Re: [asterisk-dev] pjsip asterisk 13.24: sips / srtp and Deutsche Telekom doesn't work because of missing mediasec parameters

Mon, 02 Sep 2019 14:27:15 -0700 

Hello Michael,

i just tested your patch with my tcom setup. I noticed that it works in most 
cases.
On case that leads to a fail is a reinvite because of codec or connect line 
information change. Take a look:

Calls starts:

INVITE sip:0191...@tel.t-online.de SIP/2.0
Via: SIP/2.0/TLS 
192.168.203.25:45061;rport;branch=z9hG4bKPj4a53b552-3d39-4ade-a237-d74fa3796ccd;alias
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
To: <sip:0191...@tel.t-online.de>
Contact: <sip:asterisk@192.168.203.25:45061;transport=TLS>
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5805 INVITE
Route: <sip:tel.t-online.de:5061;lr>
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, 
UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub
Session-Expires: 1800
Min-SE: 900
Security-Verify: msrp-tls;mediasec
Security-Verify: sdes-srtp;mediasec
Security-Verify: dtls-srtp;mediasec
Max-Forwards: 70
User-Agent: Asterisk PBX 16.5.0
Content-Type: application/sdp
Content-Length:   397

v=0
o=- 1533927627 1533927627 IN IP4 192.168.203.25
s=Asterisk
c=IN IP4 192.168.203.25
t=0 0
m=audio 18592 RTP/SAVP 9 8 118 101
a=3ge2ae:requested
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:gDiOBggnpgMkoIGjO70QGjqOWVivyC/2PVWnpvuc
a=rtpmap:9 G722/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:118 L16/16000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:70
a=sendrecv

SIP/2.0 407 Proxy Authentication Required 02035034C
Via: SIP/2.0/TLS 
192.168.203.25:45061;received=217.231.62.116;rport=47041;branch=z9hG4bKPj4a53b552-3d39-4ade-a237-d74fa3796ccd;alias
To: <sip:0191...@tel.t-online.de>;tag=h7g4Esbg_26ec170e041b473ae0da003e4b076bd6
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5805 INVITE
Content-Length: 0
Proxy-Authenticate: Digest 
nonce="3E0E0A0188866D5D00000000BEBAD149",realm="tel.t-online.de",algorithm=MD5,qop="auth",stale=true


<--- Transmitting SIP request (494 bytes) to TLS:217.0.21.3:5061 --->
ACK sip:0191...@tel.t-online.de SIP/2.0
Via: SIP/2.0/TLS 
192.168.203.25:45061;rport;branch=z9hG4bKPj4a53b552-3d39-4ade-a237-d74fa3796ccd;alias
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
To: <sip:0191...@tel.t-online.de>;tag=h7g4Esbg_26ec170e041b473ae0da003e4b076bd6
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5805 ACK
Route: <sip:tel.t-online.de:5061;lr>
Max-Forwards: 70
User-Agent: Asterisk PBX 16.5.0
Content-Length:  0


<--- Transmitting SIP request (1565 bytes) to TLS:217.0.21.3:5061 --->
INVITE sip:0191...@tel.t-online.de SIP/2.0
Via: SIP/2.0/TLS 
192.168.203.25:45061;rport;branch=z9hG4bKPj0279a57e-ae56-43c0-ace1-80354e1970fb;alias
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
To: <sip:0191...@tel.t-online.de>
Contact: <sip:asterisk@192.168.203.25:45061;transport=TLS>
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5806 INVITE
Route: <sip:tel.t-online.de:5061;lr>
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, 
UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub
Session-Expires: 1800
Min-SE: 900
Security-Verify: msrp-tls;mediasec
Security-Verify: sdes-srtp;mediasec
Security-Verify: dtls-srtp;mediasec
Max-Forwards: 70
User-Agent: Asterisk PBX 16.5.0
Proxy-Authorization: Digest username="xxxx...@t-online.de", 
realm="tel.t-online.de", nonce="3E0E0A0188866D5D00000000BEBAD149", 
uri="sip:0191...@tel.t-online.de",
response="05d8319847ebaf4dda81e1842f133b38", algorithm=MD5, 
cnonce="c094d37c-4c5c-4491-9abc-7c38943c6035", qop=auth, nc=00000001
Content-Type: application/sdp
Content-Length:   397

