Summary: | ASTERISK-16628: SRTP stops working anymore beta4 | ||
Reporter: | frank koster (notthematrix) | Labels: | |
Date Opened: | 2010-08-29 14:33:18 | Date Closed: | 2010-09-08 11:53:29 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Resources/res_srtp |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | Looks like SRTP is not working proper anymore. since beta4 Sound grabbled on one site.... looks like the same problem before we discovered constantssrc=yes had to be set, and constantssrc=no is set. | ||
Comments: | By: Elazar Broad (ebroad) 2010-08-30 12:05:41 Please upload a full debug log (see below) and be sure to enable debugs for the SIP channel driver. --- http://svn.digium.com/svn/asterisk/trunk/doc/HOWTO_collect_debug_information.txt By: frank koster (notthematrix) 2010-09-05 18:54:54 Iam sorry for the late response but iam not in the position to test it right now.... Since the machine we used for testing is now in use for production (spare). But its is not hard to reproduse this bug.. sip_general_custom.conf qualify=5000 echocancel=yes echocancelwhenbridged=yes autoframing=yes allow=g722,alaw,ulaw,gsm,g729,g723 ;tcpenable=yes ; Enable server for incoming TCP connections (default is no) tlsenable=yes tlsbindaddr=xxx.xxx.xxx.xxx:443 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscadir=/etc/asterisk/keys/ca/ tlscipher=HIGH ;tlsdontverifyserver=yes allowguest=no registerattempts=0 defaultexpirey=750 maxexpirey=1800 ignoresdpversion=yes transport=tls ;registerattempts=0 ;defaultexpirey=604800 ;maxexpirey=702100 registertimeout=60 useragent=Asterisk PBX sdpsession=Asterisk PBX ;sdpowner=0 0 IN IP4 192.168.1.24 udpbindaddr = xxx.xxx.xxx.xxx:443 rtptimeout = 60 rtpkeepalive = 0 rtpholdtimeout = 300 constantssrc=yes compactheaders = yes videosupport= always session-timers=refuse session-expires=180 session-minse=90 session-refresher=uas ; ;--------------------------- SIP timers ---------------------------------------------------- ; These timers are used primarily in INVITE transactions. ; The default for Timer T1 is 500 ms or the measured run-trip time between ; Asterisk and the device if you have qualify=yes for the device. ; t1min=100 ; Minimum roundtrip time for messages to monitored hosts ; Defaults to 100 ms timert1=2000 ; Default T1 timer ; Defaults to 500 ms or the measured round-trip ; time to a peer (qualify=yes). timerb=32000 ; Call setup timer. If a provisional response is not received ; in this amount of time, the call will autocongest ; Defaults to 64*timert1 qualifyfreq=60 qualifygap=150 ; Number of milliseconds between each group of peers being qualified qualifypeers=1 ; Number of peers in a group to be qualified at the same time The rest is to just add 2 standars extentions with asterisk now like sip_additional.conf [61889214119] deny=0.0.0.0/0.0.0.0 disallow=all type=friend secret=blaaat24 qualify=yes port=443 pickupgroup= permit=0.0.0.0/0.0.0.0 nat=yes mailbox=61889214119@device host=dynamic dtmfmode=rfc2833 dial=SIP/61889214119 context=klant-61-1-12345678 canreinvite=no callgroup= callerid=device <61889214119> allow=g729 accountcode= call-limit=50 faxdetect=no and [61889214120] deny=0.0.0.0/0.0.0.0 disallow=all type=friend secret=blaat25 qualify=yes port=443 pickupgroup= permit=0.0.0.0/0.0.0.0 nat=yes mailbox=61889214119@device host=dynamic dtmfmode=rfc2833 dial=SIP/61889214120 context=klant-61-1-12345678 canreinvite=no callgroup= callerid=device <61889214120> allow=g729 accountcode= call-limit=50 faxdetect=no and in sip_custom_post.conf add [61889214119](+) transport=tls encryption=yes [61889214120](+) transport=tls encryption=yes try to call one to the other and you will get the problem... sorry for the inconvience :( If I can free a machine for testing I will post the results imiadtly... maby twilson can test this I also helped him with testing the famous https://bugs.digium.com/view.php?id=5413 tread He was using the same devices as I do (grandstream) again sorry for the inconviniance.. By: Elazar Broad (ebroad) 2010-09-07 09:42:39 When you have a chance, can you test the latest SVN trunk, I believe twilson committed a fix for this issue. See: https://reviewboard.asterisk.org/r/878/ http://lists.digium.com/pipermail/asterisk-commits/2010-September/045201.html By: frank koster (notthematrix) 2010-09-07 12:12:45 hmm this realy looks like the problem , since echo test works..... but briding from phone 2 phone fails... Ill try to test asap By: frank koster (notthematrix) 2010-09-07 17:51:10 Yep https://issues.asterisk.org/view.php?id=17563 fixed the problems.... srtp works as it used to do.... "or maby better ;)" By: Leif Madsen (lmadsen) 2010-09-08 11:53:29 This should be fixed in 1.8.0-beta5 which is now available. Please test that and if you have any further issues with SRTP please open a new issue. Thanks! |