DTLS=passive solved it. Thanks guys.
On Tue, 10 Apr 2018, 11:37 pm Aqs Younas, <aqsyou...@gmail.com> wrote: > Sometimes, I see below logs in RTP engine. > > > Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: Received command 'answer' from > 127.0.0.1:44933 > Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: answer time = 0.000163 sec > Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: Replying to 'answer' from > 127.0.0.1:44933 > [1523383161.279950] ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port > 8268]: SRTP output wanted, but no crypto suite was negotiated > Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: ERR: > [24b95195-3da3-4e12-8400-5fcf908183e5 port 8268]: SRTP output wanted, but > no crypto suite was negotiated > Apr 10 17:59:25 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5 port 8268]: Confirmed peer address > as 72.214.35.171:64834 > [1523383171.481023] ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port > 8269]: SRTCP output wanted, but no crypto suite was negotiated > Apr 10 17:59:31 centos-1024mb-nyc-02 rtpengine[65101]: ERR: > [24b95195-3da3-4e12-8400-5fcf908183e5 port 8269]: SRTCP output wanted, but > no crypto suite was negotiated > Apr 10 17:59:31 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5 port 8269]: Confirmed peer address > as 72.214.35.171:50108 > [1523383176.025296] ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port > 8268]: SRTP output wanted, but no crypto suite was negotiated > Apr 10 17:59:36 centos-1024mb-nyc-02 rtpengine[65101]: ERR: > [24b95195-3da3-4e12-8400-5fcf908183e5 port 8268]: SRTP output wanted, but > no crypto suite was negotiated > [1523383186.000280] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS > error: 1 (read timeout expired) > [1523383186.000335] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS > error on local port 8248 > [1523383186.000419] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS > error: 1 (read timeout expired) > [1523383186.000429] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS > error on local port 8249 > *Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR: > [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error: 1 (read timeout > expired)* > *Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR: > [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error on local port 8248* > *Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR: > [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error: 1 (read timeout > expired)* > *Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR: > [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error on local port 8249* > *Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: Closing call due to timeout* > Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: Final packet stats: > Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: --- Tag > 'f6d2237d-f960-4542-b138-f39a7fb52770', created 1:32 ago for branch '', in > dialogue with '6bdf30d1-2da6-4b6d-b917-aaa720c9c1fa' > Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: ------ Media #1 (audio over > UDP/TLS/RTP/SAVP) using unknown codec > *Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port 209.182.216.71:8288 > <http://209.182.216.71:8288> <> 100.84.103.245:4002 > <http://100.84.103.245:4002> , SSRC 0, 0 p, 0 b, 0 e, 92 ts* > *Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port 209.182.216.71:8289 > <http://209.182.216.71:8289> <> 100.84.103.245:4003 > <http://100.84.103.245:4003> (RTCP), SSRC 0, 0 p, 0 b, 0 e, 92 ts* > Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: --- Tag > '6bdf30d1-2da6-4b6d-b917-aaa720c9c1fa', created 1:32 ago for branch '', in > dialogue with 'f6d2237d-f960-4542-b138-f39a7fb52770' > Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: ------ Media #1 (audio over > UDP/TLS/RTP/SAVP) using G722/8000 > Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port > 209.182.216.71:8268 <> 72.214.35.171:64834, SSRC 653128b4, 935 p, > 160820 b, 0 e, 60 ts > Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: > [24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port > 209.182.216.71:8269 <> 72.214.35.171:50108 (RTCP), SSRC 653128b4, 3 p, > 278 b, 0 e, 60 ts > > > Any suggestion what might be happening? > > Br, Aqs. > > On 10 April 2018 at 22:59, Aqs Younas <aqsyou...@gmail.com> wrote: > >> I could see SRTP packets coming from one device but they never leave >> rtpeninge. >> >> I put a link to Pastebin containing a call trace with the hope that >> someone might help me out. >> >> I could provide more info if required. >> >> https://pastebin.com/tYVpFQAh >> >> Br, Aqs. >> >> >> On 10 April 2018 at 01:39, Aqs Younas <aqsyou...