| Summary: | ASTERISK-18617: ast_srtp_unprotect: SRTP unprotect: authentication failure | ||
| Reporter: | Alexis de BRUYN (adebruyn) | Labels: | |
| Date Opened: | 2011-09-25 09:07:15 | Date Closed: | 2011-09-26 07:45:37 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | Resources/res_srtp |
| Versions: | 1.8.6.0 1.8.7.0 | Frequency of Occurrence | Frequent |
| Related Issues: | |||
| Environment: | Debian Squeeze amd64 srtp 1.4.4 snom300-SIP 8.4.32 | Attachments: | |
| Description: | During a secure call between 2 snom300-SIP 8.4.32 with Asterisk 1.8.x and srtp 1.4.4, I can see in Asterisk log : WARNING[28772]: res_srtp.c:385 ast_srtp_unprotect: SRTP unprotect: authentication failure WARNING[28772]: res_srtp.c:385 ast_srtp_unprotect: SRTP unprotect: authentication failure Though the conversation is fine and secure (I can see the padlock on the SNOM300 screen). Here is my peers configuration : [5] type=peer secret=555555 host=dynamic context=default dtmfmode=rfc2833 disallow=all allow=g729,g722,gsm,alaw transport=tls encryption=yes nat=yes qualify=yes canreinvite=no insecure=invite [6] type=peer secret=666666 host=dynamic context=default dtmfmode=rfc2833 disallow=all allow=g729,g722,gsm,alaw transport=tls encryption=yes nat=yes qualify=yes canreinvite=no insecure=invite And my TLS settings in sip.conf : tlsenable=yes tlsbindaddr=0.0.0.0 tlsprivatekey=/etc/asterisk/keys/asterisk.pem tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 I am using a self-signed certificate for my tests. And finally my extensions.conf : exten => 5,1,Set(_SIPSRTP_CRYPTO=enable) exten => 5,2,Dial(SIP/${EXTEN}) exten => 6,1,Set(_SIPSRTP_CRYPTO=enable) exten => 6,2,Dial(SIP/${EXTEN}) | ||
| Comments: | By: Gregory Hinton Nietsky (irroot) 2011-09-26 04:11:50.249-0500 This is not a issue with asterisk at all the snom does not encode the first few frames and this causes errors i have recently commited a fix to 1.8.8 to only show errors from the 10 frame up and only report it once every 100 frames. as 1.8.8 is not out yet please try SVN or wait for 1.8.8.0-rc1 [should be about a week] im marking this for closure r337554 | root | 2011-09-22 14:19:46 +0200 (Thu, 22 Sep 2011) | 14 lines as you can see it was posted before you reported this issue By: Leif Madsen (lmadsen) 2011-09-26 07:45:37.267-0500 Closed per irroot. | ||