I'm having trouble setting up tls/srtp secure communications on my
Asterisk server- I'm still rather new at working with Asterisk.
I have enabled tls and encryption and I have csipsimple with tls build
on the phone. I'm currently only testing one phone with this capability
so far, and the rest still work in the current state.
My logging looks like this with verbose turned up:
[Jun 7 11:44:13] NOTICE[88483]: chan_sip.c:19842
handle_response_peerpoke: Peer '<user>' is now Reachable. (171ms / 2000ms)
[Jun 7 11:46:17] NOTICE[88483]: chan_sip.c:25072 sip_poke_noanswer:
Peer '<user>' is now UNREACHABLE! Last qualify: 203
[Jun 7 11:46:29] NOTICE[88483]: chan_sip.c:19842
handle_response_peerpoke: Peer '<user>' is now Reachable. (1888ms / 2000ms)
When I call on this phone I get:
[Jun 7 11:40:47] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid argument
[Jun 7 11:41:01] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid argument
[Jun 7 11:41:15] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid argument
[Jun 7 11:41:29] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
of 0x2c992000 (len 599) to 192.168.0.200:36129 returned -2: Invalid argument
-- Registered SIP '<user>' at 192.168.0.200:57805
[Jun 7 11:41:31] NOTICE[88483]: chan_sip.c:19842
handle_response_peerpoke: Peer '<user>' is now Reachable. (10ms / 2000ms)
When I call from another phone I get:
[Jun 7 11:55:30] NOTICE[88483]: chan_sip.c:25072 sip_poke_noanswer:
Peer '<tls user>' is now UNREACHABLE! Last qualify: 13
-- SIP/<tls user>-00000024 is circuit-busy
== Everyone is busy/congested at this time (1:0/1/0)
-- Auto fallthrough, channel 'SIP/<user>-00000023' status is
'CONGESTION'
[Jun 7 11:56:22] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
of 0x2c992000 (len 599) to 192.168.0.200:45931 returned -2: Interrupted
system call
and eventually:
[Jun 7 11:57:46] WARNING[88483]: chan_sip.c:3280 __sip_xmit: sip_xmit
of 0x2cefb000 (len 599) to 192.168.0.200:45931 returned -2: Unknown error: 0
I'm using my own CA setup for purposes beyond just this need, so I'm
using openssl commands directly and everything works elsewhere- so my CA
setup is fine (includes SAN).
My config for tls/srtp looks like this (remember, the rest works very
happily):
[global]
encryption = yes
tlsenable = yes
tlsbindaddr = 0.0.0.0
tlscertfile =
/path/to/asterisk/certificate/and/key/in/a/single/file
tlscafile = /path/to/CA/certificate
tlscipher = ALL
tlsclientmethod = tlsv1
[tls user]
transport = tls
Can someone give me any clues to what is happening? I've checked my
packet flow with tcpdump and wireshark as well, but I'm still left
mystified.
Cheers
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