v=0
o=- 1533927627 1533927627 IN IP4 192.168.203.25
s=Asterisk
c=IN IP4 192.168.203.25
t=0 0
m=audio 18592 RTP/SAVP 9 8 118 101
a=3ge2ae:requested
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:gDiOBggnpgMkoIGjO70QGjqOWVivyC/2PVWnpvuc
a=rtpmap:9 G722/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:118 L16/16000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:70
a=sendrecv

  == SRTP unprotect failed on SSRC 1439213300 because of unknown 10
  == SRTP unprotect failed on SSRC 1903821878 because of unknown 10
<--- Received SIP response (370 bytes) from TLS:217.0.21.3:5061 --->
SIP/2.0 100 Trying
Via: SIP/2.0/TLS 
192.168.203.25:45061;received=217.231.62.116;rport=47041;branch=z9hG4bKPj0279a57e-ae56-43c0-ace1-80354e1970fb;alias
To: <sip:0191...@tel.t-online.de>
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5806 INVITE
Content-Length: 0


<--- Received SIP response (1073 bytes) from TLS:217.0.21.3:5061 --->
SIP/2.0 183 Session Progress
Via: SIP/2.0/TLS 
192.168.203.25:45061;received=217.231.62.116;rport=47041;branch=z9hG4bKPj0279a57e-ae56-43c0-ace1-80354e1970fb;alias
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5806 INVITE
Contact: <sip:sgc_c@217.0.21.3:5061;transport=tls>
Record-Route: <sip:217.0.21.3:5061;transport=tls;lr>
P-Early-Media: sendonly
Require: 100rel
RSeq: 2
Supported: timer
Content-Type: application/sdp
Content-Length: 307
Allow: REGISTER, REFER, NOTIFY, SUBSCRIBE, PRACK, UPDATE, PUBLISH, INFO, 
INVITE, ACK, OPTIONS, CANCEL, BYE

v=0
o=- 469219287 2037999404 IN IP4 217.0.21.3
s=Basic Session
c=IN IP4 217.0.2.164
t=0 0
m=audio 38772 RTP/SAVP 8 101
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=rtpmap:8 PCMA/8000
a=ptime:20
a=sendrecv
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:lpS7sjUmhtELeK4LC7OJM7fPKU001RkoIpebLVfc

    -- PJSIP/tcom_trunk-00000013 is making progress passing it to 
PJSIP/495XXXXXXX_3-00000012
<--- Transmitting SIP request (564 bytes) to TLS:217.0.21.3:5061 --->
PRACK sip:sgc_c@217.0.21.3:5061;transport=tls SIP/2.0
Via: SIP/2.0/TLS 
192.168.203.25:45061;rport;branch=z9hG4bKPj5d012bf4-1979-4424-9279-0118ba1b36ac;alias
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5807 PRACK
Route: <sip:217.0.21.3:5061;transport=tls;lr>
RAck: 2 5806 INVITE
Max-Forwards: 70
User-Agent: Asterisk PBX 16.5.0
Content-Length:  0


    -- PJSIP/tcom_trunk-00000013 is making progress passing it to 
PJSIP/495XXXXXXX_3-00000012
<--- Received SIP response (543 bytes) from TLS:217.0.21.3:5061 --->
SIP/2.0 200 OK
Via: SIP/2.0/TLS 
192.168.203.25:45061;received=217.231.62.116;rport=47041;branch=z9hG4bKPj5d012bf4-1979-4424-9279-0118ba1b36ac;alias
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5807 PRACK
Content-Length: 0
Allow: REGISTER, REFER, NOTIFY, SUBSCRIBE, PRACK, UPDATE, PUBLISH, INFO, 
INVITE, ACK, OPTIONS, CANCEL, BYE


