Sangoma SBC: SRTP sends proposal for unencrypted RTP in SIP-INVITE

(Stefan) #1


while FreePBX is fine with my provider, I gave the SBC (as VM) a try, but that didn’t work with encrypted media. I found that when making a call, the SBC sends two media proposals in the SIP-INVITE with the SDP-request, one with RTP/SAVP and a a=crypto-section and one as RTP/AVP without a=crypto.

Here’s the question: How can I configure the SIP-Profile / -Trunk to only send the crypto-proposal?

I think what it does ist called “opportunistic RTP”, I found a draft-RFC somewhere. My provider does not allow that and terminates the call with “488 Secure RTP is forced”.
I stumbled across Lync-compatibility and “secure AVP” (in the SIP-profile), where, when enabled, the INVITE only contains RTP/AVP but with a a=crypto-line. That is non-standard but outgoing calls work that way; sadly, incoming calls don’t. So I’m guessing that is not the way - not knowing what it does anyways.

Has anyone had the problem before (and a solution at hand)?


(Stefan) #2


I found a solution using an .xml-config in the conf/custom/sip_profiles-folder to set srtp to mandatory and exclude RTP/AVP from the SDP-Message.
The folder (apparently) is backed up, gets restored and survives config changes. It is included by the WebGUI-generated config files under conf/sip_profiles.
Works for me.


(system) closed #3

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.