TLS and SRTP

MrXirtam · June 15, 2020, 6:01pm

I think you may be right. Here is that extension directly from the pjsip.endpoint.conf file:

[299]
type=endpoint
aors=299
auth=299-auth
tos_audio=ef
tos_video=af41
cos_audio=5
cos_video=4
allow=ulaw
context=from-internal
callerid=Test User <299>

dtmf_mode=rfc4733
direct_media=yes
transport=0.0.0.0-tls
aggregate_mwi=yes
use_avpf=no
rtcp_mux=no
max_audio_streams=1
max_video_streams=1
bundle=no
ice_support=no
media_use_received_transport=no
trust_id_inbound=yes
user_eq_phone=no
send_connected_line=yes
media_encryption=sdes
timers=yes
timers_min_se=90
media_encryption_optimistic=no
refer_blind_progress=yes
refer_blind_progress=yes
rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes
language=en
one_touch_recording=on
record_on_feature=apprecord
record_off_feature=apprecord
media_encryption=dtls
dtls_verify=fingerprint
dtls_setup=actpass
dtls_rekey=0
dtls_cert_file=/etc/asterisk/keys/default.crt
dtls_private_key=/etc/asterisk/keys/default.key

Yet here is a screenshot of the advanced settings for user 299:

MrXirtam · June 15, 2020, 6:10pm

And going off that previous information, looking further down the advanced section of user 299, I find the DTLS settings, and it was enabled there (not sure how or why, because I know I didn’t touch that section). But when I disable that, TLS and SRTP are now working. I checked that setting on the second test user I made, and it was not enabled. So not sure what happened there.

@Stewart1 Thanks for helping me narrow down the problem!

Edit: To add to this, it seems that enabling SRTP on an extension and saving / applying config, automatically enables DTLS, so I needed to go in and disable that setting in particular after enabling Media Encryption.

system · June 22, 2020, 6:11pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.