Encryption Troubleshooting Thread

BigChief · April 28, 2016, 12:42am

I installed those (and all the other edge updates), then rebooted the server, but I’m still getting the same results:

[2016-04-27 20:35:23] VERBOSE[3823][C-00000002] netsock2.c: Using SIP RTP TOS bits 184
[2016-04-27 20:35:23] VERBOSE[3823][C-00000002] netsock2.c: Using SIP RTP CoS mark 5
[2016-04-27 20:35:23] WARNING[3823][C-00000002] chan_sip.c: Can’t provide secure audio requested in SDP offer

Also, back when Bill Simon said:

Now edit /var/www/html/admin/modules/webrtc/ucp/assets/js/global.js and change line 376. Change the version nummber to 0.7.23

Right after the module updates, but before I rebooted, I tried to set that back the way it was, to get rid of the red “tampered file” notifications. I actually lost track of what the original version was supposed to be… it’s “0.6.30”, correct? That seems to have worked in that the tamper message hasn’t come back since the reboot. But you guys didn’t change to permanently using that newer version, right?

billsimon · April 28, 2016, 12:51am

Does this give working wss-enabled WebRTC without any hacking (as I am wont to do)? Also, do you know of any version requirements for Asterisk to achieve it?

I can’t figure out why it’s working for you without the “;transport=wss” fudging, since this issue is still open: https://issues.asterisk.org/jira/browse/ASTERISK-24330 But I am glad nonetheless.

tm1000 · April 28, 2016, 6:05am

The new version is using 0.7.23 so you didn’t update.

You also need to go back and save everything

Then reload.

tm1000 · April 28, 2016, 2:03pm

Yes. 13.8.2. I see no reason why it wouldn’t work with 11 though.

BigChief · April 28, 2016, 3:31pm

Okay, I’m fully updated and reloaded now on all Edge modules including WebRTC Phone 13.0.20. I’m still getting this stuff though:

[2016-04-28 11:27:51] VERBOSE[6852][C-00000009] netsock2.c: Using SIP RTP TOS bits 184
[2016-04-28 11:27:51] VERBOSE[6852][C-00000009] netsock2.c: Using SIP RTP CoS mark 5
[2016-04-28 11:27:51] WARNING[6852][C-00000009] chan_sip.c: Can’t provide secure audio requested in SDP offer

tm1000 · April 28, 2016, 3:32pm

You need to recreate everything. From the start.

BigChief · April 28, 2016, 3:34pm

Are we talking like, reboot the server and my PC? Or are we talking nuke the entire server and start from scratch?

Edit: Or are you saying you need me to give a reproduction of my steps more specifically?

tm1000 · April 28, 2016, 3:35pm

The extension, turn webrtc to off. Save. Delete extension. re-create. You also dont have to keep rebooting throughout this entire process.

BigChief · April 28, 2016, 3:44pm

I just made a totally brand new extension, 1010, then set the WebRTC to on for it. Still getting the same behavior.

I’m not sure if it’s relevant, but I’m occasionally getting this “NOTICE[1869] chan_sip.c: Peer ‘99xxxx’ is now UNREACHABLE!” thing in the logs.It doesn’t happen every time I log in to the UCP page and fire up the WebRTC phone but it does show sometimes:

[2016-04-28 11:39:40] VERBOSE[9518] res_http_websocket.c: WebSocket connection from ‘107.181.19.140:56377’ for protocol ‘sip’ accepted using version ‘13’
[2016-04-28 11:39:40] VERBOSE[9518] chan_sip.c: Registered SIP ‘991010’ at 107.181.19.140:56377
[2016-04-28 11:39:44] NOTICE[1869] chan_sip.c: Peer ‘991010’ is now UNREACHABLE! Last qualify: 0
[2016-04-28 11:39:55] VERBOSE[9518][C-0000000b] netsock2.c: Using SIP RTP TOS bits 184
[2016-04-28 11:39:55] VERBOSE[9518][C-0000000b] netsock2.c: Using SIP RTP CoS mark 5
[2016-04-28 11:39:55] WARNING[9518][C-0000000b] chan_sip.c: Can’t provide secure audio requested in SDP offer
[2016-04-28 11:40:00] VERBOSE[9518][C-0000000c] netsock2.c: Using SIP RTP TOS bits 184
[2016-04-28 11:40:00] VERBOSE[9518][C-0000000c] netsock2.c: Using SIP RTP CoS mark 5
[2016-04-28 11:40:00] WARNING[9518][C-0000000c] chan_sip.c: Can’t provide secure audio requested in SDP offer

tm1000 · April 28, 2016, 3:46pm

Please take a screenshot of

config.php?display=devices&extdisplay=99[ext]

where [ext] is the webrtc extension. I need to see everything in the advanced tab

BigChief · April 28, 2016, 5:30pm

Here it is for extension [99]1010:

tm1000 · April 29, 2016, 12:19am

Everything looks right. Sorry at a bit of a loss here. I have the same settings and it works fine. Your error is basically “you want encryption but I was told there is no encryption from your conf files”

billsimon · April 29, 2016, 12:23am

Time to do a SIP debug and examine the SDPs and see where the incompatibility is. That should lead you back to the misconfiguration.

BigChief · April 29, 2016, 12:50am

Okay, I messaged you both my SIP Debug info. I went into the shell and did “rasterisk” then “sip set debug on”, attempted a secure WebRTC call in the UCP, then copied that and turned the SIP debug back off. I might have some non-WebRTC normal phone traffic mixed in there, I’m not sure.

Do you guys have any interest in my configs/logs or doing a screen share?

Also, just so I know in general, what are the IPs/ports used by your “System Admin -> Support VPN”, so I can whitelist the CIDRs in Amazon EC2?