<--- Received SIP response (1073 bytes) from TLS:217.0.21.3:5061 --->
SIP/2.0 183 Session Progress
Via: SIP/2.0/TLS 
192.168.203.25:45061;received=217.231.62.116;rport=47041;branch=z9hG4bKPj0279a57e-ae56-43c0-ace1-80354e1970fb;alias
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5806 INVITE
Contact: <sip:sgc_c@217.0.21.3:5061;transport=tls>
Record-Route: <sip:217.0.21.3:5061;transport=tls;lr>
P-Early-Media: sendonly
Require: 100rel
RSeq: 3
Supported: timer
Content-Type: application/sdp
Content-Length: 307
Allow: REGISTER, REFER, NOTIFY, SUBSCRIBE, PRACK, UPDATE, PUBLISH, INFO, 
INVITE, ACK, OPTIONS, CANCEL, BYE

v=0
o=- 469219287 2037999404 IN IP4 217.0.21.3
s=Basic Session
c=IN IP4 217.0.2.164
t=0 0
m=audio 38772 RTP/SAVP 8 101
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=rtpmap:8 PCMA/8000
a=ptime:20
a=sendrecv
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:lpS7sjUmhtELeK4LC7OJM7fPKU001RkoIpebLVfc

    -- PJSIP/tcom_trunk-00000013 is making progress passing it to 
PJSIP/495XXXXXXX_3-00000012
<--- Transmitting SIP request (564 bytes) to TLS:217.0.21.3:5061 --->
PRACK sip:sgc_c@217.0.21.3:5061;transport=tls SIP/2.0
Via: SIP/2.0/TLS 
192.168.203.25:45061;rport;branch=z9hG4bKPj341c7e9b-e071-437e-b6d5-186ebe64e751;alias
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5808 PRACK
Route: <sip:217.0.21.3:5061;transport=tls;lr>
RAck: 3 5806 INVITE
Max-Forwards: 70
User-Agent: Asterisk PBX 16.5.0
Content-Length:  0


    -- PJSIP/tcom_trunk-00000013 is making progress passing it to 
PJSIP/495XXXXXXX_3-00000012
<--- Received SIP response (568 bytes) from TLS:217.0.21.3:5061 --->
SIP/2.0 200 OK
Via: SIP/2.0/TLS 
192.168.203.25:45061;received=217.231.62.116;rport=47041;branch=z9hG4bKPj341c7e9b-e071-437e-b6d5-186ebe64e751;alias
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5808 PRACK
P-Early-Media: sendonly
Content-Length: 0
Allow: REGISTER, REFER, NOTIFY, SUBSCRIBE, PRACK, UPDATE, PUBLISH, INFO, 
INVITE, ACK, OPTIONS, CANCEL, BYE


<--- Received SIP response (1064 bytes) from TLS:217.0.21.3:5061 --->
SIP/2.0 180 Ringing
Via: SIP/2.0/TLS 
192.168.203.25:45061;received=217.231.62.116;rport=47041;branch=z9hG4bKPj0279a57e-ae56-43c0-ace1-80354e1970fb;alias
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5806 INVITE
Contact: <sip:sgc_c@217.0.21.3:5061;transport=tls>
Record-Route: <sip:217.0.21.3:5061;transport=tls;lr>
P-Early-Media: sendonly
Require: 100rel
RSeq: 4
Supported: timer
Content-Type: application/sdp
Content-Length: 307
Allow: REGISTER, REFER, NOTIFY, SUBSCRIBE, PRACK, UPDATE, PUBLISH, INFO, 
INVITE, ACK, OPTIONS, CANCEL, BYE

v=0
o=- 469219287 2037999404 IN IP4 217.0.21.3
s=Basic Session
c=IN IP4 217.0.2.164
t=0 0
m=audio 38772 RTP/SAVP 8 101
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=rtpmap:8 PCMA/8000
a=ptime:20
a=sendrecv
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:lpS7sjUmhtELeK4LC7OJM7fPKU001RkoIpebLVfc

