TLS/SRTP, getting busy signal

FreePBX Tips and Tricks
1

I’ve enabled SRTP in my Asterisk 13 based server.
Detail specification is here:

CentOS: 7 64bit
FreePBX: 13.0.97	
Asterisk: 13.7.2

pjsip.transport.conf

[0.0.0.0-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
external_media_address=52.*.*.*
external_signaling_address=52.*.*.*
ca_list_file=/etc/asterisk/keys/integration/ca-bundle.crt
cert_file=/etc/asterisk/keys/integration/webserver.crt
priv_key_file=/etc/asterisk/keys/integration/webserver.key
local_net=172.31.30.109/255.255.240.0
local_net=172.31.30.109
method=tlsv1

Under Extension > 12345 -> Advanced -> Media Encryption -> SRTP via in SDP

SIP client is being registered successfully using TLS transport type & Encryption Enabled. RPRT for signaling and media was enabled.

I’m getting busy signal when trying to make call. And not a single output in asterisk console with debug mode on.

I tried same thing in several servers, all are working fine. Not sure if any changes made in recent version of asterisk or freepbx.

I need your help.

Thanks

2

Check you local net

specificalley

172.16.0.0/12 (255.240.0.0)

Yes you can subnet but you need to do it properly, you are using a class B network.

3

I’m using AWS and provide me all IP configs.
Subnet is 172.31.16.0/20.

Classless IP is better to avoid wasting IP address you know.

4

I’m pretty sure that neither of

are legitimate “networks” only 172.31.30.109/32 network would fit, pretty sure your network ends with a 0 with a netmask of 255.255.240.0.

Probably 172.31.30.109 is a host within your network.

5

I’ve changed code to

[0.0.0.0-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
external_media_address=52.*.*.*
external_signaling_address=52.*.*.*
ca_list_file=/etc/asterisk/keys/integration/ca-bundle.crt
cert_file=/etc/asterisk/keys/integration/webserver.crt
priv_key_file=/etc/asterisk/keys/integration/webserver.key
local_net=172.31.30.109
method=tlsv1

tried changing

local_net=172.31.30.109/32

but no luck. The issue is somewhere else for sure.

6

And I should include I’m able to make call and do everything else if selecting transport as UDP.

7

again

local_net=172.31.30.109

is NOT a valid network, it is a host, if you don’t have any lan/local users you probably shouldn’t be mangling the sip headers at all your users would be registering to 52.x.x.x.

8

Here is the output of ifconfig

inet addr:172.31.30.109 Bcast:172.31.31.255 Mask:255.255.240.0

I tried 172.31.30.109, 172.31.30.109/32, 172.31.30.109/255.255.240.0 and 172.31.16.0/20 (Auto fill by FreePBX) without any luck.

9

Where network wise is your extension

12345

?

10

I’ve extensions 12345, 12346, 12347 etc.

11

Then more generally

Where network wise are your extensions

12345, 12346, 12347 etc.

? Particularly what is the ip address of these extensions.

12

No, SIP server is hosted in Amazon AWS and we’re trying to connecting using different network.

13

Then sjrely your local_net is completly spurious you don’t have one. Just use your public ip

14

So I removed and config was

[0.0.0.0-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
external_media_address=52.*.*.*
external_signaling_address=52.*.*.*
ca_list_file=/etc/asterisk/keys/integration/ca-bundle.crt
cert_file=/etc/asterisk/keys/integration/webserver.crt
priv_key_file=/etc/asterisk/keys/integration/webserver.key

And problem wasn’t solved. As I’ve told I have configured several servers with SRTP. Not sure why this one isn’t working. Previously I used Asterisk 13. Not sure about this one.

Thanks

15

Not sure what happened but I’ve reinstalled and same settings are working fine now.