WebRTC, sipML5, Rejecting secure audio stream without encryption details

I em trying to configure sipML5 with my Asterisk 11.17.1. I manage to register sipML5 client to my Asterisk and when I try to make call, in warning log I get message:
chan_sip.c: Rejecting secure audio stream without encryption details: audio 48022 UDP/TLS/RTP/SAVPF 109 9 0 8

I have checked all posts on same topic and this is how they differ from this problem:

45951: I have defined self singed certificate.
43388: I use sipML5 not jssip as jssip I can not even register to my Asterisk. And there is no solution in this thread.
46499: There is no solution in this thread.
45672: There is no solution in this thread.
47849:
There is no solution in this thread.

Unfortunately it seams that no one who has opened the thread didn’t find solution to his issue.

I have checked the sticky Troubleshooting WebRTC Issues topic, and there they say to put avpf=yes and encryption=yes in peer sip config. I have done that, but I still get the above message.

Any help would really be appreciated.

Best regards and have a nice day!

This is the sip debug that I have collected, if I need to send more data, please let me know:

<— SIP read from WS:200.200.200.41:55978 —>
INVITE sip:1000@100.100.100.54 SIP/2.0
Via: SIP/2.0/WS df7jal23ls0d.invalid;branch=z9hG4bKhwDDJVwTuZn7X4nX7S5uZDOtiKPr6HIy;rport
From: "Tomo Test"sip:499@100.100.100.54;tag=PB8zUsrhFxI6qekrEQMW
To: sip:1000@100.100.100.54
Contact: "Tomo Test"sip:499@df7jal23ls0d.invalid;rtcweb-breaker=no;click2call=no;transport=ws;+g.oma.sip-im;language="en,fr"
Call-ID: 95ea31cc-ae65-cf10-82b1-edf9a451a3b0
CSeq: 48761 INVITE
Content-Type: application/sdp
Content-Length: 1505
Max-Forwards: 70
User-Agent: IM-client/OMA1.0 sipML5-v1.2016.03.04
Organization: Doubango Telecom

v=0
o=mozilla…THIS_IS_SDPARTA-46.0.1 2616828652649323500 0 IN IP4 127.0.0.1
s=Doubango Telecom - firefox
t=0 0
a=sendrecv
a=fingerprint:sha-256 FF:4A:E8:6B:A8:23:88:79:84:8B:3D:17:F3:B5:B5:2C:A6:DC:14:8A:E9:2D:EB:D3:AB:E7:AC:F4:E9:F2:9A:70
a=ice-options:trickle
a=msid-semantic:WMS *
m=audio 54463 UDP/TLS/RTP/SAVPF 109 9 0 8
c=IN IP4 200.200.200.41
a=candidate:0 1 UDP 2122252543 192.168.50.18 54463 typ host
a=candidate:2 1 UDP 2122187007 192.168.122.1 39796 typ host
a=candidate:0 2 UDP 2122252542 192.168.50.18 45411 typ host
a=candidate:2 2 UDP 2122187006 192.168.122.1 47758 typ host
a=candidate:1 1 UDP 1686052863 200.200.200.41 54463 typ srflx raddr 192.168.50.18 rport 54463
a=candidate:3 1 UDP 1685987327 200.200.200.41 39796 typ srflx raddr 192.168.122.1 rport 39796
a=candidate:1 2 UDP 1686052862 200.200.200.41 45411 typ srflx raddr 192.168.50.18 rport 45411
a=candidate:3 2 UDP 1685987326 200.200.200.41 47758 typ srflx raddr 192.168.122.1 rport 47758
a=sendrecv
a=end-of-candidates
a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
a=fmtp:109 maxplaybackrate=48000;stereo=1
a=ice-pwd:596e18df834a469114ea274ce5fea57a
a=ice-ufrag:78b534b0
a=mid:sdparta_0
a=msid:{4c6c5cb2-43e6-4a11-ba3e-7d9c766e2565} {e2c060d7-c898-46a2-a6cd-ed6948268f9e}
a=rtcp:45411 IN IP4 200.200.200.41
a=rtcp-mux
a=rtpmap:109 opus/48000/2
a=rtpmap:9 G722/8000/1
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=setup:actpass
a=ssrc:4128415643 cname:{2e346c8f-0458-4c25-bedb-368dbd6f6cf1}
<------------->
— (12 headers 34 lines) —
Using INVITE request as basis request - 95ea31cc-ae65-cf10-82b1-edf9a451a3b0
Found peer ‘499’ for ‘499’ from 200.200.200.41:55978

