Sebastian Damm
2016-May-04 11:25 UTC
[asterisk-users] Asterisk registers with TLS, but sends out calls via UDP
Hi, I have an Asterisk 13.8.2, which is supposed to be only a client to an encrypted SIP service. All local phones are connected via UDP. Since I can't use PJSIP (see my mailing list post from yesterday), I tried configuring chan_sip to work that way. My settings are: [general] context=public allowoverlap=no udpbindaddr=0.0.0. tlsbindaddr=0.0.0.0 tcpenable=yes tcpbindaddr=0.0.0.0 tlsenable=yes transport=udp srvlookup=yes tlscafile=/usr/local/etc/asterisk/keys/4cfd3c78.0 tlscapath=/usr/local/etc/asterisk/keys tlsclientmethod=tlsv1 sipdebug = yes register => tls://1234567 at example.org:foobar at dev.example.org [devtrunk] type=peer host=example.org defaultuser=1234567 fromuser=1234567 remotesecret=foobar transport=tls outboundproxy=dev.example.org context=carrier-in encryption=yes When I start up, I see my Asterisk doing a _sips._tcp SRV lookup, but that's just for the registration, I guess. I also see it doing _sip._udp SRV queries. I wouldn't know why it would have to do that. The REGISTER packets are sent out via TLS, as I would expect. When I issue a "sip show peer devtrunk" command, it tells me this: Prim.Transp. : TLS Allowed.Trsp : TLS Looks okay to me. But when I place a call, Asterisk does this: Reliably Transmitting (no NAT) to 2.3.4.5:5060: INVITE sip:0123456789 at example.org SIP/2.0 Via: SIP/2.0/UDP 9.8.7.6:0;branch=z9hG4bK2974d534 It sends the packet out via UDP, and to the wrong host, since it doesn't use the correct SRV entry and instead sends it to the UDP server. I did not generate a certificate for my Asterisk, because it only acts as a client. I think, this shouldn't be needed. Can anyone point me to where I misconfigured something? Or did I stumble upon a bug? What would I have to do to make Asterisk use the open TLS connection used for registering for outbound calls, too? Best Regards, Sebastian