I'm still no further advanced on this, but I think I have narrowed it
down to tls. I have sip debug logs which shows that the server cannot
contact the tls enabled phone at the same time this error crops up. The
log says "calling <user>" and then the error.
With TLS disabled, though, SRTP still doesn't work either though. I have
no knowledge of how to move forward on this, so some pointers would be
very much appreciated.
On 06/07/11 12:11, Da Rock wrote:> I'm having trouble setting up tls/srtp secure communications on my
> Asterisk server- I'm still rather new at working with Asterisk.
>
> I have enabled tls and encryption and I have csipsimple with tls build
> on the phone. I'm currently only testing one phone with this
> capability so far, and the rest still work in the current state.
>
> My logging looks like this with verbose turned up:
>
> [Jun 7 11:44:13] NOTICE[88483]: chan_sip.c:19842
> handle_response_peerpoke: Peer '<user>' is now Reachable.
(171ms /
> 2000ms)
> [Jun 7 11:46:17] NOTICE[88483]: chan_sip.c:25072 sip_poke_noanswer:
> Peer '<user>' is now UNREACHABLE! Last qualify: 203
> [Jun 7 11:46:29] NOTICE[88483]: chan_sip.c:19842
> handle_response_peerpoke: Peer '<user>' is now Reachable.
(1888ms /
> 2000ms)
>
> When I call on this phone I get:
>
> [Jun 7 11:40:47] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
> of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid
> argument
> [Jun 7 11:41:01] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
> of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid
> argument
> [Jun 7 11:41:15] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
> of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid
> argument
> [Jun 7 11:41:29] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
> of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid
> argument
> -- Registered SIP '<user>' at 192.168.0.200:57805
> [Jun 7 11:41:31] NOTICE[88483]: chan_sip.c:19842
> handle_response_peerpoke: Peer '<user>' is now Reachable.
(10ms / 2000ms)
>
> When I call from another phone I get:
>
> [Jun 7 11:55:30] NOTICE[88483]: chan_sip.c:25072 sip_poke_noanswer:
> Peer '<tls user>' is now UNREACHABLE! Last qualify: 13
> -- SIP/<tls user>-00000024 is circuit-busy
> == Everyone is busy/congested at this time (1:0/1/0)
> -- Auto fallthrough, channel 'SIP/<user>-00000023' status
is
> 'CONGESTION'
> [Jun 7 11:56:22] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
> of 0x2c992000 (len 599) to 192.168.0.200:45931 returned -2:
> Interrupted system call
>
> and eventually:
>
> [Jun 7 11:57:46] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
> of 0x2cefb000 (len 599) to 192.168.0.200:45931 returned -2: Unknown
> error: 0
>
> I'm using my own CA setup for purposes beyond just this need, so
I'm
> using openssl commands directly and everything works elsewhere- so my
> CA setup is fine (includes SAN).
>
> My config for tls/srtp looks like this (remember, the rest works very
> happily):
>
> [global]
> encryption = yes
> tlsenable = yes
> tlsbindaddr = 0.0.0.0
> tlscertfile =
> /path/to/asterisk/certificate/and/key/in/a/single/file
> tlscafile = /path/to/CA/certificate
> tlscipher = ALL
> tlsclientmethod = tlsv1
>
> [tls user]
> transport = tls
>
> Can someone give me any clues to what is happening? I've checked my
> packet flow with tcpdump and wireshark as well, but I'm still left
> mystified.
>
> Cheers
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users