hey folks .
im not able to have Trunk UP with SRTP !!
Asterisk 13.2.0
and i have SRTP module loaded .
ip-10-227-0-136CLI> module show like srtp
Module Description Use Count Status Support Level
res_srtp.so Secure RTP (SRTP) 0 Running core
1 modules loaded
ip-10-227-0-136CLI>
sip.conf
tlscipher=ALL
tlsclientmethod=tlsv1
tlsdontverifyserver=yes
realm=proxy.poweredbydice.net
tlscertfile=/etc/asterisk/keys/cert.pem
tlscafile=/etc/asterisk/keys/ca.pem
tlsdontverifyserver=yes
tlsenable=yes
tlsbindaddr=0.0.0.0
tlsclientmethod=tlsv1
trunk settings ‘’
[poweredbydice]
disallow=all
type=peer
insecure=invite,port
nat=force_rport
allow=opus
allow=speex
allow=ulaw
host=10.227.0.221
port=443
fromuser=123
fromdomain=proxy.isp.net
secret=123456789
qualify=no
dtmfmode=rfc2833
context=default
directmedia=nonat
sendrpid=yes
trustrpid=yes
srtpcapable=yes
transport=tls
encryption=yes
cert files verification
[root@ip-10-227-0-136 keys]# openssl verify -verbose -x509_strict -CAfile ca.pem -CApath nosuchdir cert.pem
cert.pem: OK
as we see …CA with cert verification went ok .!!!
here below are the permissions
total 40
-rwxrwxr-x. 1 asterisk asterisk 167 Feb 13 2015 ca.cfg
-rwxrwxr-x 1 asterisk asterisk 1037 Jan 20 13:16 ca.crt
-rwxrwxr-x 1 asterisk asterisk 940 Jan 17 16:27 ca.key
-rwxrwxr-x 1 asterisk asterisk 1460 Jan 20 12:50 ca.pem
-rwxrwxr-x 1 asterisk asterisk 3164 Jan 20 12:50 cert.pem
-rwxrwxr-x. 1 asterisk asterisk 1249 Feb 13 2015 default.crt
-rwxrwxr-x. 1 asterisk asterisk 595 Feb 13 2015 default.csr
-rwxrwxr-x. 1 asterisk asterisk 887 Feb 13 2015 default.key
-rwxrwxr-x. 1 asterisk asterisk 2136 Feb 13 2015 default.pem
-rwxrwxr-x. 1 asterisk asterisk 138 Feb 13 2015 tmp.cfg
[root@ip-10-227-0-136 keys]# pwd
/etc/asterisk/keys
[root@ip-10-227-0-136 keys]#
and the error always on the console as below ;
==============
ip-10-227-0-136CLI>
ip-10-227-0-136CLI>
[2017-01-20 14:09:38] NOTICE[7648]: chan_sip.c:15348 sip_reg_timeout: – Registration for ‘00442030264100@10.227.0.221’ timed out, trying again (Attempt #75)
ip-10-227-0-136CLI> Enter PEM pass phrase:
== TLS/SSL ECDH initialized (secp256r1), faster PFS cipher-suites enabled
== TLS/SSL certificate ok
[2017-01-20 14:09:38] ERROR[8652]: tcptls.c:605 handle_tcptls_connection: Problem setting up ssl connection: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[2017-01-20 14:09:38] WARNING[8652]: tcptls.c:674 handle_tcptls_connection: FILE * open failed!
ip-10-227-0-136CLI> Enter PEM pass phrase:
[2017-01-20 14:09:58] NOTICE[7648]: chan_sip.c:15348 sip_reg_timeout: – Registration for ‘00442030264100@10.227.0.221’ timed out, trying again (Attempt #76)
== TLS/SSL ECDH initialized (secp256r1), faster PFS cipher-suites enabled
== TLS/SSL certificate ok
[2017-01-20 14:09:58] ERROR[8653]: tcptls.c:605 handle_tcptls_connection: Problem setting up ssl connection: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[2017-01-20 14:09:58] WARNING[8653]: tcptls.c:674 handle_tcptls_connection: FILE * open failed!
ip-10-227-0-136*CLI>
one more thing on linux console it always keep ask me to hit the passphrase key as below ;
[root@ip-10-227-0-136 keys]# Enter PEM pass phrase:
Enter PEM pass phrase:
guys what the hell is going on ?
thanks