[asterisk-users] pjsip trunk config question + DNS related error messages

2018-03-29 Thread Kevin Long 
Greetings,


I am getting the following error (below) continually in my asterisk log, 
related to qualify_frequency I believe. I am trying to use sip trunking with 
the company flowroute.

3 questions if I may:

1) Is using qualify_frequency with a sip trunk a common or recommended 
practice? I figured it would function as a keep-alive and keep the ‘pjsip show 
endpoints’ availability data up-to-date if I wanted to check on the health of 
the trunk. Sound right?

2) Any idea what this error means? Googling showed almost nothing except one 
other post to this list for a bug that was fixed in 14 , I’m on 15.x

3) Any other recommendations for this trunking config?


Thanks very much ! Especially jcolp and gtjoseph for answering my queries in 
the past, sorry if I don’t always respond again as I haven’t actually figured 
out a good way to do that unless I am subscribed to receiving all mails from 
the list.




[Mar 28 23:17:43] ERROR[4812]: res_pjsip.c:3770 endpt_send_request: Error 
320047 'No answer record in the DNS resp
onse (PJLIB_UTIL_EDNSNOANSWERREC)' sending OPTIONS request to endpoint flowroute


[flowroute]
type=auth
auth_type=userpass
password=**
username=**
[flowroute]
type=aor
contact=sip:sip.flowroute.com:5060
qualify_frequency = 15

[flowroute]
type=endpoint
transport=transport-udp
context=from-flowroute
disallow=all
allow=ulaw
outbound_auth=flowroute
aors=flowroute

[flowroute]
type=identify
endpoint=flowroute
match=216.115.69.144
match=70.167.153.130

  1.
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] how to get "SMS" messages (http) into Asterisk "sip messages"

2018-02-19 Thread Kevin Long 

Hello,

We are building a shim to get SMS messages (which come in from twilio via an 
http post to our python web app), forwarded on to the appropriate SIP client 
registered to asterisk.

The application receiving the “SMS” via HTTPS from twilio does not have a SIP 
component.

I am hoping there are different ways to get the message details into Asterisk 
so that it can create a MESSAGE and send it to the local endpoint.

Does anyone know the best way to get this information into Asterisk? Can I do 
it with AMI, AGI, a file queue ?

Would love to hear from anyone who has implemented something like this. 
Outbound is the easy part. How are you handling inbound SMS->SIP ?


Regards,

Kevin Long


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] pjsip trunking configuration issue

2018-02-07 Thread Kevin Long 


Greetings ! 


My goal is to get Twilio trunking working, and with TLS/SRTP. 

I see this concerning message in my log:

[Feb  7 16:50:26] ERROR[20596] res_sorcery_config.c: Could not create an object 
of type 'endpoint' with id ’twilio' from configuration file ‘pjsip.conf’



Thus, ‘pjsip show endpoints’  does not show the endpoint for the Twilio trunk. 


Hoping for a sanity check of my pjsip.conf file, and what could be causing 
this.  

A test call form Twilio’s system hits the PBX (over TLS), but always says “No 
matching endpoint found” in the asterisk log.



pjsip.conf

[transport-tls]
type = transport
protocol = tls
bind = 0.0.0.0:5061
cert_file=cert_file
priv_key_file=key_file
method=tlsv1
external_media_address=X.Y.Z.D
external_signaling_address=X.Y.Z.D
verify_client=no
verify_server=no
allow_reload=yes

[twilio](!)
type=endpoint
transport=transport-tls
context=from-twilio
disallow=all
allow=ulaw
dtmf_mode=inband
media_encryption=sdes
rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes
canreinvite=no
tlsdontverifyserver=yes


[auth-out](!)
type=auth
auth_type=userpass

[twilio]
aors=twilio-aors

[twilio-aors]
type=aor
contact=sips:trunkname.pstn.twilio.com:5061 ;tried with sip: also

[twilio]
type=identify
endpoint=twilio
match=54.172.60.0
match=54.172.60.1
match=54.172.60.2
match=54.172.60.3

[endpoint-basic](!)
type=endpoint
transport=transport-tls
context=from-phones
disallow=all
allow=ulaw

[auth-userpass](!)
type=auth
auth_type=userpass

[aor-single-reg](!)
type=aor
max_contacts=20

[1001](endpoint-basic)
auth=auth1001
aors=1001

[auth1001](auth-userpass)
password=password123
username=1001

[1001](aor-single-reg)


Extensions.conf

[from-twilio]
exten => _+1NX,1,Dial(PJSIP/1001)

[from-phones]
exten => _NXXNXX,1,Set(CALLERID(all)="David" <78451234>)
same => n,Dial(PJSIP/+1${EXTEN}@twilio)
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] RTP / NAT question with IPv6/IPv4 problem

2017-06-06 Thread Kevin Long 


Hello,

All my asterisk systems use only IPv4 currently.  I have one phone which is on 
T-Mobile network,  and this network is only IPv6 now.  

