Res_srtp.c: SRTCP unprotect failed because of unable to perform desired validation

Running several FPBX Distro VMs – all current on OS, Asterisk and Modules

On two different systems I started seeing the above error: res_srtp.c: SRTCP unprotect failed on SSRC because of unable to perform desired validation

1 Systems is running ClearlyIP deskphones and the other Grandstream – both have latest firmware – both show the message

Mind you – this does not really effect anything – we have 2 way audio etc… it just fills the CLI with messages

Anyone else seeing this issue?

Hi @hardocp
I think your PBX and Asterisk doesn’t support srtp protocol. Pls check below links.

Thanks.

Shahin

Yes:

  == SRTP unprotect failed on SSRC 1159450567 because of authentication failure 160
  == SRTCP unprotect failed on SSRC 1336164530 because of unable to perform desired validation
  == SRTP unprotect failed on SSRC 1159450567 because of authentication failure 160
  == SRTCP unprotect failed on SSRC 1159450567 because of authentication failure
  == SRTP unprotect failed on SSRC 1159450567 because of authentication failure 160
...

This was the kind of error I saw on an Asterisk system where we wanted SRTP. The vendor of the remote endpoint was using an older, faulty version of libsrtp (even on their most current firmware) and these encrypted calls were failing.

I believe the faulty version(s) of libsrtp are the 1.5.x versions… 1.4.x seemed to be ok and newer ones too.

Ask your hardware vendors about their SRTP library versions.

1 Like

Since i am running the Distro – i took a look and saw the following:

Installed Packages
libsrtp.x86_64 1.6.0-1.sng7 @anaconda/1910
Available Packages
libsrtp.i686 1.4.4-10.20101004cvs.el7 sng-base

However it looks like 2.3.0 is the latest version of the package https://github.com/cisco/libsrtp/releases

I dont want to mess with the distro and start manually updating things – but wonder if this makes any difference?

1.6.0 should be ok.

I wouldn’t mess with things on your server until you have checked with the vendors.

In my case, the vendor updated their endpoint srtp library.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.