<--- Transmitting SIP request (564 bytes) to TLS:217.0.21.3:5061 --->
PRACK sip:sgc_c@217.0.21.3:5061;transport=tls SIP/2.0
Via: SIP/2.0/TLS 
192.168.203.25:45061;rport;branch=z9hG4bKPj0f7feb26-420b-4092-b601-3b6309a69b1a;alias
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5809 PRACK
Route: <sip:217.0.21.3:5061;transport=tls;lr>
RAck: 4 5806 INVITE
Max-Forwards: 70
User-Agent: Asterisk PBX 16.5.0
Content-Length:  0


    -- PJSIP/tcom_trunk-00000013 is ringing
    -- PJSIP/tcom_trunk-00000013 is ringing
<--- Received SIP response (568 bytes) from TLS:217.0.21.3:5061 --->
SIP/2.0 200 OK
Via: SIP/2.0/TLS 
192.168.203.25:45061;received=217.231.62.116;rport=47041;branch=z9hG4bKPj0f7feb26-420b-4092-b601-3b6309a69b1a;alias
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5809 PRACK
P-Early-Media: sendonly
Content-Length: 0
Allow: REGISTER, REFER, NOTIFY, SUBSCRIBE, PRACK, UPDATE, PUBLISH, INFO, 
INVITE, ACK, OPTIONS, CANCEL, BYE


<--- Received SIP response (1505 bytes) from TLS:217.0.21.3:5061 --->
SIP/2.0 200 OK
Via: SIP/2.0/TLS 
192.168.203.25:45061;received=217.231.62.116;rport=47041;branch=z9hG4bKPj0279a57e-ae56-43c0-ace1-80354e1970fb;alias
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5806 INVITE
Contact: 
<sip:sgc_c@217.0.21.3:5061;transport=tls>;+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel"
Record-Route: <sip:217.0.21.3:5061;transport=tls;lr>
Session-Expires: 1800;refresher=uas
Supported: timer
Content-Type: application/sdp
Content-Length: 307
Session-ID: df5b736e4f5dc00ac50427c7f308f250
Authentication-Info: 
qop=auth,rspauth="ed2abb6c59fb682af89363337c0b06c7",cnonce="c094d37c-4c5c-4491-9abc-7c38943c6035",nc=00000001
Allow: REGISTER, REFER, NOTIFY, SUBSCRIBE, PRACK, UPDATE, PUBLISH, INFO, 
INVITE, ACK, OPTIONS, CANCEL, BYE
Accept: application/sdp
Accept: application/vnd.etsi.sci+xml
Accept: application/vnd.etsi.pstn+xml
Accept: multipart/mixed
Accept: application/vnd.telekom.service_indication+xml
Accept: application/vnd.etsi.cug+xml

v=0
o=- 469219287 2037999404 IN IP4 217.0.21.3
s=Basic Session
c=IN IP4 217.0.2.164
t=0 0
m=audio 38772 RTP/SAVP 8 101
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=rtpmap:8 PCMA/8000
a=ptime:20
a=sendrecv
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:lpS7sjUmhtELeK4LC7OJM7fPKU001RkoIpebLVfc

<--- Transmitting SIP request (539 bytes) to TLS:217.0.21.3:5061 --->
ACK sip:sgc_c@217.0.21.3:5061;transport=tls SIP/2.0
Via: SIP/2.0/TLS 
192.168.203.25:45061;rport;branch=z9hG4bKPj8512d20f-14b4-4d55-8b18-83ee501e4276;alias
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5806 ACK
Route: <sip:217.0.21.3:5061;transport=tls;lr>
Max-Forwards: 70
User-Agent: Asterisk PBX 16.5.0
Content-Length:  0