The phone can register fine, because T-Mobile does NAT64 and it connects fine 
to my IPv4 asterisk server. 

But in the SDP for a call setup,  this phone sends only an IPv6 address as a 
contact, so RTP fails.


I have nat=yes already set on this chan_sip extension, I thought this would 
ignore the IPv6 in the SDP and use the *apparent* IPv4 instead, but apparently 
not?

Any help appreciated, thanks all.



-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] packet loss stats - how does asterisk know about packets sent % lost ?

2017-01-28 Thread Kevin Long 


Hello,

I am just wondering if the statistics from the “sip show channelstats” and 
“pjsip show channelstats”  command are reliable indicators of packet loss. How 
does asterisk know how many packets *sent* were lost? Does this require RTCP 
compatible endpoint/phone,  or something else?

Thanks!

Kevin Long
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] 256 bit SRTP ciphers in Asterisk 14.x , only works for outbound call ?

2017-01-11 Thread Kevin Long 


Greetings,


If I understand correctly,  Asterisk 14 introduced support for some new SRTP 
ciphers (including some 256 bit ones), previously only two 128 bit ciphers were 
supported.

Using Asterisk 14, I was able to make a call from a softphone (Groundwire) with 
a 256 bit cipher suite on SRTP, which is great. 


However,  I don’t see any way to specify with PJSIP (or chan sip) ,  the cipher 
suite which should be used when Asterisk calls the endpoint/phone.


So I believe this means Asterisk would always use 128 bit SRTP to call the 
phone.  Then, if you have 256 bit only ciphers allowed on the phone, the call 
fails.


Perhaps this is just not documented, or may not be implemented yet.  Anyone 
have a thought? 

Thank you,.

Kevin Long
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] TLS certificate warnings in softphone, but not until after successful registration and call placed ?

2016-12-30 Thread Kevin Long 


Hello,

I am using asterisk 14.2 and PJSIP,  with TLS transport.

I’m sure I’m doing something wrong here .. 


In 2 distinct softphone clients (Bria and Groundwire),  I am able to register 
successfully,  and place a SIP call, with no certificate warnings. But shortly 
after I place that first call and hang up,  I receive a certificate name 
mismatch error in the softphone,  the error presenting me with the *IP 
adddress* of my Asterisk server,  not the hostname, and of course the TLS 
certificates only have the hostname, not the IP, and I have configured the soft 
phone to use the hostname, not the IP, to connect.


I’m guessing there is some currently unset hostname setting within 
asterisk/pjsip that is defaulting to sending the IP in the sip messages,  and 
then when the soft phone tries to make a new tls sip connection to asterisk,  
perhaps to signal to asterisk that the call is complete,  it then connects to 
the IP instead of the hostname, and the mismatch occurs ?


Any help appreciated,

Thanks,

-Kevin


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Asterisk 13 with LDAP ? (single sign on )

2016-06-10 Thread Kevin Long 


Is it possible to configure Asterisk such that numerical extensions and/or 
usernames,   would be populated from LDAP,  as well as authenticate the 
endpoints where the “SIP secret” is equal to the user’s hashed password in LDAP?


I’d like to use LDAP for single-signon as I do with a number of other 
applications,  and am curious if anyone has a working example or if this is 
even possible?


Thank you,

Kevin Long




-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Need stronger SRTP ciphers (256 bit)

2016-05-30 Thread Kevin Long 


Some more information (would love some thoughts on this, I have never submitted 
a patch yet).

Groundwire (Popular SIP app) supports the following cipher suites for SRTP:


AES_CM_128_HMAC_SHA1_32
AES_CM_128_HMAC_SHA1_80
AES_CM_192_HMAC_SHA1_32
AES_CM_192_HMAC_SHA1_80
AES_CM_256_HMAC_SHA1_32
AES_CM_256_HMAC_SHA1_80
AEAD_AES_128_GCM
AEAD_AES_256_GCM



I see in the asterisk 13.9.1 source tarsal,  in res/res_srtp.c :


Could adding support for the above cipher suites be as simple as adding more 
options to this switch/case statement with the appropriate parameters or is 
there more to it? 