@gmail.com> wrote: >> >>> Greetings list, >>> >>> I am trying to make two endpoints talking on DTLS-SRTP. But I hear on >>> audio. >>> >>> Things work perfectly fine if I use RTP or SRTP with TLS. >>> >>> Endpoints are pjsip based application not webrtc based clients. >>> >>> >>> Below are logs from rtpengine. I hope someone could point out amiss. >>> >>> Apr 9 20:02:43 centos-1024mb-nyc-02 rtpengine[58438]: INFO: >>> [66d2da58-21fe-48bd-9999-a1f3a22afa6d]: --------- Port >>> 209.182.216.71:8176 <> 72.214.35.171:63577, SSRC 1234c6eb, 641 p, >>> 110252 b, 0 e, 60 ts >>> Apr 9 20:02:43 centos-1024mb-nyc-02 rtpengine[58438]: INFO: >>> [66d2da58-21fe-48bd-9999-a1f3a22afa6d]: --------- Port >>> 209.182.216.71:8177 <> 72.214.35.171:63056 (RTCP), SSRC 1234c6eb, 4 >>> p, 372 b, 0 e, 60 ts >>> Apr 9 20:12:24 centos-1024mb-nyc-02 rtpengine[58438]: INFO: Version >>> git-master-3ef300b shutting down >>> Apr 9 20:12:37 centos-1024mb-nyc-02 rtpengine[58958]: INFO: Generating >>> new DTLS certificate >>> Apr 9 20:12:37 centos-1024mb-nyc-02 rtpengine[58959]: INFO: Startup >>> complete, version git-master-3ef300b >>> Apr 9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: INFO: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Received command 'offer' from >>> 127.0.0.1:57645 >>> Apr 9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: NOTICE: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Creating new call >>> Apr 9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: INFO: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: offer time = 0.002612 sec >>> Apr 9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: INFO: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Replying to 'offer' from >>> 127.0.0.1:57645 >>> Apr 9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Received command 'answer' from >>> 127.0.0.1:42309 >>> Apr 9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: answer time = 0.000220 sec >>> Apr 9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Replying to 'answer' from >>> 127.0.0.1:42309 >>> Apr 9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port 8000]: DTLS: Peer certificate >>> accepted >>> Apr 9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port 8000]: DTLS-SRTP successfully >>> negotiated >>> Apr 9 20:13:57 centos-1024mb-nyc-02 rtpengine[58959]: ERR: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port 8000]: SRTP output wanted, but >>> no crypto suite was negotiated >>> Apr 9 20:14:00 centos-1024mb-nyc-02 rtpengine[58959]: INFO: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port 8000]: Confirmed peer address >>> as 72.214.35.171:58634 >>> Apr 9 20:14:07 centos-1024mb-nyc-02 rtpengine[58959]: ERR: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port 8001]: SRTCP output wanted, but >>> no crypto suite was negotiated >>> Apr 9 20:14:07 centos-1024mb-nyc-02 rtpengine[58959]: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08] version=2, padding=0, count=1, >>> payloadtype=200, length=12, ssrc=2045607967, ntp_sec=1379282714, >>> ntp_fractions=439054259, rtp_ts=1838072137, sender_packets=3366262813, >>> sender_bytes=2383498210, ssrc=815258372, fraction_lost=96, >>> packet_loss=13713522, last_seq=3314313929, jitter=2878956247, >>> last_sr=2456273253, delay_since_last_sr=3351655681 >>> Apr 9 20:14:07 centos-1024mb-nyc-02 rtpengine[58959]: INFO: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port 8001]: Confirmed peer address >>> as 72.214.35.171:57732 >>> Apr 9 20:14:12 centos-1024mb-nyc-02 rtpengine[58959]: ERR: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port 8000]: SRTP output wanted, but >>> no crypto suite was negotiated >>> Apr 9 20:14:17 centos-1024mb-nyc-02 rtpengine[58959]: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08] version=2, padding=0, count=1, >>> payloadtype=200, length=12, ssrc=2045607967, ntp_sec=2811881700, >>> ntp_fractions=4080266212, rtp_ts=371429680, sender_packets=958830616, >>> sender_bytes=2579186043, ssrc=1909756377, fraction_lost=174, >>> packet_loss=11416637, last_seq=3106722675, jitter=758758394, >>> last_sr=2663618457, delay_since_last_sr=1399181077 >>> Apr 9 20:14:27 centos-1024mb-nyc-02 rtpengine[58959]: ERR: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port 8000]: SRTP output wanted, but >>> no crypto suite was negotiated >>> Apr 9 20:14:27 centos-1024mb-nyc-02 rtpengine[58959]: ERR: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port 8001]: SRTCP output wanted, but >>> no crypto suite was negotiated >>> Apr 9 20:14:27 centos-1024mb-nyc-02 rtpengine[58959]: >>> [a5ca8335-84d2-4daf-a0e2-6465e72b6d08] version=2, padding=0, cou >>> >>> >>> It is how I have programmed it in my Kamailio configuration. >>> >>> ON INVITE >>> >>> rtpengine_offer("replace-origin replace-session-connection ICE=remove >>> UDP/TLS/RTP/SAVP"); >>> >>> ON 200-ok >>> >>> rtpengine_answer("replace-origin replace-session-connection ICE=remove >>> UDP/TLS/RTP/SAVP"); >>> >>> >>> Best Regards, >>> >>> Aqs Younas >>> >> >> >
_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users