Hi Richard, Thank you for the reply, it makes sense. We're using a line like this for calls from plain RTP to SRTP, however the SDP arrives at the TLS phone with no mention of encryption. Have you any idea what's wrong?
rtpengine_manage( "force trust-address replace-origin replace-session-connection rtcp-mux-accept rtcp-mux-offer ICE=force RTP/SAVPF" ); I've also attached the rtpengine log in case it helps. Thanks very much. On 27 July 2017 at 23:30, Richard Fuchs <[email protected]> wrote: > On 07/27/2017 12:01 AM, David Cunningham wrote: > >> Hi Daniel, >> >> Thanks very much for that reply. We now detect whether the destination is >> using TLS successfully using $ru and pcre_match(). >> >> Now when we call Asterisk -> Kamailio+rtpengine -> TLS phone, the TLS >> phone rings but the call drops immediately when it answers. The issue is >> that Asterisk doesn't like the 200 OK from the phone, which contains SRTP >> information. The error logged by Asterisk is "Rejecting secure audio stream >> without encryption details". I've included the SDP below. >> >> >> Our questions now are: >> 1) Our goal is to have Kamailio+rtpengine act as a TLS/SRTP <--> Plain >> SIP/RTP bridge. Is it possible to configure Kamailio so that Asterisk never >> sees the encryption information in the 200 OK? >> > > Yes, you just need to instruct rtpengine to translate the SDP to plain RTP > when sending to Asterisk. The appropriate flag to use in this case would be > `RTP/AVP`. Other flags might be relevant (e.g. if Asterisk doesn't want to > see any ICE information, use `ICE=remove`). > > 2) Is there anything wrong with the SDP returned by the TLS phone? For >> example, you mentioned before SDES SRTP and I wonder if the type of SRTP is >> not acceptable for some reason. >> > > This is also something you can control with flags given to rtpengine in > the other direction (plain RTP being translated to SRTP). By default, both > SDES and DTLS are offered. Either can be disabled by `SDES-off` and > `DTLS=off` respectively. Please see the docs at https://goo.gl/ivMQ6C > > > Cheers > > > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > -- David Cunningham, Voisonics Limited http://voisonics.com/ USA: +1 213 221 1092 Australia: +61 (0) 2 8063 9019
Jul 30 19:57:39 hostname /sbin/kamailio[27506]: DEBUG: rtpengine [rtpengine_funcs.c:148]: check_content_type(): type <application/sdp> found valid Jul 30 19:57:39 hostname rtpengine[14113]: INFO: [[email protected]:5070]: Received command 'offer' from xx.xx.xx.78:51771 Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [[email protected]:5070]: Dump for 'offer' from xx.xx.xx.78:51771: { "sdp": "v=0#015#012o=root 579620384 579620384 IN IP4 xx.xx.xx.78#015#012s=Asterisk PBX 11.25.1#015#012c=IN IP4 xx.xx.xx.78#015#012t=0 0#015#012m=audio 12242 RTP/AVP 0 9 8 10 3 111 5 7 110 97 101#015#012a=rtpmap:0 PCMU/8000#015#012a=rtpmap:9 G722/8000#015#012a=rtpmap:8 PCMA/8000#015#012a=rtpmap:10 L16/8000#015#012a=rtpmap:3 GSM/8000#015#012a=rtpmap:111 G726-32/8000#015#012a=rtpmap:5 DVI4/8000#015#012a=rtpmap:7 LPC/8000#015#012a=rtpmap:110 speex/8000#015#012a=rtpmap:97 iLBC/8000#015#012a=rtpmap:101 telephone-event/8000#015#012a=fmtp:101 0-16#015#012a=ptime:2 ... Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [[email protected]:5070]: ... 