    -- PJSIP/tcom_trunk-00000013 answered PJSIP/495XXXXXXX_3-00000012
    -- Executing [s@dialbridge_redirect:1] Goto("PJSIP/495XXXXXXX_3-00000012", 
"dialbridge,s,1") in new stack
    -- Goto (dialbridge,s,1)
    -- Executing [s@dialbridge_redirect:2] Goto("PJSIP/tcom_trunk-00000013", 
"dialbridge,s,1") in new stack
    -- Goto (dialbridge,s,1)
    -- Executing [s@dialbridge:1] Log("PJSIP/tcom_trunk-00000013", 
"VERBOSE,Enforce trunk codec to phone, trunk side")
Enforce trunk codec to phone, trunk side
    -- Executing [s@dialbridge:1] Log("PJSIP/tcom_trunk-00000013", 
"VERBOSE,Negotiated codec: alaw, already set. No change.")
    -- Executing [s@dialbridge:1] Log("PJSIP/495XXXXXXX_3-00000012", 
"VERBOSE,Enforce trunk codec to phone, endpoint side")
Enforce trunk codec to phone, endpoint side
    -- Executing [s@dialbridge:1] Log("PJSIP/495XXXXXXX_3-00000012", 
"VERBOSE,Negotiated codec: alaw, changing from: (g722)")
Negotiated codec: alaw, changing from: (g722)
Negotiated codec: alaw, already set. No change.
    -- Executing [s@dialbridge:1] Wait("PJSIP/tcom_trunk-00000013", "5")
    -- Executing [s@dialbridge:1] Bridge("PJSIP/495XXXXXXX_3-00000012", 
"PJSIP/tcom_trunk-00000013,x")
  == Spawn extension (dialbridge, s, 1) exited non-zero on 
'Surrogate/PJSIP/tcom_trunk-00000013'
    -- Channel PJSIP/tcom_trunk-00000013 joined 'simple_bridge' basic-bridge 
<0ad214b5-42eb-4397-83d5-806e22cd2220>
    -- Channel PJSIP/495XXXXXXX_3-00000012 joined 'simple_bridge' basic-bridge 
<0ad214b5-42eb-4397-83d5-806e22cd2220>
    -- PJSIP/495XXXXXXX_3-00000012 Internal Gosub(updateConnectedLine,s,1) start

Upper scripts perform Connected Line Updates and do codec handling. Both calls 
are in a bridge.

_----> See following request: the mediasec headers are missing:_

<--- Transmitting SIP request (1218 bytes) to TLS:217.0.21.3:5061 --->
INVITE sip:sgc_c@217.0.21.3:5061;transport=tls SIP/2.0
Via: SIP/2.0/TLS 
192.168.203.25:45061;rport;branch=z9hG4bKPj793ffcd3-137d-4f3c-bef7-864bc7dd22e2;alias
From: "05XXXXXXX" 
<sip:05xxxx...@tel.t-online.de>;tag=c156777b-2c68-44cb-8fdd-af9265b464a8
To: 
<sip:0191...@tel.t-online.de>;tag=h7g4Esbg_p65544t1567458941m19476c211164834s1_2036411039-303219550
Contact: <sip:asterisk@192.168.203.25:45061;transport=TLS>
Call-ID: ae53709d-7c92-416f-865e-a922d45b52e4
CSeq: 5810 INVITE
Route: <sip:217.0.21.3:5061;transport=tls;lr>
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, 
UPDATE, PRACK, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub
Session-Expires: 1800;refresher=uas
Min-SE: 900
Max-Forwards: 70
User-Agent: Asterisk PBX 16.5.0
Content-Type: application/sdp
Content-Length:   370

v=0
o=- 1533927627 1533927628 IN IP4 192.168.203.25
s=Asterisk
c=IN IP4 192.168.203.25
t=0 0
m=audio 18592 RTP/SAVP 9 8 101
a=3ge2ae:requested
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:gDiOBggnpgMkoIGjO70QGjqOWVivyC/2PVWnpvuc
a=rtpmap:9 G722/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv


Perhaps you can take a look! If you need testing, I can help!

