[Home]

Summary:ASTERISK-16628: SRTP stops working anymore beta4
Reporter:frank koster (notthematrix)Labels:
Date Opened:2010-08-29 14:33:18Date Closed:2010-09-08 11:53:29
Priority:MajorRegression?No
Status:Closed/CompleteComponents:Resources/res_srtp
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:Looks like SRTP is not working proper anymore.
since beta4
Sound grabbled on one site....
looks like the same problem
before we discovered constantssrc=yes had to be set,
and constantssrc=no is set.

Comments:By: Elazar Broad (ebroad) 2010-08-30 12:05:41

Please upload a full debug log (see below) and be sure to enable debugs for the SIP channel driver.

---
http://svn.digium.com/svn/asterisk/trunk/doc/HOWTO_collect_debug_information.txt
By: frank koster (notthematrix) 2010-09-05 18:54:54

Iam sorry for the late response but iam not in the position to test it right now....
Since the machine we used for testing is now in use for production (spare).

But its is not hard to reproduse this bug..

sip_general_custom.conf

qualify=5000
echocancel=yes
echocancelwhenbridged=yes

autoframing=yes

allow=g722,alaw,ulaw,gsm,g729,g723

;tcpenable=yes                    ; Enable server for incoming TCP connections (default is no)
tlsenable=yes
tlsbindaddr=xxx.xxx.xxx.xxx:443
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscadir=/etc/asterisk/keys/ca/
tlscipher=HIGH
;tlsdontverifyserver=yes
allowguest=no

registerattempts=0
defaultexpirey=750
maxexpirey=1800
ignoresdpversion=yes
transport=tls

;registerattempts=0
;defaultexpirey=604800
;maxexpirey=702100
registertimeout=60
useragent=Asterisk PBX
sdpsession=Asterisk PBX
;sdpowner=0 0 IN IP4 192.168.1.24
udpbindaddr = xxx.xxx.xxx.xxx:443
rtptimeout = 60
rtpkeepalive = 0
rtpholdtimeout = 300
constantssrc=yes

compactheaders = yes
videosupport= always


session-timers=refuse
session-expires=180
session-minse=90
session-refresher=uas




;
;--------------------------- SIP timers ----------------------------------------------------
; These timers are used primarily in INVITE transactions.
; The default for Timer T1 is 500 ms or the measured run-trip time between
; Asterisk and the device if you have qualify=yes for the device.
;
t1min=100                       ; Minimum roundtrip time for messages to monitored hosts
                               ; Defaults to 100 ms
timert1=2000                     ; Default T1 timer
                               ; Defaults to 500 ms or the measured round-trip
                               ; time to a peer (qualify=yes).
timerb=32000                    ; Call setup timer. If a provisional response is not received
                               ; in this amount of time, the call will autocongest
                               ; Defaults to 64*timert1

qualifyfreq=60

qualifygap=150                 ; Number of milliseconds between each group of peers being qualified
qualifypeers=1                 ; Number of peers in a group to be qualified at the same time

The rest is to just add 2 standars extentions with asterisk now like



sip_additional.conf

[61889214119]
deny=0.0.0.0/0.0.0.0
disallow=all
type=friend
secret=blaaat24
qualify=yes
port=443
pickupgroup=
permit=0.0.0.0/0.0.0.0
nat=yes
mailbox=61889214119@device
host=dynamic
dtmfmode=rfc2833
dial=SIP/61889214119
context=klant-61-1-12345678
canreinvite=no
callgroup=
callerid=device <61889214119>
allow=g729
accountcode=
call-limit=50
faxdetect=no


and

[61889214120]
deny=0.0.0.0/0.0.0.0
disallow=all
type=friend
secret=blaat25
qualify=yes
port=443
pickupgroup=
permit=0.0.0.0/0.0.0.0
nat=yes
mailbox=61889214119@device
host=dynamic
dtmfmode=rfc2833
dial=SIP/61889214120
context=klant-61-1-12345678
canreinvite=no
callgroup=
callerid=device <61889214120>
allow=g729
accountcode=
call-limit=50
faxdetect=no

and in sip_custom_post.conf add

[61889214119](+)
transport=tls
encryption=yes


[61889214120](+)
transport=tls
encryption=yes

try to call  one to the other
and you will get the problem...
sorry for the inconvience :(
If I can  free a machine for testing I will post the results imiadtly...

maby twilson can test this I also helped him with testing the famous
https://bugs.digium.com/view.php?id=5413 tread He was using the same devices as I do (grandstream)
again sorry for the inconviniance..
By: Elazar Broad (ebroad) 2010-09-07 09:42:39

When you have a chance, can you test the latest SVN trunk, I believe twilson committed a fix for this issue. See:

https://reviewboard.asterisk.org/r/878/
http://lists.digium.com/pipermail/asterisk-commits/2010-September/045201.html
By: frank koster (notthematrix) 2010-09-07 12:12:45

hmm this realy looks like the problem , since echo test works.....
but briding from phone 2 phone fails...
Ill try to test asap
By: frank koster (notthematrix) 2010-09-07 17:51:10

Yep https://issues.asterisk.org/view.php?id=17563 fixed the problems....
srtp works as it used to do.... "or maby better ;)"


By: Leif Madsen (lmadsen) 2010-09-08 11:53:29

This should be fixed in 1.8.0-beta5 which is now available. Please test that and if you have any further issues with SRTP please open a new issue. Thanks!