|Summary:||ASTERISK-17488: no native bridging when more than one crypto offer in SRTP|
|Reporter:||Gerson Sampaio (gersonsm)||Labels:|
|Date Opened:||2011-02-28 11:57:42.000-0600||Date Closed:||2011-02-28 14:34:49.000-0600|
|Environment:||Attachments:||( 0) asterisk.log|
|Description:||When using phones (ie Yealink T22p) that send more than one crypto offers Asterisk does not establish a native bridging between the phones anymore, meaning that the asterisk server stays in the media path and all the traffic flows from phone A to Asterisk and from Asterisk further on to phone B. When using softphone (Phonerlite) i can use SRTP with no issue.|
****** ADDITIONAL INFORMATION ******
crypto offer from t22p:
o=- 20002 20002 IN IP4 10.200.158.208
c=IN IP4 10.200.158.208
m=audio 11784 RTP/SAVP 0 8 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:N2Y1MjAyNmIzMDEyZTBhODRjMTE3NGYxN2QyMDA4
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:N2YyZGJkZjQyYWJlMDlhNzcxNTA4NTE2NTBkNzA3
a=crypto:3 F8_128_HMAC_SHA1_80 inline:N2JmYTZkOGMxZDc4NmI5MDcwYWQ0OWEANWRmMGQx
|Comments:||By: Gerson Sampaio (gersonsm) 2011-02-28 13:54:56.000-0600|
The same problem appear with Polycom IP-650 Phone.
By: Terry Wilson (twilson) 2011-02-28 14:34:49.000-0600
This isn't a problem, it is just how things work. Phone A calls Asterisk and sets up an encrypted session. Asterisk calls Phone B and sets up an encrypted session. It is not possible for the phones send the media directly because they wouldn't be able to decrypt.
Asterisk is not a SIP proxy. It doesn't direct the phones to negotiate encryption between each other. It can behave in no other way.