Kind regards,

André

On 02.09.19 19:03, Michael Maier wrote:
> On 30.05.19 at 10:24 Michael Maier wrote:
>> Hello!
>>
>> I wrote some code, which adds basic media encryption support to be used with 
>> Deutsche Telekom. The attached patch is based on Asterisk 16.3
>> and works for me :-) - not fully tested yet. If you want to use it, you have 
>> to enable media_encryption=sdes for the extension (and
>> transport tls and tls1.2). Use at your own risk!
>>
>>
>> The current patch lacks a basic mediasec option, which prevents adding the 
>> mediasec headers to each *initial* REGISTER or to each INVITE (if
>> sdes is activated). As of today, I don't know how to solve this problem 
>> without too much changes.
>> Anyway: It looks like the additional HEADERs seem not to disrupt other ISPs 
>> (tested with one other ISP). This option should be accessible in
>> rtp, session and register environment. Maybe there is a possibility to 
>> exchange data between register, session and rtp environment. This way, it
>> would be possible to dynamically set mediasec in session and rtp based on 
>> the result of the initial register. It would be necessary at the
>> same time, to dynamically disable sdes encryption if activation of mediasec 
>> didn't succeed.
>>
>> One more open point is the check for the 3 headers using the same name 
>> (Security-Server and Security-Verify). How can they be checked
>> regarding order? Is there a function to get each value of the same header? 
>> Maybe based on an array index? This way it would be possible to
>> create the Security-Verify headers dynamically based on the 494 or 401 
>> response.
>>
>> The UPDATE package (used as a watchdog circuit during a call each 15 
>> minutes) seems not to be affected - I couldn't find any problem at this
>> point.
> 
> 
> Attached is a new version of the mediasec patch. The following items changed:
> 
> - No more differentiation between initial REGISTER and ReREGISTERS (because 
> if server was restarted, the ReREGISTER
>   could have been done w/o mediasec and subsequent calls have been broken 
> because of missing SRTP support by provider).
> - Added memorymanagement for the additional 494 requests.
> 
> The patch contains the complete code necessary for mediasec (tested with 
> Deutsche Telekom) and asterisk 16.4.1 (should work too w/ 16.5.0).
> 
> This patch doesn't contain an additional sdp version fix, which is needed to 
> reach some numbers in Germany via Deutsche Telekom - see
> https://issues.asterisk.org/jira/secure/attachment/58493/sdp-version-v2.patch
> (https://issues.asterisk.org/jira/browse/ASTERISK-28452)
> 
> 
> Regards
> Michael
> 
> 


-- 
Mit freundlichen Grüßen
André Valentin

Systemadministration - Projektkoordination


--
MarcanT AG, Herforder Straße 163a, D - 33609 Bielefeld
Fon: +49 (521) 95945-0 | Fax: +49 (521) 95945-18
URL: http://www.marcant.net <http://www.marcant.net/> | 
http://www.global-m2m.com <http://www.global-m2m.com/>

Internet * Netzwerk * Mobile Daten

Vorstand:
Thorsten Hojas (Vorsitzender)
Marc-Henrik Delker
Dr. Anja-Christina Padberg
Handelsregister: AG Bielefeld, HRB 42260 USt-ID Nr.: DE 190203238



___________________________________________________________
Ausserhalb unserer Geschäftszeiten (Montag bis Freitag von 8:30 Uhr bis
17:30 Uhr, ausgenommen gesetzliche Feiertage in NRW) stehen wir Ihnen
gemäß Ihrer jeweiligen Service-Level-Agreements unter der Ihnen
mitgeteilten Telefonnummer für Störungen und Notfälle zur Verfügung.
Sie können natürlich auch gerne jederzeit unter supp...@marcant.net ein
Ticket eröffnen, welches am nächsten Arbeitstag bearbeitet wird.

 


-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev

Reply via email to