<— SIP read from WS:200.200.200.41:55978 —>
ACK sip:1000@100.100.100.54 SIP/2.0
Via: SIP/2.0/WS df7jal23ls0d.invalid;branch=z9hG4bKhwDDJVwTuZn7X4nX7S5uZDOtiKPr6HIy;rport
From: "Tomo Test"sip:499@100.100.100.54;tag=PB8zUsrhFxI6qekrEQMW
To: sip:1000@100.100.100.54;tag=as32d362ef
Call-ID: 95ea31cc-ae65-cf10-82b1-edf9a451a3b0
CSeq: 48761 ACK
Content-Length: 0
Max-Forwards: 70

<------------->
— (8 headers 0 lines) —

<— SIP read from WS:200.200.200.41:55978 —>
INVITE sip:1000@100.100.100.54 SIP/2.0
Via: SIP/2.0/WS df7jal23ls0d.invalid;branch=z9hG4bKixp3wfMufwHwTbluMIFEtX8Sua3FblCy;rport
From: "Tomo Test"sip:499@100.100.100.54;tag=PB8zUsrhFxI6qekrEQMW
To: sip:1000@100.100.100.54
Contact: "Tomo Test"sip:499@df7jal23ls0d.invalid;rtcweb-breaker=no;click2call=no;transport=ws;+g.oma.sip-im;language=“en,fr"
Call-ID: 95ea31cc-ae65-cf10-82b1-edf9a451a3b0
CSeq: 48762 INVITE
Content-Type: application/sdp
Content-Length: 1505
Max-Forwards: 70
Authorization: Digest username=“499”,realm=“asterisk”,nonce=“44875fa7”,uri="sip:1000@100.100.100.54”,response=“1203cef3305b11829ae35985877a23f8”,algorithm=MD5
User-Agent: IM-client/OMA1.0 sipML5-v1.2016.03.04
Organization: Doubango Telecom

v=0
o=mozilla…THIS_IS_SDPARTA-46.0.1 2616828652649323500 0 IN IP4 127.0.0.1
s=Doubango Telecom - firefox
t=0 0
a=sendrecv
a=fingerprint:sha-256 FF:4A:E8:6B:A8:23:88:79:84:8B:3D:17:F3:B5:B5:2C:A6:DC:14:8A:E9:2D:EB:D3:AB:E7:AC:F4:E9:F2:9A:70
a=ice-options:trickle
a=msid-semantic:WMS *
m=audio 54463 UDP/TLS/RTP/SAVPF 109 9 0 8
c=IN IP4 200.200.200.41
a=candidate:0 1 UDP 2122252543 192.168.50.18 54463 typ host
a=candidate:2 1 UDP 2122187007 192.168.122.1 39796 typ host
a=candidate:0 2 UDP 2122252542 192.168.50.18 45411 typ host
a=candidate:2 2 UDP 2122187006 192.168.122.1 47758 typ host
a=candidate:1 1 UDP 1686052863 200.200.200.41 54463 typ srflx raddr 192.168.50.18 rport 54463
a=candidate:3 1 UDP 1685987327 200.200.200.41 39796 typ srflx raddr 192.168.122.1 rport 39796
a=candidate:1 2 UDP 1686052862 200.200.200.41 45411 typ srflx raddr 192.168.50.18 rport 45411
a=candidate:3 2 UDP 1685987326 200.200.200.41 47758 typ srflx raddr 192.168.122.1 rport 47758
a=sendrecv
a=end-of-candidates
a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
a=fmtp:109 maxplaybackrate=48000;stereo=1
a=ice-pwd:596e18df834a469114ea274ce5fea57a
a=ice-ufrag:78b534b0
a=mid:sdparta_0
a=msid:{4c6c5cb2-43e6-4a55-ba3e-7d9c766e2565} {e2c060d7-c898-46a2-a6cd-ed6948268f9e}
a=rtcp:45411 IN IP4 200.200.200.41
a=rtcp-mux
a=rtpmap:109 opus/48000/2
a=rtpmap:9 G722/8000/1
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=setup:actpass
a=ssrc:4128415643 cname:{2e346c8f-0458-4c25-bedb-368dbd6f6cf1}
<------------->
— (13 headers 34 lines) —
Using INVITE request as basis request - 95ea31cc-ae65-cf10-82b1-edf9a451a3b0
Found peer ‘499’ for ‘499’ from 200.200.200.41:55978
[2016-06-02 13:47:08] WARNING[7594][C-000138d6]: chan_sip.c:10388 process_sdp: Rejecting secure audio stream without encryption details: audio 54463 UDP/TLS/RTP/SAVPF 109 9 0 8

