After messing with this for about a day I have TLS working but not SRTP.
This guide helped me get TLS working, for a softphone.
http://www.voip-info.org/wiki/view/SIP+TLS
I added all of these lines:
tlsenable=yes
tlsbindaddr=192.168.0.1 (put your actual ip address of your box here)
tlscertfile=/etc/asterisk/certificates/asterisk.something.com.pem
tlsdontverifyserver=no
tlscipher=DES-CBC3-SHA
tlsclientmethod=tlsv1
to /etc/asterisk/sip_custom.conf which was a blank file, and then restarted asterisk
asterisk -rx “core restart now”
What the guide doesn’t tell you, is that you need to download the server certificate to the computer running the softphone and “install” it.
in windows 7, I just double clicked the file which ended with a .crt extension, and used the wizard to import the certificate. Accept all of the defaults, next, next, finish
I’m using the windows version of linphone as the softphone client. In the preferences menu in linphone, under Network protocol and ports, select “SIP (TLS)”
Then restart linphone.
After doing this linphone registers with asterisk properly, and I can make calls, etc.
This seemed like the hard part. Shouldn’t SRTP just work once the certificate process is resolved?
In freepbx --> extensions --> encryption
I set Yes (SRTP only) and clicked submit.
After that the extension stops working, and the message received is:
Not allowed here
The asterisk debug output shows:
[2012-02-16 00:42:15] ERROR[1415]: chan_sip.c:28813 setup_srtp: No SRTP module loaded, can’t setup SRTP session.
If I try and use the cli to load the res_rtp_asterisk module, it states that it’s already loaded
asterisk*CLI> module load res_rtp
[2012-02-16 00:43:38] WARNING[1663]: loader.c:829 load_resource: Module ‘res_rtp_asterisk.so’ already exists.
Is this the necessary module that provides srtp support?
I also thought maybe I was missing the libsrtp library, but yum search srtp returns nothing.
How can srtp support be enabled in freepbx?