Thank you!



static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
{
switch (suite) {
case AST_AES_CM_128_HMAC_SHA1_80:
p->cipher_type = AES_128_ICM;
p->cipher_key_len = 30;
p->auth_type = HMAC_SHA1;
p->auth_key_len = 20;
p->auth_tag_len = 10;
p->sec_serv = sec_serv_conf_and_auth;
return 0;

case AST_AES_CM_128_HMAC_SHA1_32:
p->cipher_type = AES_128_ICM;
p->cipher_key_len = 30;
p->auth_type = HMAC_SHA1;
p->auth_key_len = 20;
p->auth_tag_len = 4;
p->sec_serv = sec_serv_conf_and_auth;
return 0;

default:
ast_log(LOG_ERROR, "Invalid crypto suite: %u\n", suite);








> On May 30, 2016, at 11:49 AM, Kevin Long <kevin.l...@haloprivacy.com> wrote:
> 
> 
> 
> Hi folks,
> 
> 
> At least several endpoints (soft phone and desk phones) are supporting 
> various 256 bit ciphers for SRTP these days.   I *believe* libsrtp has been 
> updated to allow this,   and that only the code in Asterisk has not been been 
> updated to allow these stronger ciphers.
> 
> Would anyone with the know-how be willing/able to submit a patch ?
> 
> 
> Thank you, 
> 
> Kevin Long
> -- 
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Need stronger SRTP ciphers (256 bit)

2016-05-30 Thread Kevin Long 


Hi folks,


At least several endpoints (soft phone and desk phones) are supporting various 
256 bit ciphers for SRTP these days.   I *believe* libsrtp has been updated to 
allow this,   and that only the code in Asterisk has not been been updated to 
allow these stronger ciphers.

Would anyone with the know-how be willing/able to submit a patch ?


Thank you, 

Kevin Long
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Recommendations for free virtual server tech and Asterisk?

2016-04-06 Thread Kevin Long 
Personally I am about to try asterisk on proxmox using containers since they 
run code "native". I've had timing issues on conference calls (stutter) with 
VMware esxi . Not sure about KVM I hope it's also better than esxi too.

Sent from my iPhone

> On Apr 6, 2016, at 9:13 AM, Markos Vakondios  wrote:
> 
> Proxmox and KVM on Ubuntu 
> 
>> On Wednesday, 6 April 2016, Ryan, Travis  wrote:
>> What is the best virtual server tech (and most stable, etc) to use for a 
>> asterisk virtual hosting environment?
>> 
>>  
>> 
>> I have a client that wants to do virtual hosting of Asterisk (only SIP or 
>> IAX, no PRI, etc) and I’m wondering if Xen or something else would be best? 
>> We’d like to stay away from the costs of VMWare if possible.
>> 
>>  
>> 
>> Thanks!
>> 
>>  
>> 
>> Travis
>> 
> -- 
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users


smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Client TLS certificates for auth ?

2016-03-28 Thread Kevin Long 


I use TLS and SRTP on my Asterisk servers. The server certificates are signed 
by my internal CA, and the Root CA cert is distributed to the phones and soft 
phones so they will trust the server without warning. 

It is not clear to me if Asterisk can be configured to actually reject client 
connections/registrations from peers which do not possess a client certificate 
which has been signed by a particular CA ?

If so, could it be such that the common name in the client certificate would 
need to match the username or Asterisk “extension” ?


I’m wondering if this can be done ,  to have a second factor of authentication 
besides the SIP secret , since in my current setup, despite using a TLS/SSL 
cert for the server, the server only verifies the client by the SIP secret.

Regards,

Kevin Long

smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] conference call stuttering / clocking issue (?) - ESXi virtual environment

2016-03-09 Thread Kevin Long 
Thanks John,


For anyone reading this using FreePBX - simply switching the default conference 
app from MeetMe to ConfBridge seems to be a drastic improvement, have not 
stress tested but running a conf now with no stutter on Confbrdige app.

Cheers,

Kevin Long



> On Mar 9, 2016, at 12:17 PM, Tech Support <aster...@voipbusiness.us> wrote:
> 
> One of the things you can do is google "app_konference". It doesn't require
> a clock source and is a very good application. I've successfully been using
> it for years and have had no problem with 100+ users in a single conference.
> Regards;
> John V.  
> 
> -Original Message-
> From: asterisk-users-boun...@lists.digium.com
> [mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Kevin Long
> Sent: Wednesday, March 09, 2016 2:23 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: [asterisk-users] conference call stuttering / clocking issue (?) -
> ESXi virtual environment
> 
> 
> 
> Title says it all - for the time being I am stuck deploying Asterisk in ESXi
> . We are also looking at Proxmox for our next round of servers.. 
> 
> Everything works fine except conference calls - very stuttery , have tried a
> few different codecs.  I assume this is a granular clocking issue , and
> wondering if anyone has anything I could try to fix or mitigate the problem
> in ESXi environment .
> 
> We have freepbx (asterisk 11 chan_sip) and test environments asterisk 13.7/8
> pjsip .
> 
> Thank you again,
> 
> 
> Kevin Long
> 
> 
> 
> 
> 
> -- 
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users



smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] conference call stuttering / clocking issue (?) - ESXi virtual environment

2016-03-09 Thread Kevin Long 


Title says it all - for the time being I am stuck deploying Asterisk in ESXi . 
We are also looking at Proxmox for our next round of servers.. 

Everything works fine except conference calls - very stuttery , have tried a 
few different codecs.  I assume this is a granular clocking issue , and 
wondering if anyone has anything I could try to fix or mitigate the problem in 
ESXi environment .

