asterisk users - Aug 2015 - No audio when using TLS/SRTP with Kamailio and Asterisk 13

Hi all,

I'm using Kamailio + Asterisk 13 (PJSIP), where Kamailio (using rtpengine)
acts as the registrar and forwards all calls to Asterisk.

This works fine when using udp / tcp and RTP. When switching to TLS/SRTP,
the call is set up correctly, however, I get no audio.

When I skip kamailio and connect my two endpoints to asterisk directly I
get a perfect call with SRTP.

The same is also true when I skip asterisk and have the call handled by
Kamailio (using RTPEngine).

In PJSIP my transports look like this:

[transport-tcp]
type=transport
protocol=tcp    ;udp,tcp,tls,ws,wss
bind=0.0.0.0:5060
local_net=[asterisk local ip]/17
external_media_address=[asterisk external ip]
external_signaling_address=[asterisk external ip]

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5063
ca_list_file=/etc/asterisk/certificates/cert.crt
cert_file=/etc/asterisk/certificates/certificate.crt
priv_key_file=/etc/asterisk/certificates/key.key
method=tlsv1


My endpoint looks like this:

[kamailio]
type=endpoint
context=kam_out
disallow=all
allow=alaw
allow=g722
allow=ulaw
allow=gsm
aors=kamailio
direct_media=no
media_encryption=sdes
media_address=[Asterisk Local IP]
rtp_symmetric=yes
force_rport=no
rewrite_contact=yes
outbound_proxy=sip:[Kamailio Local IP]:5060\;transport=tcp\;lr

[kamailio]
type=identify
endpoint=kamailio
match=[Kamailio Local IP]/17

[kamailio]
type=aor
contact=sip:[Kamailio Local IP]:5060\;transport=tcp


My dialplan looks like this

[kam_out]

exten => 1001,1,Playback(demo-echotest)  ; Let them know what's going on
        same => n,Echo                     ; Do the echo test
        same => n,Playback(demo-echodone)  ; Let them know it's over
        same => n,Hangup()


exten => _kb-.,1,NoOp(Calling a registred user with number ${EXTEN})
        same => n,Set(callee=${PJSIP_HEADER(read,To)})
        same => n,Set(callee=${callee:5})
        same => n,Set(callee=${callee:0:-1}) ; removes the >
        same => n,Dial(PJSIP/kamailio/sip:${callee})
        same => n,Hangup()

When a call comes via kamailio it comes with a prefix of 'kb' if the
value
is an extension e.g. 1000 - 1999. Otherwise users can dial a prefix of 45
e.g. 451001 to hit the Echo Test.

As mentioned the echo test works fine, however the actual call between two
endpoints has no audio. RTP debug shows nothing. PJSIP shows two channels
in a simple bridge, but no sound. Usually PJSIP says RTP Probation passed
and shows the IP address but in this case it does not.

I'm guessing the issue is something funny in PJSIP, although I'm not
100%
since it does work when I turn SRTP and TLS off.

For testing I'm using CsipSimple and a Snom 760. Both are set with SRTP
mandatory and are using TLS to talk to Kamailio.

When kamailio talks to asterisk it uses TCP over a local network.

I've been pulling my hair out for days. I really would appreciate any ideas
or some pointing in the right direction here.

Thanks in advance,

C
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20150818/e63e0fa1/attachment.html>

On Tue, Aug 18, 2015 at 3:12 AM, Chirag Desai <djchillerz at gmail.com>
wrote:
> Hi all,
>
> I'm using Kamailio + Asterisk 13 (PJSIP), where Kamailio (using
rtpengine)
> acts as the registrar and forwards all calls to Asterisk.
>
> This works fine when using udp / tcp and RTP. When switching to TLS/SRTP,
> the call is set up correctly, however, I get no audio.
>
> When I skip kamailio and connect my two endpoints to asterisk directly I
> get a perfect call with SRTP.
>
> The same is also true when I skip asterisk and have the call handled by
> Kamailio (using RTPEngine).
>
> In PJSIP my transports look like this:
>
> [transport-tcp]
> type=transport
> protocol=tcp    ;udp,tcp,tls,ws,wss
> bind=0.0.0.0:5060
> local_net=[asterisk local ip]/17
> external_media_address=[asterisk external ip]
> external_signaling_address=[asterisk external ip]
>
> [transport-tls]
> type=transport
> protocol=tls
> bind=0.0.0.0:5063
> ca_list_file=/etc/asterisk/certificates/cert.crt
> cert_file=/etc/asterisk/certificates/certificate.crt
> priv_key_file=/etc/asterisk/certificates/key.key
> method=tlsv1
>
>
> My endpoint looks like this:
>
> [kamailio]
> type=endpoint
> context=kam_out
> disallow=all
> allow=alaw
> allow=g722
> allow=ulaw
> allow=gsm
> aors=kamailio
> direct_media=no
> media_encryption=sdes
> media_address=[Asterisk Local IP]
> rtp_symmetric=yes
> force_rport=no
> rewrite_contact=yes
> outbound_proxy=sip:[Kamailio Local IP]:5060\;transport=tcp\;lr
>
> [kamailio]
> type=identify
> endpoint=kamailio
> match=[Kamailio Local IP]/17
>
> [kamailio]
> type=aor
> contact=sip:[Kamailio Local IP]:5060\;transport=tcp
>
>
> My dialplan looks like this
>
> [kam_out]
>
> exten => 1001,1,Playback(demo-echotest)  ; Let them know what's
going on
>         same => n,Echo                     ; Do the echo test
>         same => n,Playback(demo-echodone)  ; Let them know it's over
>         same => n,Hangup()
>
>
> exten => _kb-.,1,NoOp(Calling a registred user with number ${EXTEN})
>         same => n,Set(callee=${PJSIP_HEADER(read,To)})
>         same => n,Set(callee=${callee:5})
>         same => n,Set(callee=${callee:0:-1}) ; removes the >
>         same => n,Dial(PJSIP/kamailio/sip:${callee})
>         same => n,Hangup()
>
> When a call comes via kamailio it comes with a prefix of 'kb' if
the value
> is an extension e.g. 1000 - 1999. Otherwise users can dial a prefix of 45
> e.g. 451001 to hit the Echo Test.
>
> As mentioned the echo test works fine, however the actual call between two
> endpoints has no audio. RTP debug shows nothing. PJSIP shows two channels
> in a simple bridge, but no sound. Usually PJSIP says RTP Probation passed
> and shows the IP address but in this case it does not.
>
>
The PJSIP stack only provides SIP signalling; it doesn't interfere with the
media handling in Asterisk. The handling of media is done by the RTP engine
implementation, res_rtp_asterisk.

I don't think this is a problem, however, with res_rtp_asterisk or
Asterisk. If RTP debug doesn't show any traffic, then Asterisk is almost
certainly not receiving any media.

What does a PCAP show? I'd look at where the RTPEngine is forwarding your
RTP packets off to, and see if they are getting sent somewhere other than
Asterisk.


> I'm guessing the issue is something funny in PJSIP, although I'm
not 100%
> since it does work when I turn SRTP and TLS off.
>
> For testing I'm using CsipSimple and a Snom 760. Both are set with SRTP
> mandatory and are using TLS to talk to Kamailio.
>
> When kamailio talks to asterisk it uses TCP over a local network.
>
> I've been pulling my hair out for days. I really would appreciate any
> ideas or some pointing in the right direction here.
>
> Thanks in advance,
>
> C
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>


-- 
Matthew Jordan
Digium, Inc. | Director of Technology
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at: http://digium.com & http://asterisk.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20150819/44e37b08/attachment.html>