<— SIP read from WS:200.200.200.41:55978 —>
ACK sip:1000@100.100.100.54 SIP/2.0
Via: SIP/2.0/WS df7jal23ls0d.invalid;branch=z9hG4bKixp3wfMufwHwTbluMIFEtX8Sua3FblCy;rport
From: "Tomo Test"sip:499@100.100.100.54;tag=PB8zUsrhFxI6qekrEQMW
To: sip:1000@100.100.100.54;tag=as32d362ef
Call-ID: 95ea31cc-ae65-cf10-82b1-edf9a451a3b0
CSeq: 48762 ACK
Content-Length: 0
Max-Forwards: 70

<------------->
— (8 headers 0 lines) —

<— SIP read from WS:200.200.200.41:55978 —>
REGISTER sip:100.100.100.54 SIP/2.0
Via: SIP/2.0/WS df7jal23ls0d.invalid;branch=z9hG4bKF9tNzwbPmlH2E2nkqrEpJQamwv56cITu;rport
From: "Tomo Test"sip:499@100.100.100.54;tag=ZuOw7n6AgsrinruRPXRM
To: "Tomo Test"sip:499@100.100.100.54
Contact: "Tomo Test"sip:499@df7jal23ls0d.invalid;rtcweb-breaker=no;transport=ws;expires=200;click2call=no;+g.oma.sip-im;+audio;language="en,fr"
Call-ID: 32eb8f5a-e215-fe75-38b4-1d4ca44f2019
CSeq: 27161 REGISTER
Content-Length: 0
Max-Forwards: 70
Authorization: Digest username=“499”,realm=“asterisk”,nonce=“7cef0495”,uri=“sip:100.100.100.54”,response=“8a11abbbfe1f65a81e330736e1cd0205”,algorithm=MD5
User-Agent: IM-client/OMA1.0 sipML5-v1.2016.03.04
Organization: Doubango Telecom

<------------->
— (12 headers 0 lines) —

<— SIP read from WS:200.200.200.41:55978 —>
REGISTER sip:100.100.100.54 SIP/2.0
Via: SIP/2.0/WS df7jal23ls0d.invalid;branch=z9hG4bKsULlLyOim57I8vgcml08dZ6DsPMts5xk;rport
From: "Tomo Test"sip:499@100.100.100.54;tag=ZuOw7n6AgsrinruRPXRM
To: "Tomo Test"sip:499@100.100.100.54
Contact: "Tomo Test"sip:499@df7jal23ls0d.invalid;rtcweb-breaker=no;transport=ws;expires=200;click2call=no;+g.oma.sip-im;+audio;language="en,fr"
Call-ID: 32eb8f5a-e215-fe75-38b4-1d4ca44f2019
CSeq: 27162 REGISTER
Content-Length: 0
Max-Forwards: 70
Authorization: Digest username=“499”,realm=“asterisk”,nonce=“46a19830”,uri=“sip:100.100.100.54”,response=“0e29ee122528b0f704e38d6a7dad02d8”,algorithm=MD5
User-Agent: IM-client/OMA1.0 sipML5-v1.2016.03.04
Organization: Doubango Telecom

<------------->
— (12 headers 0 lines) —
Reliably Transmitting (no NAT) to 200.200.200.41:55978:
OPTIONS sip:499@df7jal23ls0d.invalid;rtcweb-breaker=no;transport=ws SIP/2.0
Via: SIP/2.0/WS 100.100.100.54:5060;branch=z9hG4bK574ee24b
Max-Forwards: 70
From: “Unknown” sip:Unknown@100.100.100.54;tag=as34ab3e67
To: sip:499@df7jal23ls0d.invalid;rtcweb-breaker=no;transport=ws
Contact: sip:Unknown@100.100.100.54:5060;transport=WS
Call-ID: 68ac66cb79376c653176f4591be44cbf@100.100.100.54:5060
CSeq: 102 OPTIONS
User-Agent: FPBX-13.0.70(11.17.1)
Date: Thu, 02 Jun 2016 11:47:12 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0