We have freepbx (asterisk 11 chan_sip) and test environments asterisk 13.7/8 
pjsip .

Thank you again,


Kevin Long





smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] 2 devices same *actual* extension - can it be done

2016-03-09 Thread Kevin Long 


Hello,

My company has invested heavily in Counterpath’s Stretto provisioning platform 
for Mobile and Desktop VoIP clients .

At this time their system allows 2 devices (for example iPhone + desktop 
computer) using the same software license per user , which many of our users 
require.

Their provisioning system assumes that both devices will use the same SIP 
extension for auth however. 


Normally we would use separate extensions and a follow-me , but if there is any 
way to use the same extension,  I need to figure it out. 

Thank you,

Kevin Long

smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] PJSIP signaling question

2016-03-04 Thread Kevin Long 



I can’t quite figure it out , I went ahead and pulled everything yet again, and 
I made sure to delete everything related to pjproject from my system, all the 
PJ  lib and include files that were in /usr/lib/  ,  I pulled pjproject from 
svn , pulled asterisk code from gerrit, recompiled everything, but still I 
think new TLS transports are being made which fail in my NAT scenarios .  I 
check with: 

tcpdump -i any src host 10.50.55.10  and  'tcp[13] & 2 != 0’ 


I see tcpdump print a new tcp SYN packet when I  try to make a call between 
endpoints and also when Asterisk tries to send OPTIONS command to the endpoint .

From my endpoints, I can call the “echo” applications and the call works fine, 
but I cannot call from one endpoint to another endpoint , even though they are 
both egistered. It does not say “unavailable’ or anything,  I see in the pjsip 
log that an INVITE is  “sent” , but I think the logger is just showing me that 
the INVITE message has been created, but it never reaches the endpoint because 
of the new TLS connection failing because of the NAT. Eventually, the call 
times out with a 408 error in the pjsip log.

I also see some log entries:
[Mar  4 12:29:10] DEBUG[16225] pjsip:   tlsc0x7f311400 TLS connect() error: 
Connection timed out [code=120110]
[Mar  4 12:29:29] DEBUG[16225] pjsip:   tlsc0x7f311400 TLS connect() error: 
Connection timed out [code=120110]




Just to be clear I am getting pjproject like so : 
svn co http://svn.pjsip.org/repos/pjproject/trunk


and asterisk :
git clone -b 13 http://gerrit.asterisk.org/asterisk



then I go to pjproject directory,  create a site_config.h file (to increase TLS 
connectors and set other options recommended on Wiki)

configure pjproject with the following options:

./configure --prefix=/usr --enable-shared --disable-sound --disable-resample 
--disable-video --disable-opencore-amr --with-external-srtp



Then go to asterisk directory

make clean; make distclean; ./boostrap.sh ; ./configure;  make menuselect; 
make; make install;










> On Mar 4, 2016, at 7:33 AM, George Joseph <george.jos...@fairview5.com> wrote:
> 
> 
> 
> On Fri, Mar 4, 2016 at 1:16 AM, Kevin Long <kevin.l...@haloprivacy.com> wrote:
> Hi George the patch was from here , you wrote it I believe . I pulled 
> asterisk 13 from git, apply this patch which fixed RTP issue , but I think 
> tla transport issue came back for me . 
> 
> https://gerrit.asterisk.org/#/c/2346/
> 
> ​Oh, that one, OK.  ​  It should be merged now so if you 'git pull' on 13 
> now, you should get it.  The transport re-use issue was in pjproject so is it 
> possible that you're not compiling against the latest trunk?
> 
> 
> 
> 
>  
> 
> Thank you
> 
> Sent from my iPhone
> 
> On Mar 4, 2016, at 12:01 AM, George Joseph <george.jos...@fairview5.com> 
> wrote:
> 
>> 
>> 
>> On Thu, Mar 3, 2016 at 8:25 PM, Kevin Long <kevin.l...@haloprivacy.com> 
>> wrote:
>> 
>> Thanks George I appreciate the info .  Being able to see what codec is in 
>> use for call in progress is very handy sometimes.
>> 
>> As far as the RTP stats goes,  I see there is some info with “rtp” and 
>> “rtcp” commands which can be useful for troubleshooting. A running tally of 
>> # packets or bandwidth used would be awesome in along with the codec in 
>> "pjsip show channels" or something like that.
>> 
>> 
>> Im not certain, but I think the TLS signalling problem from this email may 
>> be happening to me again after patching for another pjsip/NAT issue which 
>> was with the external_media_address not working and the internal IP being 
>> sent in the SDP from asterisk - I applied this patch to the codebase and 
>> recompiled I am seeing the TLS “new transport”  issue again , I think.
>> 
>> ​I've lost track of who's applying what patches to ​which codebase. :)
>> 
>> Which patch did you apply for "external_media_address not working"?
>> 
>>  
>> 
>> Regards,
>> 
>> Kevin Long
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>http://www.asterisk.org/hello
>> 
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>> 
>> -- 
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>

