optimistic=no
aors=client0pstn-aors

[client0pstn-aors]
type=aor
max_contacts=1000
contact=sip:<public-ip>:5061

[client0pstn-ident]
type=identify
endpoint=client0pstn
match=<public-ip>

SDP Invite & Response

INVITE

v=0
o=placeholder 188 1 IN IP4 1.1.1.1
s=Session Controller
c=IN IP4 2.2.2.2
t=0 0
m=audio randomint RTP/SAVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=maxptime:20
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:secret

------------------
OK

v=0
o=- 188 3 IN IP4 3.3.3.3
s=Asterisk
c=IN IP4 3.3.3.3
t=0 0
m=audio randomint RTP/SAVP 0 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:secret
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv

Logging - I set debug mode to 3 and turned on RTP debugging. This is an example of where the DTMF does not arrive.

As a new user I can’t upload an attachment - hoping I can attach in the next one!

4

Can’t upload - here’s a pastebin with the logs.

https://pastebin.com/pCX3hV9v

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.