I'm running Asterisk 11.18 from Incredible PBX 11-12.
After tons of Googling, reviewing these and other boards, and creating and installing and provisioning self-signed certificates and things, I think I've gotten TLS and SRTP all set up and working, now--it works flawlessly on my Groundwire softphone on iOS, and test calls between Groundwire and my Yealink W52P function fine and show the security indicators, and SIP debugs confirm that it's riding over TLS.
But then, I tried testing a call to a VoIP.ms DID whose destination is the Yealink. The calling side heard ringback tones, and as soon as I answered the extension, I heard a very loud, brief white-noise-ish sound on the extension, and the call hung up. On the other end, the calling side was then directed to voicemail.
A review of the logs indicated this key line:
[2015-09-25 18:26:49] WARNING[2815][C-00000007]: chan_sip.c:10389 process_sdp: Rejecting secure audio stream without encryption details: audio 11872 RTP/SAVP 0 101
Lots of Googling ensued, and I even encountered this:
http://tech.iprock.com/?p=10673
https://issues.asterisk.org/jira/browse/ASTERISK-17899
So I added ignorecryptolifetime=yes to sip_custom_post.conf and reloaded (and webgui reloaded and amportal restarted) to no effect.
The very weird thing is that this only happens on external inbound calls from VoIP.ms trunks. Calls from other extensions are fine, as are calls from other trunks like Flowroute and Google Voice. Also, if I redirect that VoIP.ms trunk to my Groundwire on iOS extension, it works fine. It's only the interplay between the VoIP.ms trunk and the Yealink extension that seems to be having issues.
Maybe there is some context weirdness that is treating VoIP.ms differently--other than a few tweaks, my install is almost entirely stock Incredible PBX 11-12, and I haven't made any other real substantive changes that would affect this (AFAIK)--but I'm at the end of my knowledge and Googling abilities here.
A full glance at the SIP debugs doesn't seem to indicate anything of special note, but I'll include them here for good measure:
Any ideas? If need be, I can post sanitized SIP debugs for a working call.
After tons of Googling, reviewing these and other boards, and creating and installing and provisioning self-signed certificates and things, I think I've gotten TLS and SRTP all set up and working, now--it works flawlessly on my Groundwire softphone on iOS, and test calls between Groundwire and my Yealink W52P function fine and show the security indicators, and SIP debugs confirm that it's riding over TLS.
But then, I tried testing a call to a VoIP.ms DID whose destination is the Yealink. The calling side heard ringback tones, and as soon as I answered the extension, I heard a very loud, brief white-noise-ish sound on the extension, and the call hung up. On the other end, the calling side was then directed to voicemail.
A review of the logs indicated this key line:
[2015-09-25 18:26:49] WARNING[2815][C-00000007]: chan_sip.c:10389 process_sdp: Rejecting secure audio stream without encryption details: audio 11872 RTP/SAVP 0 101
Lots of Googling ensued, and I even encountered this:
http://tech.iprock.com/?p=10673
https://issues.asterisk.org/jira/browse/ASTERISK-17899
So I added ignorecryptolifetime=yes to sip_custom_post.conf and reloaded (and webgui reloaded and amportal restarted) to no effect.
The very weird thing is that this only happens on external inbound calls from VoIP.ms trunks. Calls from other extensions are fine, as are calls from other trunks like Flowroute and Google Voice. Also, if I redirect that VoIP.ms trunk to my Groundwire on iOS extension, it works fine. It's only the interplay between the VoIP.ms trunk and the Yealink extension that seems to be having issues.
Maybe there is some context weirdness that is treating VoIP.ms differently--other than a few tweaks, my install is almost entirely stock Incredible PBX 11-12, and I haven't made any other real substantive changes that would affect this (AFAIK)--but I'm at the end of my knowledge and Googling abilities here.
A full glance at the SIP debugs doesn't seem to indicate anything of special note, but I'll include them here for good measure:
Code:
-- Executing [s@macro-dial-one:38] GotoIf("SIP/voipms-0000000c", "1?godial") in new stack
-- Goto (macro-dial-one,s,43)
-- Executing [s@macro-dial-one:43] Macro("SIP/voipms-0000000c", "dialout-one-predial-hook,") in new stack
-- Executing [s@macro-dialout-one-predial-hook:1] MacroExit("SIP/voipms-0000000c", "") in new stack
-- Executing [s@macro-dial-one:44] Dial("SIP/voipms-0000000c", "SIP/2111,15,Ttr") in new stack
== Using SIP VIDEO TOS bits 136
== Using SIP VIDEO CoS mark 6
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
Audio is at 12836
Adding codec 100003 (ulaw) to SDP
