Jakob-Matthias Böttger
2014-Aug-13 12:58 UTC
[asterisk-users] SRTP only from asterisk to extention possible
Hello, trying to implement srtp with already working tls i somehow stuck with srtp. If the extension has successfully registered a call from asterisk to that extension works fine. But the other way round nothing happens. [Aug 13 14:54:16] WARNING[31053]: chan_sip.c:3906 __sip_xmit: sip_xmit of 0x7fc8880467e0 (len 609) to 123.456.789:36785 returned -2: Success [Aug 13 14:54:20] NOTICE[31053]: chan_sip.c:29623 sip_poke_noanswer: Peer '200' is now UNREACHABLE! Last qualify: 53 The phone (gxp1450) is configured to use symetric rtp with disabled crypto lifetime and srtp mode forced. Any ideas what could be wrong? [general] allowguest=no alwaysauthreject=yes nat=force_rport,comedia sendrpid=rpid trustrpid=yes language=de callevents=yes qualify=yes faxdetect=yes t38pt_udptl=no disallow=all allow=ulaw allow=alaw ;-------------------------Encryption----- encryption=yes tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/var/lib/asterisk/keys/asterisk.pem tlscafile=/var/lib/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 tlsdontverifyserver=yes ;--------------------------Default---------------- context=default ; Default context for incoming calls allowoverlap=no udpbindaddr=0.0.0.0 tcpenable=yes tcpbindaddr=0.0.0.0 srvlookup=yes [my-codecs](!) ; a template for my preferred codecs disallow=all allow=g722 allow=alaw allow=ulaw allow=speex allow=g723 allow=ilbc allow=g729 allow=gsm [NAT](!,my-codecs) dtmfmode=rfc2833 context=sip-out type=friend host=dynamic transport=tls,tcp qualify=yes directmedia=no [200](NAT) callerid=200 defaultuser=200 fromuser=200 secret=password mailbox=200 at default Best Regards Jakob -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20140813/2b3cf4db/attachment.pgp>