Hi Patrick,
Thanks a lot for your quick help. Yes, I configured the NAT options in
sip.conf.
BTW, I am using 12.1.1, will try 11.8.1 and see if I can make it work.
Thanks again,
William
======================================
Date: Sat, 05 Apr 2014 23:38:32 +0200
From: Patrick Laimbock <patrick at laimbock.com>
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] Asterisk and SRTP
Message-ID: <534077D8.7000402 at laimbock.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 04/05/2014 07:56 PM, William Wu wrote:>Hi experts,
>
> I am trying Asterisk SRTP in my environment, and find that when
>Asterisk is behind a NAT, the audi/video UDP ports opened for SRTP relay
>by Asterisk are local ports on the Asterisk server, media from the two
>clients out of the NAT (for example from Internet) can not reach the
>ports, and thus the two client can not establish the secure call via
>Asterisk. I have set up a STUN server and configured in rtp.conf, but
>seems Asterisk does not do STUN before it opens ports for SRTP. BTW,
>Non-SRTP call can work though.
>
> Anyone can give advice on how to make SRTP work in such an env?
I have no problems with a TLS/SRTP call between a GSM with CSipSimple
and Asterisk 11.8.1 behind NAT. Have you configured the NAT options in
sip.conf?
externip=...
localnet=...
nat=...
You may also need to add/change the options below. Check the sip.conf
example file to see what these options do and use what's best for your
situation.
canreinvite=no
directmedia=no
directrtpsetup=no
HTH,
Patrick
>