Re: [asterisk-users] PJSIP signaling question

2016-03-04 Thread Kevin Long 
Hi George the patch was from here , you wrote it I believe . I pulled asterisk 
13 from git, apply this patch which fixed RTP issue , but I think tla transport 
issue came back for me . 

https://gerrit.asterisk.org/#/c/2346/

Thank you

Sent from my iPhone

> On Mar 4, 2016, at 12:01 AM, George Joseph <george.jos...@fairview5.com> 
> wrote:
> 
> 
> 
>> On Thu, Mar 3, 2016 at 8:25 PM, Kevin Long <kevin.l...@haloprivacy.com> 
>> wrote:
>> 
>> Thanks George I appreciate the info .  Being able to see what codec is in 
>> use for call in progress is very handy sometimes.
>> 
>> As far as the RTP stats goes,  I see there is some info with “rtp” and 
>> “rtcp” commands which can be useful for troubleshooting. A running tally of 
>> # packets or bandwidth used would be awesome in along with the codec in 
>> "pjsip show channels" or something like that.
>> 
>> 
>> Im not certain, but I think the TLS signalling problem from this email may 
>> be happening to me again after patching for another pjsip/NAT issue which 
>> was with the external_media_address not working and the internal IP being 
>> sent in the SDP from asterisk - I applied this patch to the codebase and 
>> recompiled I am seeing the TLS “new transport”  issue again , I think.
> 
> ​I've lost track of who's applying what patches to ​which codebase. :)
> 
> Which patch did you apply for "external_media_address not working"?
> 
>  
>> 
>> Regards,
>> 
>> Kevin Long
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>http://www.asterisk.org/hello
>> 
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> -- 
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users


smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] PJSIP signaling question

2016-03-03 Thread Kevin Long 

Thanks George I appreciate the info .  Being able to see what codec is in use 
for call in progress is very handy sometimes. 

As far as the RTP stats goes,  I see there is some info with “rtp” and “rtcp” 
commands which can be useful for troubleshooting. A running tally of # packets 
or bandwidth used would be awesome in along with the codec in "pjsip show 
channels" or something like that.


Im not certain, but I think the TLS signalling problem from this email may be 
happening to me again after patching for another pjsip/NAT issue which was with 
the external_media_address not working and the internal IP being sent in the 
SDP from asterisk - I applied this patch to the codebase and recompiled I am 
seeing the TLS “new transport”  issue again , I think.

Regards,

Kevin Long

smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] RTP / NAT question ( pjsip )

2016-03-03 Thread Kevin Long 


So the patch did resolve the audio RTP issue and I can make echo calls now,   
but it seems like the last issue I posted to the list,  (pjsip driver making 
new outbound TLS transports instead of using existing SIP connection, not NAT 
friendly)   is happening again ..   Could that be?


Thanks again,


Kevin Long

smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] RTP / NAT question ( pjsip )

2016-03-03 Thread Kevin Long 

Hi Joshua,

This Asterisk 13 was pulled from git master branch just 2-3 days ago: 
GIT-13-d1495b . 

I used this very recent source code to overcome a pjsip problem (you can see my 
email list post from a few days ago)


Thanks again




smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] RTP / NAT question ( pjsip )

2016-03-02 Thread Kevin Long 

Hi Joshua,



Looking at the transmitted SIP packets from Asterisk,  it looks like Asterisk 
is only sending it’s own internal IP (it is behind a NAT too, with proper port 
forwarding) .

I did set in my transport the external_signaling_address and 
external_media_address  ,  and I have now put transport= into my endpoint 
configuration hoping they will “inherit” the correct public IP for the media .

But Asterisk is still sending RTP to the wrong IP .  


I am trying to test a “real world” scenario of public IP and NAT traversal,  
but I do have split tunnel VPN in my environment so the endpoint and the 
asterisk server *could* reach each other by the private IP ,but I am actually 
trying to avoid this with a proper configuration since my real users will not 
be on any  VPN, mostly. 