Adding codec 100008 (g729) to SDP
Adding non-codec 0x1 (telephone-event) to SDP
Reliably Transmitting (NAT) to [endpoint]:59541:
INVITE sip:[ext]@[endpoint]:59541;transport=TLS SIP/2.0
Via: SIP/2.0/TLS [pbx]:5061;branch=xxx;rport
Max-Forwards: 70
From: "[NAME]" <sip:[cid]@[pbx]>;tag=xxx
To: <sip:[ext]@[endpoint]:59541;transport=TLS>
Contact: <sip:[cid]@[pbx]:5061;transport=TLS>
Call-ID: xxx@[pbx]:5061
CSeq: 102 INVITE
User-Agent: FPBX-12.0.70(11.18.0)
Date: Fri, 25 Sep 2015 22:26:41 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 368
v=0
o=root xxx xxxIN IP4 208.100.39.55
s=Asterisk PBX 11.18.0
c=IN IP4 208.100.39.55
t=0 0
m=audio 10204 RTP/SAVP 0 18 101
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:[some string]
---
-- Called SIP/[ext]
<--- SIP read from TLS:[endpoint]:59541 --->
SIP/2.0 100 Trying
Via: SIP/2.0/TLS [pbx]:5061;branch=xxx;rport
From: "[NAME]" <sip:[cid]@[pbx]>;tag=xxx
To: <sip:[ext]@[endpoint]:59541;transport=TLS>
Call-ID: xxx@[pbx]:5061
CSeq: 102 INVITE
User-Agent: Yealink SIP-W52P 25.73.0.40
Content-Length: 0
<------------->
--- (8 headers 0 lines) ---
<--- SIP read from TLS:[endpoint]:59541 --->
SIP/2.0 180 Ringing
Via: SIP/2.0/TLS [pbx]:5061;branch=xxx;rport
From: "[NAME]" <sip:[cid]@[pbx]>;tag=xxx
To: <sip:[ext]@[endpoint]:59541;transport=TLS>;tag=xxx
Call-ID: xxx@[pbx]:5061
CSeq: 102 INVITE
Contact: <sip:[ext]@[endpoint]:59541;transport=TLS>
Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
User-Agent: Yealink SIP-W52P 25.73.0.40
Allow-Events: talk,hold,conference,refer,check-sync
Content-Length: 0
<------------->
--- (11 headers 0 lines) ---
list_route: hop: <sip:[ext]@[endpoint]:59541;transport=TLS>
-- SIP/2111-0000000d is ringing
<--- SIP read from TLS:[endpoint]:59541 --->
<------------->
<--- SIP read from TLS:[endpoint]:59541 --->
SIP/2.0 200 OK
Via: SIP/2.0/TLS [pbx]:5061;branch=xxx;rport
From: "[NAME]" <sip:[cid]@[pbx]>;tag=as1549ec6d
To: <sip:[ext]@[endpoint]:59541;transport=TLS>;tag=xxx
Call-ID: xxx@[pbx]:5061
CSeq: 102 INVITE
Contact: <sip:[ext]@[pbx]:59541;transport=TLS>
Content-Type: application/sdp
Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
User-Agent: Yealink SIP-W52P 25.73.0.40
Content-Length: 298
v=0
o=- 20043 20043 IN IP4 [endpoint]
s=SDP data
c=IN IP4 [endpoint]
t=0 0
m=audio 11872 RTP/SAVP 0 101
a=rtpmap:0 PCMU/8000
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:[longstring]
a=sendrecv
a=ptime:20
a=fmtp:101 0-15
a=rtpmap:101 telephone-event/8000
<------------->
--- (11 headers 12 lines) ---
Found RTP audio format 0
Found RTP audio format 101
Found audio description format PCMU for ID 0
Found audio description format telephone-event for ID 101
[2015-09-25 18:26:49] WARNING[2815][C-00000007]: chan_sip.c:10389 process_sdp: Rejecting secure audio stream without encryption details: audio 11872 RTP/SAVP 0 101
list_route: hop: <sip:[ext]@[endpoint]:59541;transport=TLS>
set_destination: Parsing <sip:[ext]@[endpoint]:59541;transport=TLS> for address/port to send to
set_destination: set destination to [endpoint]:59541
Transmitting (NAT) to [endpoint]:59541:
ACK sip:[ext]@[endpoint]:59541;transport=TLS SIP/2.0
Via: SIP/2.0/TLS [pbx]:5061;branch=xxx;rport
Max-Forwards: 70
From: "[NAME]" <sip:[cid]@[pbx]>;tag=xxx
To: <sip:[ext]@[endpoint]:59541;transport=TLS>;tag=xxx
Contact: <sip:[cid]@[pbx]:5061;transport=TLS>
Call-ID: xxx@[pbx]:5061
CSeq: 102 ACK
User-Agent: FPBX-12.0.70(11.18.0)
Content-Length: 0
---
set_destination: Parsing <sip:[ext]@[endpoint]:59541;transport=TLS> for address/port to send to
set_destination: set destination to [endpoint]:59541
Reliably Transmitting (NAT) to [endpoint]:59541:
BYE sip:[ext]@[endpoint]:59541;transport=TLS SIP/2.0
Via: SIP/2.0/TLS [pbx]:5061;branch=xxx;rport
Max-Forwards: 70
From: "[NAME]" <sip:[cid]@[pbx]>;tag=xxx
To: <sip:[ext]@[endpoint]:59541;transport=TLS>;tag=xxx
Call-ID: xxx@[pbx]:5061
CSeq: 103 BYE
User-Agent: FPBX-12.0.70(11.18.0)
X-Asterisk-HangupCause: Bearer capability not available
X-Asterisk-HangupCauseCode: 58
Content-Length: 0
---
Scheduling destruction of SIP dialog '[longstring]@[pbx]:5061' in 11136 ms (Method: INVITE)
Scheduling destruction of SIP dialog '[longstring]@[pbx]:5061'' in 11136 ms (Method: INVITE)
== Everyone is busy/congested at this time (1:0/0/1)
-- Executing [s@macro-dial-one:45] ExecIf("SIP/voipms-0000000c", "0?MacroExit()") in new stack
-- Executing [s@macro-dial-one:46] ExecIf("SIP/voipms-0000000c", "0?Set(DIALSTATUS=)") in new stack
-- Executing [s@macro-dial-one:47] GosubIf("SIP/voipms-0000000c", "0?s-CHANUNAVAIL,1()") in new stack
-- Executing [s@macro-dial-one:48] MacroExit("SIP/voipms-0000000c", "") in new stack
-- Executing [s@macro-exten-vm:17] Set("SIP/voipms-0000000c", "SV_DIALSTATUS=CHANUNAVAIL") in new stack
Any ideas? If need be, I can post sanitized SIP debugs for a working call.