asterisk users - Apr 2014 - Asterisk and SRTP

Hi experts,

   I am trying Asterisk SRTP in my environment, and find that when Asterisk
is behind a NAT, the audi/video UDP ports opened for SRTP relay by Asterisk
are local ports on the Asterisk server, media from the two clients out of
the NAT (for example from Internet) can not reach the ports, and thus the
two client can not establish the secure call via Asterisk. I have set up a
STUN server and configured in rtp.conf, but seems Asterisk does not do STUN
before it opens ports for SRTP. BTW, Non-SRTP call can work though.

  Anyone can give advice on how to make SRTP work in such an env?

Thanks a lot in advance!
William Wu



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20140406/bb3411b5/attachment.html>

On 04/05/2014 07:56 PM, William Wu wrote:
> Hi experts,
>
>     I am trying Asterisk SRTP in my environment, and find that when
> Asterisk is behind a NAT, the audi/video UDP ports opened for SRTP relay
> by Asterisk are local ports on the Asterisk server, media from the two
> clients out of the NAT (for example from Internet) can not reach the
> ports, and thus the two client can not establish the secure call via
> Asterisk. I have set up a STUN server and configured in rtp.conf, but
> seems Asterisk does not do STUN before it opens ports for SRTP. BTW,
> Non-SRTP call can work though.
>
>    Anyone can give advice on how to make SRTP work in such an env?
I have no problems with a TLS/SRTP call between a GSM with CSipSimple 
and Asterisk 11.8.1 behind NAT. Have you configured the NAT options in 
sip.conf?

externip=...
localnet=...
nat=...

You may also need to add/change the options below. Check the sip.conf 
example file to see what these options do and use what's best for your 
situation.

canreinvite=no
directmedia=no
directrtpsetup=no

HTH,
Patrick