0#015#012a=sendrecv#015#012", "ICE": "force", "flags": [ "force", "trust-address" ], "replace": [ "origin", "session-connection" ], "transport-protocol": "RTP/SAVPF", "rtcp-mux": [ "accept", "offer" ], "call-id": "[email protected]:5070", "received-from": [ "IP4", "xx.xx.xx.78" ], "from-tag": "as4df4c384", "command": "offer" } Jul 30 19:57:39 hostname rtpengine[14113]: WARNING: [[email protected]:5070]: Unknown flag encountered: 'force' Jul 30 19:57:39 hostname rtpengine[14113]: NOTICE: [[email protected]:5070]: Creating new call Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [[email protected]:5070]: set FILLED flag for stream xx.xx.xx.78:12242 Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [[email protected]:5070]: set FILLED flag for stream xx.xx.xx.78:12243 Jul 30 19:57:39 hostname rtpengine[14113]: INFO: [[email protected]:5070]: offer time = 0.000338 sec Jul 30 19:57:39 hostname rtpengine[14113]: INFO: [[email protected]:5070]: Replying to 'offer' from xx.xx.xx.78:51771 Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [[email protected]:5070]: Response dump for 'offer' to xx.xx.xx.78:51771: { "sdp": "v=0#015#012o=root 579620384 579620384 IN IP4 xx.xx.xx.78#015#012s=Asterisk PBX 11.25.1#015#012c=IN IP4 xx.xx.xx.78#015#012t=0 0#015#012m=audio 48144 RTP/SAVPF 0 9 8 10 3 111 5 7 110 97 101#015#012a=rtpmap:0 PCMU/8000#015#012a=rtpmap:9 G722/8000#015#012a=rtpmap:8 PCMA/8000#015#012a=rtpmap:10 L16/8000#015#012a=rtpmap:3 GSM/8000#015#012a=rtpmap:111 G726-32/8000#015#012a=rtpmap:5 DVI4/8000#015#012a=rtpmap:7 LPC/8000#015#012a=rtpmap:110 speex/8000#015#012a=rtpmap:97 iLBC/8000#015#012a=rtpmap:101 telephone-event/8000#015#012a=fmtp:101 0-16#015#012 ... Jul 30 19:57:39 hostname rtpengine[14113]: DEBUG: [[email protected]:5070]: ... a=ptime:20#015#012a=sendrecv#015#012a=rtcp:48145#015#012a=rtcp-mux#015#012a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8kPQ4PUH3WRN/kALaLWkBh82FX2WW0WVRVMuAb1O#015#012a=setup:actpass#015#012a=fingerprint:sha-1 8E:5F:0B:B1:BA:AC:62:3C:C7:A6:F5:04:23:DA:0F:90:48:A3:C6:EF#015#012a=ice-ufrag:upBKkEvw#015#012a=ice-pwd:DgtxAvMgPSz41tmqDbIU825CqE#015#012a=candidate:io9MsxHW16F9fQY8 1 UDP 2130706431 xx.xx.xx.78 48144 typ host#015#012a=candidate:io9MsxHW16F9fQY8 2 UDP 2130706430 xx.xx.xx.78 48145 typ host#015#012", "result": "ok" } Jul 30 19:57:39 hostname /sbin/kamailio[27506]: DEBUG: rtpengine [rtpengine.c:1448]: rtpp_function_call(): proxy reply: d3:sdp883:v=0#015#012o=root 579620384 579620384 IN IP4 xx.xx.xx.78#015#012s=Asterisk PBX 11.25.1#015#012c=IN IP4 xx.xx.xx.78#015#012t=0 0#015#012m=audio 48144 RTP/SAVPF 0 9 8 10 3 111 5 7 110 97 101#015#012a=rtpmap:0 PCMU/8000#015#012a=rtpmap:9 G722/8000#015#012a=rtpmap:8 PCMA/8000#015#012a=rtpmap:10 L16/8000#015#012a=rtpmap:3 GSM/8000#015#012a=rtpmap:111 G726-32/8000#015#012a=rtpmap:5 DVI4/8000#015#012a=rtpmap:7 LPC/8000#015#012a=rtpmap:110 speex/8000#015#012a=rtpmap:97 iLBC/8000#015#012a=rtpmap:101 telephone-event/8000#015#012a=fmtp:101 0-16#015#012a=ptime:20#015#012a=sendrecv#015#012a=rtcp:48145#015#012a=rtcp-mux#015#012a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8kPQ4PUH3WRN/kALaLWkBh82FX2WW0WVRVMuAb1O#015#012a=setup:actpass#015#012a=fingerprint:sha-1 8E:5F:0B:B1:BA:AC:62:3C:C7:A6:F5:04:23:DA:0F:90:48:A3:C6:EF#015#012a=ice-ufrag:upBKkEvw#015#012a=ice-pwd:DgtxAvMgPSz41tmqDbIU825CqE#015#012a=candidate:io9MsxHW16F9fQY8 1 UDP 2130706431 xx.xx.xx.78 48144 typ host#015#012a=candidate:io9MsxHW16F9fQY8 2 UDP 2130706430 xx.xx.xx.78 48145 typ host#015#0126:result2:oke
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
