We recently “upgraded” from FreePBX 15 to 17, and we had a number of communication issues immediately after. It seems that the thing they all had in common was that SRTP was enabled.
Most of our phones are Poly VVX 450, but we also use some other manufacturers and models; the problem exists regardless of model. The VVX450 is just the easiest to refer to, because we use EPM for it.
On extension 4291 (as an example), if in FreePBX I set:
Media Encryption = SRTP via in-SDP (recommended)
Allow Non-Encrypted Media (Opportunistic SRTP) = Yes (or no, makes no difference)
and the Polycom SIP-Interop.cfg includes:
sec.srtp.offer=1
sec.srtp.require=0 (or 1, makes no difference)
Then the call fails.
The only way I have found to get calls to work is to set:
Media Encryption = None
and/or
sec.srtp.offer=0
Basically, if either side prohibits SRTP and the other side is OK with that, then the call will succeed. But if both sides optionally accept SRTP, or if either side or both sides make it mandatory, the call will fail.
In the system log, whenever a call fails for this reason, I see:
ERROR[177858] res_pjsip_session.c: 4291: Couldn't negotiate stream 0:audio-0:audio:sendrecv (nothing)
I’ve used pjsip logger to see if I can find anything more useful, and… it’s not helping me, but maybe it will help someone else. Hence my making this post.
e[0K<--- Received SIP request (1259 bytes) from TLS:10.200.63.40:61268 --->
INVITE sip:[email protected]:5061;user=phone;transport=tls SIP/2.0
Via: SIP/2.0/TLS 10.200.63.40:61268;branch=z9hG4bKe84be92c79316637
From: "4291-Display Name" <sip:[email protected]:5061>;tag=CB87FCE-74D2D477
To: <sip:[email protected];user=phone>
CSeq: 1 INVITE
Call-ID: c0f0874679a6117fd3a2d7af0e72482a
Contact: <sip:[email protected]:61268;transport=tls>
Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER
User-Agent: PolycomVVX-VVX_450-UA/6.4.6.2681
Accept-Language: en
Supported: replaces,100rel
Allow-Events: conference,talk,hold
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 559
v=0
o=- 1736887304 1736887304 IN IP4 10.200.63.40
s=Polycom IP Phone
c=IN IP4 10.200.63.40
t=0 0
a=sendrecv
m=audio 2222 RTP/SAVP 0 8 18 9 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:S+AcF4EvckyX6vfy1yncN6yPHs+WLVQtG8FoWGvR
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
m=audio 2222 RTP/AVP 0 8 18 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
<--- Transmitting SIP response (564 bytes) to TLS:10.200.63.40:61268 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 10.200.63.40:61268;rport=61268;received=10.200.63.40;branch=z9hG4bKe84be92c79316637
Call-ID: c0f0874679a6117fd3a2d7af0e72482a
From: "4291-Display Name" <sip:[email protected]>;tag=CB87FCE-74D2D477
To: <sip:[email protected];user=phone>;tag=z9hG4bKe84be92c79316637
CSeq: 1 INVITE
WWW-Authenticate: Digest realm="asterisk",nonce="1736887304/828301edf317221745e8ab8f6c96fe22",opaque="2450f4d71cb0267a",algorithm=MD5,qop="auth"
Server: Crosstalk PBX-17.0.19.23(21.6.0)
Content-Length: 0
e[Kvoip2*CLI>
e[0K<--- Received SIP request (620 bytes) from TLS:10.200.63.40:61268 --->
ACK sip:[email protected]:5061;user=phone;transport=tls SIP/2.0
Via: SIP/2.0/TLS 10.200.63.40:61268;branch=z9hG4bKe84be92c79316637
From: "4291-Display Name" <sip:[email protected]>;tag=CB87FCE-74D2D477
To: <sip:[email protected];user=phone>;tag=z9hG4bKe84be92c79316637
CSeq: 1 ACK
Call-ID: c0f0874679a6117fd3a2d7af0e72482a
Contact: <sip:[email protected]:61268;transport=tls>
Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER
User-Agent: PolycomVVX-VVX_450-UA/6.4.6.2681
Accept-Language: en
Max-Forwards: 70
Content-Length: 0
e[Kvoip2*CLI>
e[0K<--- Received SIP request (1581 bytes) from TLS:10.200.63.40:61268 --->
INVITE sip:[email protected]:5061;user=phone;transport=tls SIP/2.0
Via: SIP/2.0/TLS 10.200.63.40:61268;branch=z9hG4bK74bc47d8696A9709
From: "4291-Display Name" <sip:[email protected]:5061>;tag=CB87FCE-74D2D477
To: <sip:[email protected];user=phone>
CSeq: 2 INVITE
Call-ID: c0f0874679a6117fd3a2d7af0e72482a
Contact: <sip:[email protected]:61268;transport=tls>
Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER
User-Agent: PolycomVVX-VVX_450-UA/6.4.6.2681
Accept-Language: en
Supported: replaces,100rel
Allow-Events: conference,talk,hold
Authorization: Digest username="4291", realm="asterisk", nonce="1736887304/828301edf317221745e8ab8f6c96fe22", qop=auth, cnonce="wSY2m76g+dMAZIl", nc=00000001, opaque="2450f4d71cb0267a", uri="sip:[email protected]:5061;user=phone;transport=tls", response="b0d9a8f331b90f12f692de5e22c33d07", algorithm=MD5
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 559
v=0
o=- 1736887304 1736887304 IN IP4 10.200.63.40
s=Polycom IP Phone
c=IN IP4 10.200.63.40
t=0 0
a=sendrecv
m=audio 2222 RTP/SAVP 0 8 18 9 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:S+AcF4EvckyX6vfy1yncN6yPHs+WLVQtG8FoWGvR
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
m=audio 2222 RTP/AVP 0 8 18 9 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:9 G722/8000
a=rtpmap:101 telephone-event/8000
e[Kvoip2*CLI>
e[0K<--- Transmitting SIP response (384 bytes) to TLS:10.200.63.40:61268 --->
SIP/2.0 100 Trying
Via: SIP/2.0/TLS 10.200.63.40:61268;rport=61268;received=10.200.63.40;branch=z9hG4bK74bc47d8696A9709
Call-ID: c0f0874679a6117fd3a2d7af0e72482a
From: "4291-Display Name" <sip:[email protected]>;tag=CB87FCE-74D2D477
To: <sip:[email protected];user=phone>
CSeq: 2 INVITE
Server: Crosstalk PBX-17.0.19.23(21.6.0)
Content-Length: 0
e[Kvoip2*CLI>
e[0Ke[1;30m == e[0mUsing SIP RTP Audio TOS bits 184
e[Kvoip2*CLI>
e[0Ke[1;30m == e[0mUsing SIP RTP Audio CoS mark 5
e[Kvoip2*CLI>
e[0K[2025-01-14 15:41:44] e[1;31mERRORe[0m[177858]: e[1;37mres_pjsip_session.ce[0m:e[1;37m946e[0m e[1;37mhandle_incoming_sdpe[0m: 4291: Couldn't negotiate stream 0:audio-0:audio:sendrecv (nothing)
e[Kvoip2*CLI>
e[0K<--- Transmitting SIP response (438 bytes) to TLS:10.200.63.40:61268 --->
SIP/2.0 488 Not Acceptable Here
Via: SIP/2.0/TLS 10.200.63.40:61268;rport=61268;received=10.200.63.40;branch=z9hG4bK74bc47d8696A9709
Call-ID: c0f0874679a6117fd3a2d7af0e72482a
From: "4291-Display Name" <sip:[email protected]>;tag=CB87FCE-74D2D477
To: <sip:[email protected];user=phone>;tag=4056c26b-f43e-45dc-ad20-7c34433fbca5
CSeq: 2 INVITE
Server: Crosstalk PBX-17.0.19.23(21.6.0)
Content-Length: 0
e[Kvoip2*CLI>
e[0K<--- Received SIP request (633 bytes) from TLS:10.200.63.40:61268 --->
ACK sip:[email protected]:5061;user=phone;transport=tls SIP/2.0
Via: SIP/2.0/TLS 10.200.63.40:61268;branch=z9hG4bK74bc47d8696A9709
From: "4291-Display Name" <sip:[email protected]>;tag=CB87FCE-74D2D477
To: <sip:[email protected];user=phone>;tag=4056c26b-f43e-45dc-ad20-7c34433fbca5
CSeq: 2 ACK
Call-ID: c0f0874679a6117fd3a2d7af0e72482a
Contact: <sip:[email protected]:61268;transport=tls>
Allow: INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER
User-Agent: PolycomVVX-VVX_450-UA/6.4.6.2681
Accept-Language: en
Max-Forwards: 70
Content-Length: 0
Does anyone have any advice for me? Please? Thanks in advance.