We upgraded to FreePBX-12 on the weekend. This morning I am testing a Jitsi soft-phone configurtion which was working before the update and which now does not. The issue appears to be SRTP related. The log files show this:
[2015-02-23 09:04:11] NOTICE[4310] chan_sip.c: Peer ‘90012’ is now Reachable. (24ms / 2000ms)
[2015-02-23 09:04:11] NOTICE[4310] chan_sip.c: Peer ‘90012’ is now Reachable. (24ms / 2000ms)
[2015-02-23 09:04:27] WARNING[4310][C-00000e1b] chan_sip.c: We are requesting SRTP for audio, but they responded without it!
[2015-02-23 09:04:27] WARNING[4310][C-00000e1b] chan_sip.c: We are requesting SRTP for audio, but they responded without it!
We never have been able to get Jitsi to work with encryption but it has worked without encryption enabled up to this past week. Consequently encryption is turned off on the device entry of this extension and Jitsi has encryption disabled as well. None-the-less it appears that Asterisk is now configured to require encryption regardless of the device settings. This probably means that there is a setting somewhere in FreePBX that we have overlooked. So, how does one administer SRTP so that individual devices can enable and disable encryption?
Trying to debug this through experimentation I have run into the following situation:
I create a new extension/device on FreePBX and leave all encryption turned off.
I create a new Jitsi account for that device on my desktop and go ONLINE successfully.
I try to place a call from the new soft-phone account to another internal extension
This fails because Jitsi is setup to use encryption and ZRTP by default.
I disable encryption in Jitsi for this account and try to place a call to an internal extension.
This succeeds.
I enable DTLS/SRTP in Jitsi, move it to the preferred protocol position in encryption, re-enable encryption and then try to place a call to an internal extension. This fails (see 2 above).
I enable SRTP and DTLS for this device in FreePBX, submit and apply the changes. I then have Jitsi place a call to the same extension. This also fails.
I disable encryption in Jitsi again and I also disable encryption and DTLS/SRTP for that device account in FreePBX. I then submit and apply the FreePBX changes. I next use Jitsi to place a call to the same extension as in 3 above but now it fails and the error messages is that SRTP was offered by FreePBX/Asterisk but in not available.
[2015-02-23 15:20:31] WARNING[2428][C-00000167] chan_sip.c: We are requesting SRTP for audio, but they responded without it!
[2015-02-23 15:20:31] WARNING[2428][C-00000167] chan_sip.c: We are requesting SRTP for audio, but they responded without it!
When this happened previously I ended up rebooting the host to clear the SRTP requirement from the Asterisk end. Can someone explain what is going on with this? Why does once trying to get SRTP to work cause the device to be stuck with SRTP? And, has anyone here managed to have Jitsi work with Asterisk using SRTP? If so then how is it done?