Re: [asterisk-users] Rejecting secure audio stream without encryption details - when using ws clients and Kamailio integration
Hi, Thanks Daniel for your reply. Sorry for having been a bit obscure, it is my intention to have all clients able to call each other, regardless of which ua client software they use. I think I've realized what's going on. My goal is to use rtpengine to bridge between rtp profiles when they are different. But according to sip.js instruction, I set up my clients in a way that Asterisk took the place of rtpengine and changed the rtp profiles along the way based on the realtime table values. That got me confused but now I know at least what the problem is so I can fix it. This setup works in a way that I can make calls between websocket and sip clients, but the problem with it is that I need different values in the realtime table, according to which rtp profile the client uses. Doing this I made a wrong turn in my project, I'll need to have universal setup for each peer so the user can use a websocket client or a sip client to register and use an account. I'll still need to figure out which settings to use and which not to use, so the rtp gets handled by rtpengine, not Asterisk. But that's a question for the Asterisk list. The problem about Asterisk setting the rtp profile as UDP/TLS/RTP/SAVPF was fixed using a peer setting in the realtime table, now Asterisk accepts RTP/SAVPF I can have calls flowing as soon as I can get rtpengine to cooperate with me. I wonder, is there UDP/TLS/RTP/SAVPF handling in rtpengine/kamailio? I may have to add some kind of handling to this if I have to revert back to my previous settings. cheers, Olli 2014-08-05 16:49 GMT+03:00 Daniel-Constantin Mierla mico...@gmail.com: On 01/08/14 10:56, Olli Heiskanen wrote: Hi, I got ahead with my setup, this post helped me much: http://forums.digium.com/viewtopic.php?f=1t=90167sid= 66fdf8cc4be5d955ba584e989a23442f At least the avpf setting had to be removed from sip.conf and put in the realtime db table, defined per client. I left the encryption setting in sip.conf. I had some problems calling from SIP client to another, then had to define avpf=no for those clients. Personally I don't like to use different settings to different clients, is there a way around this? With this setup I can make calls between SIP clients but not ws clients. My client (now I use sip.js) fails to parse the sdp - including the apparently correct rtp profile UDP/TLS/RTP/SAVPF - and sends back 488, which makes the call fail. I'd like to hear opinions from you guys which would be the correct place to handle this? My setup has Asterisk Kamailio realtime integration, and I use dispatcher in Kamailio to route calls to Asterisk. Kamailio sounds like the logical place, but I'd rather find a way to not change the rtp profile along the way, at least until the clients can support that one. To understand properly, you don't want to use rtpenging for srtp(webrtc)-rtp(classic sip) gatewaying? If yes, maybe you can partition the users (classic-sip and webrtc-sip), then use two asterisk instances with routing via kamailio. Cheers, Daniel -- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Next Kamailio Advanced Trainings 2014 - http://www.asipto.com Sep 22-25, Berlin, Germany ::: Oct 15-17, San Francisco, USA -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Rejecting secure audio stream without encryption details - when using ws clients and Kamailio integration
On 01/08/14 10:56, Olli Heiskanen wrote: Hi, I got ahead with my setup, this post helped me much: http://forums.digium.com/viewtopic.php?f=1t=90167sid=66fdf8cc4be5d955ba584e989a23442f At least the avpf setting had to be removed from sip.conf and put in the realtime db table, defined per client. I left the encryption setting in sip.conf. I had some problems calling from SIP client to another, then had to define avpf=no for those clients. Personally I don't like to use different settings to different clients, is there a way around this? With this setup I can make calls between SIP clients but not ws clients. My client (now I use sip.js) fails to parse the sdp - including the apparently correct rtp profile UDP/TLS/RTP/SAVPF - and sends back 488, which makes the call fail. I'd like to hear opinions from you guys which would be the correct place to handle this? My setup has Asterisk Kamailio realtime integration, and I use dispatcher in Kamailio to route calls to Asterisk. Kamailio sounds like the logical place, but I'd rather find a way to not change the rtp profile along the way, at least until the clients can support that one. To understand properly, you don't want to use rtpenging for srtp(webrtc)-rtp(classic sip) gatewaying? If yes, maybe you can partition the users (classic-sip and webrtc-sip), then use two asterisk instances with routing via kamailio. Cheers, Daniel -- Daniel-Constantin Mierla http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Next Kamailio Advanced Trainings 2014 - http://www.asipto.com Sep 22-25, Berlin, Germany ::: Oct 15-17, San Francisco, USA -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Rejecting secure audio stream without encryption details - when using ws clients and Kamailio integration
Hi, I got ahead with my setup, this post helped me much: http://forums.digium.com/viewtopic.php?f=1t=90167sid=66fdf8cc4be5d955ba584e989a23442f At least the avpf setting had to be removed from sip.conf and put in the realtime db table, defined per client. I left the encryption setting in sip.conf. I had some problems calling from SIP client to another, then had to define avpf=no for those clients. Personally I don't like to use different settings to different clients, is there a way around this? With this setup I can make calls between SIP clients but not ws clients. My client (now I use sip.js) fails to parse the sdp - including the apparently correct rtp profile UDP/TLS/RTP/SAVPF - and sends back 488, which makes the call fail. I'd like to hear opinions from you guys which would be the correct place to handle this? My setup has Asterisk Kamailio realtime integration, and I use dispatcher in Kamailio to route calls to Asterisk. Kamailio sounds like the logical place, but I'd rather find a way to not change the rtp profile along the way, at least until the clients can support that one. cheers, Olli 2014-07-26 12:58 GMT+03:00 Olli Heiskanen ohjelmistoarkkite...@gmail.com: Greetings, I've noticed a problem that might originate from my Asterisk configuration, could use a hand in sorting it out. Problem is a 488 response from Asterisk whenever it gets RTP/SAVPF profile in the SDP. My current setup has Asterisk Kamailio realtime integration, and Kamailio uses dispatcher to route calls for Asterisk to handle. Now I have only one Asterisk, on the same machine as Kamailio. The version is 11.10.2. With Kamailio I use rtpengine, which affects SDP descriptions when 488 response is received. My goal is to enable two websocket clients using Chrome to call each other, using Kamailio as outbound proxy. Kamailio routes signaling to Asterisk, and then back to clients. Currently the problem is RTP, when INVITE is received from client A to Kamailio, it is relayed to Asterisk. Asterisk responds with 488 Not Acceptable here and the cli says: NOTICE[11642][C-0006]: chan_sip.c:10124 process_sdp: Received SAVPF profle in audio offer but AVPF is not enabled, enabling: audio 30212 RTP/SAVPF 111 103 104 0 8 106 105 13 126 WARNING[11642][C-0006]: chan_sip.c:10509 process_sdp: Rejecting secure audio stream without encryption details: audio 30212 RTP/SAVPF 111 103 104 0 8 106 105 13 126 Strange thing is, I don't know why Asterisk says AVPF is not enabled. The warning about rejecting the audio stream must be behind the 488 response but I didn't find any answers that would solve my case so I must turn to you guys. In my sip.conf I have savpf=yes, but is there something else I need to enable or change in the configs or change my peer configurations? I'm not sure if this is relevant but I checked that Asterisk was successfully compiled with res_srtp module. Here's my sip.conf contents: bindport = 5070 ; using this since Kamailio is at 5060 bindaddr = PU.BL.IC.IP tcpenable = yes ;no limitonpeers = yes rtcachefriends = yes; for realtime rtupdate=yes tos_sip=cs3 tos_audio=ef useragent=MyAsterisk realm = myrealm.com autodomain=no domain=PU.BL.IC.IP domain=testers.com allowexternaldomains=no allowguest=no avpf=yes encryption=yes transport=ws,udp icesupport=yes srvlookup=yes And here's an example of a ws client in my realtime peer table: id: 4 name: 660 ipaddr: PU.BL.IC.IP port: 5060 regseconds: 1406368294 defaultuser: 660 fullcontact: sip:6...@pu.bl.ic.ip:5060 regserver: useragent: lastms: 0 host: dynamic type: friend context: default deny: 0.0.0.0/0.0.0.0 permit: PU.BL.IC.IP secret: NULL md5secret: NULL remotesecret: NULL transport: NULL dtmfmode: NULL directmedia: NULL nat: force_rport,comedia callgroup: NULL pickupgroup: NULL language: NULL disallow: NULL allow: NULL insecure: NULL trustrpid: NULL progressinband: NULL promiscredir: NULL useclientcode: NULL accountcode: NULL setvar: NULL callerid: NULL amaflags: NULL callcounter: NULL busylevel: NULL allowoverlap: NULL allowsubscribe: NULL videosupport: NULL maxcallbitrate: NULL rfc2833compensate: NULL mailbox: NULL session-timers: NULL session-expires: NULL session-minse: NULL session-refresher: NULL t38pt_usertpsource: NULL regexten: NULL fromdomain: testers.com fromuser: 660 qualify: NULL defaultip: NULL rtptimeout: NULL rtpholdtimeout: NULL sendrpid: NULL