<— SIP read from WS:200.200.200.41:55978 —>
SIP/2.0 405 Method Not Allowed
Via: SIP/2.0/WS 100.100.100.54:5060;branch=z9hG4bK574ee24b
From: "Unknown"sip:Unknown@100.100.100.54;tag=as34ab3e67
To: sip:499@df7jal23ls0d.invalid;rtcweb-breaker=no;transport=ws
Call-ID: 68ac66cb79376c653176f4591be44cbf@100.100.100.54:5060
CSeq: 102 OPTIONS
Content-Length: 0

<------------->
— (7 headers 0 lines) —
Really destroying SIP dialog ‘68ac66cb79376c653176f4591be44cbf@100.100.100.54:5060’ Method: OPTIONS

Please show the complete configuration of the peer at sip.conf and the complete configuration of the SIPML5 client including the JS debug of mozilla.

Hi navaismo!

Thank you for your mail. Here are information you asked for.

sip_additional.conf
[499]
deny=0.0.0.0/0.0.0.0
secret=ed169d1cbce55e8961db1d7b66a6cace
dtmfmode=rfc2833
canreinvite=no
context=from-webrtc
host=dynamic
trustrpid=yes
sendrpid=no
type=friend
nat=no
port=5060
qualify=yes
qualifyfreq=60
transport=ws,udp,tcp,tls
avpf=yes
force_avp=yes
icesupport=yes
encryption=yes
namedcallgroup=
namedpickupgroup=
dial=SIP/499
permit=0.0.0.0/0.0.0.0
callerid= <499>
callcounter=yes
faxdetect=no
cc_monitor_policy=generic

sip_custom.conf
[499]
dtlsenable=yes ; Tell Asterisk to enable DTLS for this peer
dtlsverify=no ; Tell Asterisk to not verify your DTLS certs
dtlscertfile=/etc/asterisk/keys/pbx.crt ; Tell Asterisk where your DTLS cert file is
dtlsprivatekey=/etc/asterisk/keys/pbx.key ; Tell Asterisk where your DTLS private key is
dtlssetup=actpass ; Tell Asterisk to use actpass SDP parameter when setting up DTLS

This is FreePBX, so sip_custom gets inside sip_aditional.

I have no configuration of sipML5, I em using
live demo (http) from their web site.

I guess I don’t know how to catch JS debug messages in Firefox. I have tried with Firebut, but I get thousands of lines of code in script console. Any hint how to get thet JS debug data?

Ok so im not sure if the dtls parameters are getting inside the configuration of the peer. You may try to set another peer completely set up inside the sip_custom.conf.

I have a couple of doubts, FreePBX support WebrTC in their latest versions so you can configure all from GUI. The other is you are using WS and it is deprecated since the last year. You need to use WSS instead.

Finally share the advanced configuration of the SIPML5 Tab.

Dear navaismo,

thank you for your reply. Sorry for the delay but I was away for 2 weeks.

You were right. I have set another peer completely in sip_custom.conf and now I can set up the call (I see call in progress, In call, Call terminated). :slight_smile:

Unfortunately I have no audio. :frowning:

I have followed your tutorial and:

  1. My Asterisk has public IP address, and in peer I have nat=no. I can’t verify this configuration since sip show peers nor sip show peer doesn’t list NAT configuration. :frowning:
    In SIP debug I can see that “SIP read from WS:” and “c=IN IP4” point to the same client public IP address.
  2. I have turn on RTP debug, and I see that Asterisk is sending RTP stream to the public IP address of client. Just I don’t see “(via ICE)”, and in SIP peer conf I have icesupport=yes and in rtp_custom.conf I have icesupport=true. Is this a problem? I em using Asterisk 11.17.1.

I have capture packets (tcpdump and Wireshark) on Asterisk and on client computer, and I can see that Asterisk is sending RTP stream to the client, and on client I see that it’s receiving RTP (UDP) stream.

It seams that client is getting the stream, just I don’t hear it in my Firefox.

How to continue from here?

Best regards.

OK, my client firewall was blocking the RTP stream. :slight_smile:

It works now. Thank you for your time and help!

Best regards.

Good to know is working now. :+1: