Hey there i'm trying to get an Asterisk 11.11 with encryption working with my Grandstream phones. But i stuck.
To avoid NAT problems i'm using IPv6 Just with TCP/TLS it's working fine. Only the SRTP funktion is not working. Asterisk tells me WARNING[6938]: chan_sip.c:3906 __sip_xmit: sip_xmit of 0x7fa10800f5a0 (len 681) to [2a02:1205::...]:37635 returned -2: Success and also SSL certificate ok == Problem setting up ssl connection: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure WARNING[7421]: tcptls.c:668 handle_tcptls_connection: FILE * open failed! Encryption is configured via ;-------------------------Encryption----- encryption=yes tlsenable=yes tlsbindaddr=:: tlscertfile=/var/lib/asterisk/keys/asterisk.pem tlscafile=/var/lib/asterisk/keys/ca.crt tlscipher=ALL srtpcapable=yes ;tlsclientmethod=tlsv1 tlsdontverifyserver=yes and the phone is sourced by context=default ; Default context for incoming calls allowoverlap=no udpbindaddr=:: tcpenable=yes tcpbindaddr=:: srvlookup=yes and [IPV6](!,my-codecs) dtmfmode=rfc2833 context=sip-out type=friend host=dynamic transport=tls encryption=yes nat=no qualify=yes the phone it's self contains [200](IPV6) context=abc callerid=123 defaultuser=123 fromuser=123 secret=secret mailbox=123@default The rtp ports are defined via rtpstart=15000 rtpend=20000 and the Firewall is open at TCP 5061 and udp 15000:20000 what did i miss in my configuration? Best Regards Jakob
signature.asc
Description: OpenPGP digital signature
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users