Re: [asterisk-users] Grandstream GXP2160 + SRTP

[Jonas Kellens]

On 07-10-14 12:32, Jonas Kellens wrote:
Hello,
I am trying to setup a Grandstream GXP2160 IP-phone with secure 
calling (SRTP).

Secure signaling SSIP for registration is working great !

I follow this guide : 
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial

But when I try to make a call with SRTP, I get stuck. There is an 
initial INVITE which is anwered with a 401. There should follow a new 
INVITE with a nonce, but this does not happen. Any idea why ? Is it 
the Grandstream IP-phone ??



<--- SIP read from TLS:my.pub.lic.ip:53416 --->
INVITE sip:0123123...@ast.ser.ver.ip:5061 SIP/2.0
Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;rport;alias
From: <sip:testacc77...@ast.ser.ver.ip:5061>;tag=263162018
To: <sip:0123123...@ast.ser.ver.ip:5061>
Call-ID: 1695864968-506...@bjc.bgi.b.bae
CSeq: 50 INVITE
Contact: <sips:testacc77005@192.168.1.104:5068;transport=tls>
X-Grandstream-PBX: true
Max-Forwards: 70
User-Agent: Grandstream GXP2160 1.0.2.9
Privacy: none
P-Preferred-Identity: <sip:testacc77...@ast.ser.ver.ip:5061>
Supported: replaces, path, timer
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, 
REFER, UPDATE, MESSAGE
Content-Type: application/sdp
Accept: application/sdp, application/dtmf-relay
Content-Length: 522

v=0
o=testacc77005 8004 8000 IN IP4 192.168.1.104
s=SIP Call
c=IN IP4 192.168.1.104
t=0 0
m=audio 5020 RTP/SAVP 0 8 18 9 2 101
a=sendrecv
a=rtpmap:0 PCMU/8000
a=ptime:20
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:9 G722/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:8m7ZfG+0t3KBFGK40IfDO11SZ6D54glKKIwdgo00|2^32
a=crypto:2 AES_CM_128_HMAC_SHA1_32 
inline:nn+id/sSK7OErMfnZZduKNPLejpscxx1vUQB2seO|2^32


<--- Reliably Transmitting (NAT) to my.pub.lic.ip:53416 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 
192.168.1.104:5068;branch=z9hG4bK60724585;alias;received=my.pub.lic.ip;rport=53416
From: <sip:testacc77...@ast.ser.ver.ip:5061>;tag=263162018
To: <sip:0123123...@ast.ser.ver.ip:5061>;tag=as1e527556
Call-ID: 1695864968-506...@bjc.bgi.b.bae
CSeq: 50 INVITE
Server: mydomain
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, 
INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="mydomain.be", 
nonce="13b47342"
Content-Length: 0


<--- SIP read from TLS:my.pub.lic.ip:53416 --->
ACK sip:0123123...@ast.ser.ver.ip:5061 SIP/2.0
Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;rport;alias
From: <sip:testacc77...@ast.ser.ver.ip:5061>;tag=263162018
To: <sip:0123123...@ast.ser.ver.ip:5061>;tag=as1e527556
Call-ID: 1695864968-506...@bjc.bgi.b.bae
CSeq: 50 ACK
Content-Length: 0


Hello,

I seem to have the same problem with Snom 370 IP-phone. Registration 
works fine ! But I can not make calls with encrypted rtp.


<--- SIP read from TLS:my.pub.lic.ip:1068 --->
INVITE sip:0123123...@ast.ser.ver.ip;user=phone SIP/2.0
Via: SIP/2.0/TLS 192.168.1.107:1068;branch=z9hG4bK-gxm8w1q7l2co;rport
From: <sip:testacc77...@ast.ser.ver.ip>;tag=zdwiwg10qx
To: <sip:0123123...@ast.ser.ver.ip;user=phone>
Call-ID: 3c2679977b67-9j0euqvseh5v
CSeq: 1 INVITE
Max-Forwards: 70
Contact: <sip:testacc77003@192.168.1.107:1068;transport=tls>;reg-id=1
X-Serialnumber: 0004132E2809
P-Key-Flags: resolution="31x13", keys="4"
User-Agent: snom370/8.4.35
Accept: application/sdp
Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, 
PRACK, MESSAGE, INFO, UPDATE
Allow-Events: talk, hold, refer, call-info
Supported: timer, 100rel, replaces, from-change
Call-Info: <sip:ast.ser.ver.ip>;appearance-index=1
Session-Expires: 3600;refresher=uas
Min-SE: 90
Content-Type: application/sdp
Content-Length: 632

v=0
o=root 1052895538 1052895538 IN IP4 192.168.1.107
s=call
c=IN IP4 192.168.1.107
t=0 0
m=audio 65418 RTP/SAVP 8 3 18 99 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:KiXn5H+mKwavoDNa1PfnBqPoODTnxK6hOlWSNJM7
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:99 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv
m=audio 65418 RTP/AVP 8 3 18 99 101
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:99 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv
<------------->



<--- Reliably Transmitting (NAT) to my.pub.lic.ip:1068 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 
192.168.1.107:1068;branch=z9hG4bK-gxm8w1q7l2co;received=my.pub.lic.ip;rport=1068
From: <sip:testacc77...@ast.ser.ver.ip>;tag=zdwiwg10qx
To: <sip:0123123...@ast.ser.ver.ip;user=phone>;tag=as1cd819c5
Call-ID: 3c2679977b67-9j0euqvseh5v
CSeq: 1 INVITE
Server: mydomain
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, 
INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="mydomain.be", 
nonce="323823f6"
Content-Length: 0


<------------>

<--- SIP read from TLS:my.pub.lic.ip:1068 --->
ACK sip:0123123...@ast.ser.ver.ip;user=phone SIP/2.0
Via: SIP/2.0/TLS 192.168.1.107:1068;branch=z9hG4bK-gxm8w1q7l2co;rport
From: <sip:testacc77...@ast.ser.ver.ip>;tag=zdwiwg10qx
To: <sip:0123123...@ast.ser.ver.ip;user=phone>;tag=as1cd819c5
Call-ID: 3c2679977b67-9j0euqvseh5v
CSeq: 1 ACK
Max-Forwards: 70
Contact: <sip:testacc77003@192.168.1.107:1068;transport=tls>;reg-id=1
Content-Length: 0

<------------->



Any feedback is welcome.


Jonas



-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users