;===TRANSPORT
 




[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
local_net=10.50.55.0/24
external_media_address=66.114.139.174
external_signaling_address=66.114.139.174
cert_file=/etc/asterisk/keys/dev1.crt
priv_key_file=/etc/asterisk/keys/dev1.key
ca_list_file=/etc/asterisk/keys/ca.crt
cipher=AES256-SHA
method=tlsv1
 
;===EXTENSION 6001
 
[6000]
type=endpoint
context=internal
disallow=all
allow=ulaw
transport=transport-tls
auth=auth6000
aors=6000
direct_media=no
rewrite_contact=yes  ; necessary if endpoint does not know/register public 
ip:port
ice_support=no
force_rport=yes
rtp_symmetric=yes
media_encryption=sdes


[auth6000]
type=auth
auth_type=userpass
password=6000
username=6000
 
[6000]
type=aor
qualify_frequency=30
max_contacts=1
remove_existing=yes


;===EXTENSION 6001

[6001]
type=endpoint
context=internal
disallow=all   
allow=ulaw
transport=transport-tls
auth=auth6001
aors=6001
direct_media=no
rewrite_contact=yes  ; necessary if endpoint does not know/register public 
ip:port
ice_support=no
force_rport=yes
rtp_symmetric=yes
media_encryption=sdes



[auth6001]
type=auth
auth_type=userpass
password=6001
username=6001

[6001]
type=aor
qualify_frequency=30
max_contacts=1
remove_existing=yes










smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] RTP / NAT question ( pjsip )

2016-03-02 Thread Kevin Long 

Thank you for the response Joshua . 


I had rtp_symmetric=yes  before I wrote the email,   then I set it to no,  
restart asterisk, and tried to make the call from the remote endpoint again but 
still tcpdump is showing me the RTP packets are being sent from Asterisk to the 
private IP.

tcpdump on asterisk server showing UDP packet bound for my remote endpoints 
internal IP:
17:07:57.130212 IP 10.50.55.10.6214 > 10.128.30.239.51126: UDP, length 182




Current pjsip.conf file 


[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
local_net=10.50.55.0/24
external_media_address=
external_signaling_address=
cert_file=/etc/asterisk/keys/dev1.crt
priv_key_file=/etc/asterisk/keys/dev1.key
ca_list_file=/etc/asterisk/keys/ca.crt
cipher=AES256-SHA
method=tlsv1
 
;===EXTENSION 6001
 
[6000]
type=endpoint
context=internal
disallow=all
allow=ulaw
auth=auth6000
aors=6000
direct_media=no
rewrite_contact=yes  ; necessary if endpoint does not know/register public 
ip:port
ice_support=no
force_rport=yes
rtp_symmetric=no
media_encryption=sdes


[auth6000]
type=auth
auth_type=userpass
password=6000
username=6000
 
[6000]
type=aor
qualify_frequency=30
max_contacts=1
remove_existing=yes


;===EXTENSION 6001

[6001]
type=endpoint
context=internal
disallow=all   
allow=ulaw
auth=auth6001
aors=6001
direct_media=no
rewrite_contact=yes  ; necessary if endpoint does not know/register public 
ip:port
ice_support=no
force_rport=yes
rtp_symmetric=no
media_encryption=sdes



[auth6001]
type=auth
auth_type=userpass
password=6001
username=6001

[6001]
type=aor
qualify_frequency=30
max_contacts=1
remove_existing=yes

smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] RTP / NAT question ( pjsip )

2016-03-02 Thread Kevin Long 


I am having trouble with RTP and NAT :


Below is a SIP SDP invite from a remote endpoint which is trying to call 
extension 420 which is the ECHO application .


As you can see, the public IP is where the request comes in from,  but the SDP 
contains the private, internal IP in numerous places.


I do have rewrite_contact=yes;  on in my pjsip endpoint configuration,  but 
still the “rtp set debug on” command is showing me that when I dial into the 
echo application,  RTP packets are being sent to the private IP and not the 
public IP .



Advice appreciated thank you. 



<--- Received SIP request (1282 bytes) from TLS:72.52.31.109:55256 --->
INVITE sip:4...@dev1.domain.com SIP/2.0
Via: SIP/2.0/TLS 
10.128.30.239:55253;branch=z9hG4bK-524287-1---bf28eb29eb900b43;rport
Max-Forwards: 70
Contact: 
To: 
From: "Kevin";tag=0af40611
Call-ID: MGE5OWFhMDY5OGFhYzM4ZDIxNjA5OGRjY2M5OWE3ZGY
CSeq: 2 INVITE
Allow: INVITE, ACK, CANCEL, BYE, REFER, INFO, NOTIFY, UPDATE, PRACK, MESSAGE, 
OPTIONS, SUBSCRIBE, OPTIONS
Content-Type: application/sdp
Supported: replaces, 100rel
User-Agent: Bria iOS release 3.6.2 stamp 33024
Authorization: Digest 
username="6000",realm="asterisk",nonce="1456965577/29f2977e5352209d33847b1eafc5f937",uri="sip:4...@dev1.haloprivacy.com",response="9c23bba47f43fa343bfc3bd2580a84ad",cnonce="ea996236e91c869bb16b1652c8504ba3",nc=0001,qop=auth,algorithm=md5,opaque="609ab4014ccfac10"
Content-Length: 358

v=0
o=- 1456965576139402 1 IN IP4 10.128.30.239
s=Cpc session
c=IN IP4 10.128.30.239
t=0 0
m=audio 61216 RTP/SAVP 0 101
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 
inline:tkUxPSw8qTZ25fk6VuQPWNVOABk5mwe63/+d7vP7
a=crypto:2 AES_CM_128_HMAC_SHA1_32 
inline:tkUxPSw8qTZ25fk6VuQPWNVOABk5mwe63/+d7vP7
a=sendrecv



smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] PJSIP signaling question

2016-03-01 Thread Kevin Long 


Interesting, thanks George. I pulled Asterisk 13 from git and the new pjproject 
from the SVN and will test accordingly .



