[SR-Users] rtpengine - SRTP <> RTP

kdrewicz+kamailio Thu, 19 Jan 2023 22:31:59 -0800

I try to workout if - currently it would work, or - where and how to debug 
more:


I face - 2 interfacec - public internet (so, TLS + sRTP) is desired 
and private - old infrastructure - i mus only use plain RTP


172.23.9.70 - private ip - from this endpoint of kamailio and rtpengine should 
send only basic RTP 
172.23.210.75:5060 private  - target for kamailio

1.2.3.24 obfuscated public IP (TLS + sRTP required)

kamailio 5.4.4 (x86_64/linux)
rtpengine -v  Version: 11.1.1.4-1~bpo11+1

all i do is:

        if (proto==TLS) {
                rtpengine_manage("RTP/AVP ICE=remove replace-session-connection 
replace-origin pad-crypto ptime=20 codec-transcode-PCMA record-call=on 
allow-transcoding direction=external direction=internal record-call=on");
        } else if ($ru =~ "transport=tls") {
                rtpengine_manage("DTLS=on SRTP AVPF ICE=remove 
replace-session-connection replace-origin pad-crypto ptime=20 
codec-transcode-PCMA record-call=on allow-transcoding direction=internal 
direction=external record-call=on media-address=1.2.3.24");
        }
# 1.2.3.24 obfuscated public IP 

172.23.210.75:5060 is in dispatch.cfg, as '11' 

route[SBC_CORE] {
        append_hf("X-My-SRTP: removed31337\r\n");

### i see this text in invtes from kamailio 172.23.9.70 towards         
172.23.210.75:5060
### i see only RTP, so as expected      
        
             if (!ds_select_dst("11", "0")) {
                xwarn("I:$var(i) DROP(DOWN!) FWD:$rm [$fU->$tU] [SBCVIP] to 
$du\n");
                sl_send_reply("503", "Destination down");
                exit;
        }



what i did:

certificate is a paid one (the public party needs it)

TLS works

i deleted - entries in (not kamailo) cryptosuite that caused this:

13:08:05 localhost rtpengine[15140]: ERR: 
[51ad8758-b64d-4d2f-9fd0-41d03a38f74d]: [core] Failed to parse a=crypto 
attribute, ignoring: unknown crypto suite

Tried to search for any "ready" examples for this - only found old threads and 
- that this should be possible, but - no example for woking config.

what i see:
Jan 19 19:00:57 localhost rtpengine[17301]: DEBUG: [core] timer run time = 
0.000038 sec
Jan 19 19:00:58 localhost rtpengine[17301]: DEBUG: [core] timer run time = 
0.000036 sec
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] Closing call due to timeout
Jan 19 19:00:59 localhost rtpengine[17301]: DEBUG: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] Redis delete_async=0
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] Final packet stats:
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] --- Tag 'JVR5LTs', created 60:00 
ago for branch ''
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] ---     subscribed to ''
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] ---     subscription for ''
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] ------ Media #1 (audio over 
RTP/SAVP) using unknown codec
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] --------- Port   1.2.3.24:30136 
<>   52.129.106.28:17030, SSRC 0, in 0 p, 0 b, 0 e, 3600 ts, out 0 p, 0 b, 0 e
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] --------- Port   1.2.3.24:30137 
<>   52.129.106.28:17031 (RTCP), SSRC 0, in 0 p, 0 b, 0 e, 3600 ts, out 0 p, 0 
b, 0 e
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] --- Tag '', created 60:00 ago 
for branch ''
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] ---     subscribed to 'JVR5LTs'
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] ---     subscription for 
'JVR5LTs'
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] ------ Media #1 (audio over 
RTP/AVP) using unknown codec
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] --------- Port     
172.23.9.70:30014 <>                :0    , SSRC 0, in 0 p, 0 b, 0 e, 3600 ts, 
out 0 p, 0 b, 0 e
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] --------- Port     
172.23.9.70:30015 <>                :0     (RTCP), SSRC 0, in 0 p, 0 b, 0 e, 
3600 ts, out 0 p, 0 b, 0 e
Jan 19 19:00:59 localhost rtpengine[17301]: INFO: 
[c17bab16-5eea-492e-b1c4-ac9387f3e265]: [core] Moved metadata file 
"/var/spool/rtpengine/tmp/rtpengine-meta-c17bab16-5eea-492e-b1c4-ac9387f3e265-7003946f152c6c8d.tmp"
 to "/var/spool/rtpengine/metadata"
Jan 19 19:00:59 localhost rtpengine[17301]: DEBUG: [core] timer run time = 
0.000828 sec
Jan 19 19:01:00 localhost rtpengine[17301]: DEBUG: [core] timer run time = 
0.000053 sec




        route(SBC_CORE);
                

maybe any hint or - someone has working exmaple of kamailio config + rtpengine 
settings ?


i use only userspace daemon rtp forwarding (this is a test, dont need any 
performance here) 


Thanks,
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] rtpengine - SRTP <> RTP

Reply via email to