Nick Ustinov
2010-Dec-24 10:12 UTC
[asterisk-users] SRTP unprotect: authentication failure
Hello! Ater several successful SRTP-enabled calls with SRTP set to Mandatory, asterisk starts to give the following warnings in Log: WARNING[13714] res_srtp.c: SRTP unprotect: authentication failure (continiously) and client hears no sound. After i restart the client program it works fine again for a while. Then the same warning again. Asterisk 1.8.1.1, RealTime engine, sip peer has encrytion->yes The client program is CSipSimple on Android Here are some log file traces: Peer 0010101 is calling some number that is routed to context a2billing [2010-12-23 11:06:22] DEBUG[5941] sip/sdp_crypto.c: local_key64 3gWGFJAffj4Pn393BUPwe3/wOMx5/ndZyPtfno7L len 40 [2010-12-23 11:06:22] DEBUG[5941] sip/sdp_crypto.c: SRTP policy activated [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Processing media-level (audio) SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:0VyG/fnup0U9qDoTGlWvVuE5yAef5MfYU6F67oI+... OK. [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: We've already processed a crypto attribute, skipping 'crypto:2 AES_CM_128_HMAC_SHA1_32 inline:5X/Zqep5tNdDGFhOY1//VFQ7diCCH1Y1FUKgYXLp' ... [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** Our native formats are 0x100 (g729) [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** Joint capabilities are 0x100 (g729) [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** Our capabilities are 0x10e (gsm|ulaw|alaw|g729) [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** AST_CODEC_CHOOSE formats are 0x100 (g729) ... 010-12-23 11:06:22] DEBUG[5941] chan_sip.c: build_route: Contact hop: <sip:0010101 at 78.84.207.114:5060;transport=UDP;ob> [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Incoming INVITE with 'timer' option supported and "Session-Expires" header. [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Session-Expires: 1800 [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Received Min-SE: 90 ... [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- peer built. Name: 0010101. Peer objects: 660 [2010-12-23 11:06:22] DEBUG[5931] netsock2.c: Splitting '78.84.207.114' gives... [2010-12-23 11:06:22] DEBUG[5931] netsock2.c: ...host '78.84.207.114' and port '(null)'. [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port. [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port. [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- loading peer from database to memory. Name: 0010101. Peer objects: 660 [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Destroying SIP peer 0010101 [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- peer Destroyed. Name: 0010101. Realtime Peer objects: 659 [2010-12-23 11:06:22] DEBUG[5931] devicestate.c: Changing state for SIP/0010101 - state 1 (Not in use) is this normal here? peer destroyed? [2010-12-23 11:06:22] DEBUG[5931] devicestate.c: device 'SIP/0010101' state '1' [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: = Looking for Call ID: 2WZXYS-qTPPfXylUor4tckg25TetmIVP (Checking From) --From tag 50FYKcXAUIrUwsIpR5xm9pjrSrMaDglb --To-tag as46be1cdb [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: **** Received ACK (6) - Command in SIP ACK [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Stopping retransmission on '2WZXYS-qTPPfXylUor4tckg25TetmIVP' of Response 20465: Match Found [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure
Nick Ustinov
2010-Dec-24 15:03 UTC
[asterisk-users] SRTP unprotect: authentication failure
Hello! Ater several successful SRTP-enabled calls with SRTP set to Mandatory, asterisk starts to give the following warnings in Log: WARNING[13714] res_srtp.c: SRTP unprotect: authentication failure (continiously) and client hears no sound. After i restart the client program it works fine again for a while. Then the same warning again. Asterisk 1.8.1.1, RealTime engine, sip peer has encrytion->yes The client program is CSipSimple on Android Here are some log file traces: Peer 0010101 is calling some number that is routed to context a2billing [2010-12-23 11:06:22] DEBUG[5941] sip/sdp_crypto.c: local_key64 3gWGFJAffj4Pn393BUPwe3/wOMx5/ndZyPtfno7L len 40 [2010-12-23 11:06:22] DEBUG[5941] sip/sdp_crypto.c: SRTP policy activated [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Processing media-level (audio) SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:0VyG/fnup0U9qDoTGlWvVuE5yAef5MfYU6F67oI+... OK. [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: We've already processed a crypto attribute, skipping 'crypto:2 AES_CM_128_HMAC_SHA1_32 inline:5X/Zqep5tNdDGFhOY1//VFQ7diCCH1Y1FUKgYXLp' ... [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** Our native formats are 0x100 (g729) [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** Joint capabilities are 0x100 (g729) [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** Our capabilities are 0x10e (gsm|ulaw|alaw|g729) [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: *** AST_CODEC_CHOOSE formats are 0x100 (g729) ... 010-12-23 11:06:22] DEBUG[5941] chan_sip.c: build_route: Contact hop: <sip:0010101 at 78.84.207.114:5060;transport=UDP;ob> [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Incoming INVITE with 'timer' option supported and "Session-Expires" header. [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Session-Expires: 1800 [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Received Min-SE: 90 ... [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- peer built. Name: 0010101. Peer objects: 660 [2010-12-23 11:06:22] DEBUG[5931] netsock2.c: Splitting '78.84.207.114' gives... [2010-12-23 11:06:22] DEBUG[5931] netsock2.c: ...host '78.84.207.114' and port '(null)'. [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port. [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port. [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- loading peer from database to memory. Name: 0010101. Peer objects: 660 [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Destroying SIP peer 0010101 [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- peer Destroyed. Name: 0010101. Realtime Peer objects: 659 [2010-12-23 11:06:22] DEBUG[5931] devicestate.c: Changing state for SIP/0010101 - state 1 (Not in use) is this normal here? peer destroyed? [2010-12-23 11:06:22] DEBUG[5931] devicestate.c: device 'SIP/0010101' state '1' [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: = Looking for ?Call ID: 2WZXYS-qTPPfXylUor4tckg25TetmIVP (Checking From) --From tag 50FYKcXAUIrUwsIpR5xm9pjrSrMaDglb --To-tag as46be1cdb [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: **** Received ACK (6) - Command in SIP ACK [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Stopping retransmission on '2WZXYS-qTPPfXylUor4tckg25TetmIVP' of Response 20465: Match Found [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure
