SRTP Support in Distro

homa1978 · May 2, 2011, 1:41pm

Hi !

I tested the distro and i find it is the right direction.

But one big feature is missing for me: SRTP support.

The asterisk is compiled without srtp support and zhis is one of the points to go to 1.8 for me.

Is there the possibility to enhance asterisk version with srtp.

Thanks

homa1978 · May 6, 2011, 7:18am

hi !

First thank you for help.

The parameter srtpcapable=yes in sip_general_custom.conf is not the problem.

But the dialplan code must be implemented in freepbx i think.

Is this right an dis there any work on this ?

Is nobody using srtp with freepbx ?

Thanks

plindheimer · May 6, 2011, 3:21pm

to my knowledge there is no change in dialplan to use srtp.

If there is, then no one has ever brought it up and filed a ticket, and I’m pretty sure I’ve seen people on the forums doing early work with this, and never indicated there was any dialplan changes. (And I don’t see why there would be…)

depster · May 5, 2011, 3:58pm

Have you set both the transport and encryption options in Extensions > Device Options?

Perhaps the following will help:

http://www.phoneprovisioning.com/voip-how-to/security/setting-up-srtp-in-asterisk-with-polycoms

Configure Asterisk for Secure Calls

Open up sip.conf, and directly under the [general] section add this line:
srtpcapable=yes
The next part is easy, you just need to tell Asterisk via dialplan code that you want SRTP used when certain extensions are dialed. You accomplish this by using SIPPEER to set a variable. Don’t worry about understanding that. You can just copy paste what I have below.
[local_stations]
exten => _XXXX,1,Set(_SIPSRTP=${SIPPEER(${EXTEN},srtpcapable)})
exten => _XXXX,n,Dial(SIP/${EXTEN})

plindheimer · May 5, 2011, 5:43pm

actually, don’t add anything in sip.conf, never add anything to sip.conf in FreePBX or you will eventually end up with a broken system.

You can add that setting and anything else you need with either the SIP Settings module (preferred mode) or otherwise into sip_general_custom.conf.

homa1978 · May 4, 2011, 12:37pm

Hi !

I configured SRTP in FreePBX and on Snom telephones with both 32 bit and 80 bit HMAC because i cann’t get a connection.

On both extension 101 and 102 ist encryption=yes conf. And on both snom rtp is on.

The following error messages appears:

WARNING[14405]: chan_sip.c:8417 process_sdp: We are requesting SRTP, but they responded without it!

Here a sip trace:

U 192.168.200.118:2050 -> 194.177.133.35:5060
INVITE sip:[email protected];user=phone SIP/2.0.
Via: SIP/2.0/UDP 192.168.200.118:2050;branch=z9hG4bK-4isn2gwt179n;rport.
From: sip:[email protected];tag=9nzuwnuqkx.
To: sip:[email protected];user=phone.
Call-ID: 3c267468cff6-9outrgtyi9nc.
CSeq: 2 INVITE.
Max-Forwards: 70.
Contact: sip:[email protected]:2050;line=8pa6m6nw;reg-id=1.
X-Serialnumber: 00041331895E.
P-Key-Flags: keys=“3”.
User-Agent: snom320/8.4.31.
Accept: application/sdp.
Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, PRACK, MESSAGE, INFO, UPDATE.
Allow-Events: talk, hold, refer, call-info.
Supported: timer, 100rel, replaces, from-change.
Session-Expires: 3600;refresher=uas.
Min-SE: 90.
Authorization: Digest username=“101”,realm=“asterisk”,nonce=“399f9a6e”,uri="sip:[email protected];user=phone",response=“c555efcf89b06cd9546107c66d8a35e5”,algorithm=MD5.
Content-Type: application/sdp.
Content-Length: 479.
.
v=0.
o=root 518039382 518039382 IN IP4 192.168.200.118.
s=call.
c=IN IP4 192.168.200.118.
t=0 0.
m=audio 53858 RTP/AVP 0 8 9 99 3 18 4 101.
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:2/xpwnyowSjl4x6h1Va5tfaWC3wb9vnyWgcEoPzn.
a=rtpmap:0 PCMU/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:9 G722/8000.
a=rtpmap:99 G726-32/8000.
a=rtpmap:3 GSM/8000.
a=rtpmap:18 G729/8000.
a=fmtp:18 annexb=no.
a=rtpmap:4 G723/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=ptime:20.
a=sendrecv.

U 194.177.133.35:5060 -> 192.168.200.118:2050
SIP/2.0 488 Not acceptable here.
Via: SIP/2.0/UDP 192.168.200.118:2050;branch=z9hG4bK-4isn2gwt179n;received=192.168.200.118;rport=2050.
From: sip:[email protected];tag=9nzuwnuqkx.
To: sip:[email protected];user=phone;tag=as64640499.
Call-ID: 3c267468cff6-9outrgtyi9nc.
CSeq: 2 INVITE.
Server: FPBX-2.9.0rc1(1.8.3.2).
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH.
Supported: replaces, timer.
Content-Length: 0.
.

Has anybody SRTP with freepbx running ?

Thanks for help.

homa1978 · May 3, 2011, 9:10am

perfect, i will give it a try.

is freepbx 2.9 ready for tls and srtp ?

thanks

plindheimer · May 3, 2011, 2:26pm

yes somewhat,

the settings are in the extensions to support it.

You will have to add the needed general settings in the generic section of the SIP settings module and/or possibly in sip_general_custom.conf if the module is in-adequate. And you will have to manually install any other certs or what not that may be required. (I have not set it up so don’t recall all the specifics that are needed)

GameGamer43 · May 2, 2011, 4:40pm

Homa1978,
Support should be available for this in the asterisk build I’m doing today and should be available in yum a little later.

tonyclewis · May 2, 2011, 6:09pm

This has been updated in the lastest version. Please see http://www.freepbx.org/forum/freepbx-distro/distro-discussion-help/release-versions for more information.

Mateus · July 11, 2011, 3:54pm

I cant get SRTP working.
I realy cant find a way to load res_srtp
Can anyone suggest something?

Found a way to do so on Ubuntu + Asterisk 1.8.2.2
But not on FreePBX