[asterisk-users] Rejecting secure audio stream without encryption details - when using ws clients and Kamailio integration
Greetings, I've noticed a problem that might originate from my Asterisk configuration, could use a hand in sorting it out. Problem is a 488 response from Asterisk whenever it gets RTP/SAVPF profile in the SDP. My current setup has Asterisk Kamailio realtime integration, and Kamailio uses dispatcher to route calls for Asterisk to handle. Now I have only one Asterisk, on the same machine as Kamailio. The version is 11.10.2. With Kamailio I use rtpengine, which affects SDP descriptions when 488 response is received. My goal is to enable two websocket clients using Chrome to call each other, using Kamailio as outbound proxy. Kamailio routes signaling to Asterisk, and then back to clients. Currently the problem is RTP, when INVITE is received from client A to Kamailio, it is relayed to Asterisk. Asterisk responds with 488 Not Acceptable here and the cli says: NOTICE[11642][C-0006]: chan_sip.c:10124 process_sdp: Received SAVPF profle in audio offer but AVPF is not enabled, enabling: audio 30212 RTP/SAVPF 111 103 104 0 8 106 105 13 126 WARNING[11642][C-0006]: chan_sip.c:10509 process_sdp: Rejecting secure audio stream without encryption details: audio 30212 RTP/SAVPF 111 103 104 0 8 106 105 13 126 Strange thing is, I don't know why Asterisk says AVPF is not enabled. The warning about rejecting the audio stream must be behind the 488 response but I didn't find any answers that would solve my case so I must turn to you guys. In my sip.conf I have savpf=yes, but is there something else I need to enable or change in the configs or change my peer configurations? I'm not sure if this is relevant but I checked that Asterisk was successfully compiled with res_srtp module. Here's my sip.conf contents: bindport = 5070 ; using this since Kamailio is at 5060 bindaddr = PU.BL.IC.IP tcpenable = yes ;no limitonpeers = yes rtcachefriends = yes; for realtime rtupdate=yes tos_sip=cs3 tos_audio=ef useragent=MyAsterisk realm = myrealm.com autodomain=no domain=PU.BL.IC.IP domain=testers.com allowexternaldomains=no allowguest=no avpf=yes encryption=yes transport=ws,udp icesupport=yes srvlookup=yes And here's an example of a ws client in my realtime peer table: id: 4 name: 660 ipaddr: PU.BL.IC.IP port: 5060 regseconds: 1406368294 defaultuser: 660 fullcontact: sip:6...@pu.bl.ic.ip:5060 regserver: useragent: lastms: 0 host: dynamic type: friend context: default deny: 0.0.0.0/0.0.0.0 permit: PU.BL.IC.IP secret: NULL md5secret: NULL remotesecret: NULL transport: NULL dtmfmode: NULL directmedia: NULL nat: force_rport,comedia callgroup: NULL pickupgroup: NULL language: NULL disallow: NULL allow: NULL insecure: NULL trustrpid: NULL progressinband: NULL promiscredir: NULL useclientcode: NULL accountcode: NULL setvar: NULL callerid: NULL amaflags: NULL callcounter: NULL busylevel: NULL allowoverlap: NULL allowsubscribe: NULL videosupport: NULL maxcallbitrate: NULL rfc2833compensate: NULL mailbox: NULL session-timers: NULL session-expires: NULL session-minse: NULL session-refresher: NULL t38pt_usertpsource: NULL regexten: NULL fromdomain: testers.com fromuser: 660 qualify: NULL defaultip: NULL rtptimeout: NULL rtpholdtimeout: NULL sendrpid: NULL outboundproxy: PU.BL.IC.IP timert1: NULL timerb: NULL qualifyfreq: NULL constantssrc: NULL contactpermit: NULL contactdeny: NULL usereqphone: NULL textsupport: NULL faxdetect: NULL buggymwi: NULL auth: NULL fullname: NULL trunkname: NULL cid_number: NULL callingpres: NULL mohinterpret: NULL mohsuggest: NULL parkinglot: NULL hasvoicemail: NULL subscribemwi: NULL vmexten: NULL autoframing: NULL rtpkeepalive: NULL call-limit: NULL g726nonstandard: NULL ignoresdpversion: NULL allowtransfer: NULL dynamic: NULL path: NULL supportpath: NULL sippasswd: my-md5-pwd rpid: NULL domain: testers.com sippasswd2: NULL I'd greatly appreciate help on this! cheers, Olli -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: