TLS + SRTP Help

configuration
Tags: #<Tag:0x00007f70265685b8>
(Michael) #1

Hi all,

It’s my first time setting up TLS and I’m running into an issue that I can’t quite figure out. I followed the FreePBX Wiki Guide for TLS + SRTP and have double checked that both the PJSIP settings and extension settings match what is listed in the guide. I have purchased a wildcard domain certificate, installed it on my FreePBX machine, and set it as default. In the PJSip settings, I’ve specifically chosen that certificate to be used as well. I am running FreePBX 15.0.17.12 and Asterisk 16.15.1. PJSip UDP runs on port 5060 and TLS runs on 5061.

I am trying to place a call using a Zoiper softphone and the call immediately hangs up. In PJSip Logger, I am seeing a 401 Unauthorized even though the endpoint is registered.

Here are 2 pastebins that show the details:

  1. PJSip Logger
  2. PJSip Show Endpoint 151

Any help is greatly appreciated!

Thank you,

Michael

(Joshua C. Colp) #2

The endpoint in Asterisk is set to require encrypted media. The client is not offering encrypted media, so the call fails.

(Michael) #3

Ahh! That was it! How would I have seen that from the logs? Just curious so I can learn how diagnose in the future…

#4

Line 236:
SIP/2.0 488 Not Acceptable Here
indicates that none of the media options offered by the SDP (lines 207-221) are acceptable to the receiver. Usually, it means no codec in common, but in this case no encryption offered by sender but required by receiver.