I have a few more questions about PJSIP in Asterisk 13:


1.  Is there any way to list current ongoing calls and see what codecs are 
being used in the RTP streams?  With chan_sip,  “sip show channels” did this.  

2. Also with a PJSIP initiated call, is there a way to see how man RTP packets 
have been sent and received for the call , I am debugging some intermittent 
1-way and no-way audio on calls , and I am having trouble figuring out fi it is 
the client, firewall, or Asterisk/pjsip that is the culprit .


Regards,

Kevin Long

smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] PJSIP signaling question

2016-02-29 Thread Kevin Long 


Greetings.


I am using the PJSIP driver with TLS transport, and my endpoints are SIP mobile 
apps operating in environments that I do not control. 

 I would like Asterisk to default to sending INVITES and all other SIP signals 
to endpoints via the existing SIP TLS connection which is already established, 
rather than trying to create a new TLS connection to an endpoint which is 
likely behind a NAT which will not allow a new inbound TCP/TLS connection.


My experience with chan_sip suggest to me that this was the default behavior, 
or more likely a fallback behavior, because I never had this issue before with 
endpoints not receiving INVITES so long as they were registered and had an open 
SIP control connection.


I thought that I could avoid these failed outbound connections by commenting 
out the “transport” option on my endpoint configurations, but tcpdump is 
showing me that asterisk is still trying to create *new* TLS outbound 
connections to my endpoints, which are failing.




Thank you for your time

Kevin


-




My simple pjsip config file:





[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
local_net=10.50.55.0/24
external_media_address=x.x.x.x
external_signaling_address=x.x.x.x
cert_file=/etc/asterisk/keys/dev1.crt
priv_key_file=/etc/asterisk/keys/dev1.key
ca_list_file=/etc/asterisk/keys/ca.crt
cipher=AES256-SHA
method=tlsv1
 
;===EXTENSION 6001
 
[6000]
type=endpoint
context=internal
disallow=all
allow=ulaw
;transport=transport-tls
auth=auth6000
aors=6000
direct_media=no
rewrite_contact=yes  ; necessary if endpoint does not know/register public 
ip:port
ice_support=no
force_rport=yes
rtp_symmetric=yes
media_encryption=sdes


[auth6000]
type=auth
auth_type=userpass
password=6000
username=6000
 
[6000]
type=aor
max_contacts=1
remove_existing=yes


;===EXTENSION 6001

[6001]
type=endpoint
context=internal
disallow=all   
allow=ulaw
;transport=transport-tls
auth=auth6001
aors=6001
direct_media=no
rewrite_contact=yes  ; necessary if endpoint does not know/register public 
ip:port
ice_support=no
force_rport=yes
rtp_symmetric=yes
media_encryption=sdes



[auth6001]
type=auth
auth_type=userpass
password=6001
username=6001

[6001]
type=aor
max_contacts=1
remove_existing=yes

smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] Determining and setting TLS cipher ?

2016-02-14 Thread Kevin Long 


Greetings,


I use TLS transport for all my endpoints on my production system (Asterisk 11) 
.  I need to debug some NAT traversal issues, and would like to use the 
‘sngrep’ tool which shows SIP messages from a packet capture.  Per the 
developer of ‘sngrep’ : "Right now, sngrep only supports 
TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA”


I have not specified a cipher for my sip.conf TLS transport and I do not know 
how to see which one is being used .


The list of ciphers I see available to me, at least based on running “openssl 
ciphers” command on my Asterisk box, are listed below. None of them exactly 
matches the strings above listed as supported ciphers for sngrep.  


Can I configure Asterisk to use one of the ciphers supported by sngrep? Is 
there a better tool than sngrep for viewing TLS SIP captures?  Are the sngrep 
supported ciphers safe?