Nick Ustinov
2010-Dec-25 15:19 UTC
[asterisk-users] SRTP unprotect: authentication failure
Hello! Ater several successful SRTP-enabled calls with SRTP set to Mandatory, asterisk starts to give the following warnings in Log: WARNING[13714] res_srtp.c: SRTP unprotect: authentication failure (continiously) and client hears no sound. After i restart the client program it works fine again for a while. Then the same warning again. Asterisk 1.8.1.1, RealTime engine, sip peer has encrytion->yes The client program is CSipSimple on Android Here are some log file traces: Peer 0010101 is calling some number that is routed to context a2billing ... [2010-12-23 11:06:22] DEBUG[5941] sip/sdp_crypto.c: local_key64 3gWGFJAffj4Pn393BUPwe3/wOMx5/ndZyPtfno7L len 40 [2010-12-23 11:06:22] DEBUG[5941] sip/sdp_crypto.c: SRTP policy activated [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Processing media-level (audio) SDP a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:0VyG/fnup0U9qDoTGlWvVuE5yAef5MfYU6F67oI+... OK. [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: We've already processed a crypto attribute, skipping 'crypto:2 AES_CM_128_HMAC_SHA1_32 inline:5X/Zqep5tNdDGFhOY1//VFQ7diCCH1Y1FUKgYXLp' ... 010-12-23 11:06:22] DEBUG[5941] chan_sip.c: build_route: Contact hop: <sip:0010101 at 78.84.207.114:5060;transport=UDP;ob> [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Incoming INVITE with 'timer' option supported and "Session-Expires" header. [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Session-Expires: 1800 [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Received Min-SE: 90 ... [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- peer built. Name: 0010101. Peer objects: 660 [2010-12-23 11:06:22] DEBUG[5931] netsock2.c: Splitting '78.84.207.114' gives... [2010-12-23 11:06:22] DEBUG[5931] netsock2.c: ...host '78.84.207.114' and port '(null)'. [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port. [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port. [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- loading peer from database to memory. Name: 0010101. Peer objects: 660 [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: Destroying SIP peer 0010101 [2010-12-23 11:06:22] DEBUG[5931] chan_sip.c: -REALTIME- peer Destroyed. Name: 0010101. Realtime Peer objects: 659 [2010-12-23 11:06:22] DEBUG[5931] devicestate.c: Changing state for SIP/0010101 - state 1 (Not in use) is this normal here? peer destroyed? [2010-12-23 11:06:22] DEBUG[5931] devicestate.c: device 'SIP/0010101' state '1' [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: = Looking for Call ID: 2WZXYS-qTPPfXylUor4tckg25TetmIVP (Checking From) --From tag 50FYKcXAUIrUwsIpR5xm9pjrSrMaDglb --To-tag as46be1cdb [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: **** Received ACK (6) - Command in SIP ACK [2010-12-23 11:06:22] DEBUG[5941] chan_sip.c: Stopping retransmission on '2WZXYS-qTPPfXylUor4tckg25TetmIVP' of Response 20465: Match Found [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure [2010-12-23 11:06:22] WARNING[8264] res_srtp.c: SRTP unprotect: authentication failure Thanks in advance, Nick
Need some advise or paid help on running asterisk on two WAN connection. I need load balancing and failover support. WAN: 1 DSL + 1 Cable ISP. Dave
Alejandro Imass
2010-Dec-25 18:58 UTC
[asterisk-users] load balance with 2 wan connections
On Sat, Dec 25, 2010 at 1:18 PM, dave george <dgeorge at teletoneinc.com> wrote:> Need some advise or paid help on running asterisk on two WAN connection. ?I > need load balancing and failover support. > > WAN: 1 DSL + 1 Cable ISP. >There are _many_ issues. First outgoing and incoming traffic is completely different for what you want to do. Second SIP is hard enough to NAT and route with a single IP let alone 2 or more and probably dynamic! Third, load balancing/fail-over is not a simple matter even doing by hand with Linux or BSD, there will still be issues with static routing and such. There are some cheap hw that may claim it does, but most probably it will not be meant for VoIP, SIP or IAX. Depending on your budget and needs, if you need reliability and high bandwidth, probably a better solution is to host your main pbx in a reliable server on a fixed and public IP and then route the calls to a local Asterisk using IAX and even SIP. If local bandwidth is limited IAX is a better bet. By having a public box routing calls to local box(es) on your private LAN, you could load balance with multiple local Asterisk servers (easy balance by dialplan, for example). To save on hardware, you could use virtualization or FreeBSD Jails for example. Dunno how the telephony hw works with virtualization or jails (yet, thoug I do have a single Asterisk running on a FBSD jail). Good luck, Alejandro Imass> > Dave > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > ? ? ? ? ? ? ? http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > ? http://lists.digium.com/mailman/listinfo/asterisk-users >
2010/12/25 dave george <dgeorge at teletoneinc.com>> Need some advise or paid help on running asterisk on two WAN connection. I > need load balancing and failover support. > > WAN: 1 DSL + 1 Cable ISP. >Is this WAN connection used to reach an ITSP or to reach phones ?> > > Dave > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20101227/d4db94a9/attachment.htm>