Thank you,

Kevin Long


output from “openssl ciphers” on my Asterisk box:

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
DHE-DSS-AES256-GCM-SHA384
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-DSS-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-DSS-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-DSS-CAMELLIA256-SHA
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
AES256-GCM-SHA384
AES256-SHA256
AES256-SHA
CAMELLIA256-SHA
PSK-AES256-CBC-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-DSS-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-DSS-AES128-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-ECDSA-DES-CBC3-SHA
DHE-RSA-SEED-SHA
DHE-DSS-SEED-SHA
DHE-RSA-CAMELLIA128-SHA
DHE-DSS-CAMELLIA128-SHA
EDH-RSA-DES-CBC3-SHA
EDH-DSS-DES-CBC3-SHA
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA
ECDH-RSA-DES-CBC3-SHA
ECDH-ECDSA-DES-CBC3-SHA
AES128-GCM-SHA256
AES128-SHA256
AES128-SHA
SEED-SHA
CAMELLIA128-SHA
DES-CBC3-SHA
IDEA-CBC-SHA
PSK-AES128-CBC-SHA
PSK-3DES-EDE-CBC-SHA
KRB5-IDEA-CBC-SHA
KRB5-DES-CBC3-SHA
KRB5-IDEA-CBC-MD5
KRB5-DES-CBC3-MD5
ECDHE-RSA-RC4-SHA
ECDHE-ECDSA-RC4-SHA
ECDH-RSA-RC4-SHA
ECDH-ECDSA-RC4-SHA
RC4-SHA
RC4-MD5
PSK-RC4-SHA
KRB5-RC4-SHA
KRB5-RC4-MD5




-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] NAT traversal for mobile app softphones - best strategy?

2016-02-04 Thread Kevin Long 

Greetings,


My asterisk systems sit behind a Meraki mx80 firewall at a data center.  I use 
static public IPs on the firewall and port forward  5060,5061, and 
10,000-20,000 so the clients can connect. Per Meraki support: "Our MX security 
appliances do not support SIP ALG.  Our NAT is a stateful NAT, so only return 
traffic will be able to traverse the NAT, unless a port forwarding rule is in 
place.” Im not sure if this would have any negative impact or if my traversal 
issues are only client side.  My port forwarding should be good I think.

Especially since testing with asterisk 13.7 and PJSIP (compared with freepbx 
chan_sip asterisk 11)  I am having more problems with 1-way and no-way audio .

Most of my endpoints are iPhones using the “Bria” soft phone app from 
Counterpath. This means that their IP address may change often, and whatever 
kind of NAT they are behind is beyond my control. 

Given this scenario, I’m hoping for advice on the best strategy for 
configuration of my Asterisk server, and soft phones with ICE/TURN/STUN?  To 
help with NAT traversal. The Bria app allows multiple options to be turned on 
for traversal strategy:


For SIP:
RPORT WiFi
RPOR TMobile
Outbound Wifi
Outbound Mobil
STUN WiFi
STUN Mobile

-
STUN/TURN  (server/username/password fields)
-
Media NAT Traversal
STUN WiFi
Stun Mobile
Use ICE Wifi
Use ICE Mobile
Use TURN WiFi
Use TURN Mobile



—


To use ICE on Asterisk, do I need to also set up a separate TURN server, and is 
one in particular recommended? I’ve looked into "turnserver" and 
"resiprocate-turn-server" (reTurn) briefly. I’m unclear as to whether I need to 
run this server on a true public IP or if the server can also run behind a 
firewall with port forward from the WAN public IP.  I’m also unclear as to 
whether I truly need 2 separate public IPs for the turn server to work, which I 
have seen mentioned in some of the documents.


Thank you for your time.

Regards,

Kevin Long





smime.p7s
Description: S/MIME cryptographic signature
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] How exactly does asterisk know what IP to send RTP traffic to?

2015-11-23 Thread Kevin Long 


Hello,

I have a somewhat confusing use case.  We use a mobile voip app and our users 
connect to our PBX via a public IP of our firewall which port forwards to 
asterisk (TLS and SRTP ports). Works fine.

Sometimes however, our users are also connected to our VPN (LT2P/Ipsec) which 
is served by the same firewall that our PBX sits behind at the datacenter.

In this case, most often the calls go through but there is no audio.  

I believe that asterisk “thinks” in this case that the IP of the clients,  to 
send RTP traffic to ,t is the firewall’s IP, rather than the IP that the VPN 
server assigned the client device. 

Does asterisk send RTP traffic to the IP which is in the IP headers of the SIP 
REGISTER , or can a client “specify” it’s truly reachable IP ?

I hope this makes sense. 

Regards,

Kevin Long




-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] repeating TLS error in log file

2015-10-26 Thread Kevin Long 


Greetings,


I use TLS and SRTP on all my extensions.  I use openssl and distribute my root 
certificate to my endpoints.   Most of the time my calls work just fine.  

Sometimes I receive a repeating error in my log files however, and I don’t know 
why this is happening. I’m wondering if this is really from the TLS connection 
for SIP, or an underlying error with SRTP decoding..   I sometimes get this 
message in the log when things seems to be working fine.  Is there a better way 
to debug exactly why I’m getting this error? Sometimes I have dozens of these 
errors in a row.

My openssl certificate chain checks out fine  with openssl verify command ..




[2015-10-26 12:23:42] WARNING[9915] tcptls.c: FILE * open failed!
[2015-10-26 12:23:42] VERBOSE[9916] tcptls.c:   == Problem setting up ssl 
connection: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users