I would like to get help finding instructions for enabling TLS and SRTP for extensions and PBX to PBX trunks. Long time ago I somehow managed to manually configure stand alone asterisk. Should the same steps be followed or there is UI support here?
FWIW, I've found that IAX2 seems overall to be more robust than SIP under various PBX-to-PBX trunking environments.
Maybe it boils down to being a question of what/which you are familiar with, and I'm certainly no expert on SIP (or IAX2 for that matter). And granted, it's easy enough to configure a simple SIP trunk between two servers on the Internet (or on a local LAN). But add a firewall or two to the equation (perhaps with SIP/Alg), an unforgiving NAT, or the need for encrypted voice traffic, and the SIP route starts to look anything but simple. Now add in SIP's need for separate paths for call set-up and voice traffic -- useful in some contexts, but additional complexity if you don't need it -- and things start to get really dicey. I follow the usual forums and there is a steady stream of complaints and questions about one-way audio, spontaneous disconnects, etc.Can you explain that a bit more? Setting up SIP between two pbxes under your own control is basically a four-line peer definition and just works. What does iax2 add to make it more robust?
https://wiki.freepbx.org/display/PHON/TLS+and+SRTP for the extensions
For trunks, there's no GUI option. You just need to put "transport=tls" and "port=5061" into your peer definition.
Thanks, that was all I needed. Followed all instructions, e.g. requested certificate from let's encrypt, had to do it manually via dns because port 80 is permanently disabled, entered certificate into UI, switched chan_sip default 701 extension to TLS only - all seems to work. Then enabled SRTP in the extension and SIP client, iOS BRIA. Attempt to dial a number caused asterisk to crash with:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fc9839b5700 (LWP 3839)]
0x0000003f77656ac0 in _IO_vfscanf_internal (s=<value optimized out>, format=0x5eef3a "", argptr=0x7fc9839b0070, errp=0x0)
at vfscanf.c:1772
1772 *ARG (unsigned int *) = (unsigned int) num.ul;
(gdb) where
#0 0x0000003f77656ac0 in _IO_vfscanf_internal (s=<value optimized out>, format=0x5eef3a "", argptr=0x7fc9839b0070, errp=0x0)
at vfscanf.c:1772
#1 0x0000003f77669535 in _IO_vsscanf (string=0x7fc9839b0160 "1", format=0x5eef36 "%30d", args=0x7fc9839b0070) at iovsscanf.c:45
#2 0x0000003f77663598 in __sscanf (s=<value optimized out>, format=<value optimized out>) at sscanf.c:34
#3 0x0000000000596639 in ast_sdp_crypto_process (rtp=0x7fc9d801b190, srtp=0x7fc9d801a730, attr=
0x7fc9d801516a "1 AES_CM_128_HMAC_SHA1_80 inline:xxxxxxxxxx+n/xxxxxxxxxxxxxxx+rc") at sdp_srtp.c:263
#4 0x00007fc98b056fea in process_crypto (p=0x7fc9d8006db0, rtp=0x7fc9d801b190, srtp=0x7fc9d80081b8, a=
0x7fc9d801516a "1 AES_CM_128_HMAC_SHA1_80 inline:xxxxxxxxxx+n/xxxxxxxxxxxxxxx+rc", secure_transport=1)
at chan_sip.c:33918
#5 0x00007fc98b06af84 in process_sdp (p=0x7fc9d8006db0, req=0x7fc9839b3c90, t38action=1) at chan_sip.c:10753
#6 0x00007fc98b0bd362 in handle_request_invite (p=0x7fc9d8006db0, req=<value optimized out>, addr=0x7fc9cc1bf480, seqno=2,
recount=0x7fc9839b213c, e=0x7fc9d8014cef "sip:[email protected]", nounlock=0x7fc9839b2138) at chan_sip.c:26346
#7 0x00007fc98b0bff5a in handle_incoming (p=0x7fc9d8006db0, req=0x7fc9839b3c90, addr=0x7fc9cc1bf480, recount=0x7fc9839b213c,
nounlock=0x7fc9839b2138) at chan_sip.c:28882
#8 0x00007fc98b0c1822 in handle_request_do (req=0x7fc9839b3c90, addr=0x7fc9cc1bf480) at chan_sip.c:29091
#9 0x00007fc98b0c215c in _sip_tcp_helper_thread (tcptls_session=0x7fc9cc1bf460) at chan_sip.c:3090
#10 0x00000000005bd645 in handle_tcptls_connection (data=0x7fc9cc1bf460) at tcptls.c:792
#11 0x00000000005cd41b in dummy_start (data=<value optimized out>) at utils.c:1238
#12 0x0000003f77a07aa1 in start_thread (arg=0x7fc9839b5700) at pthread_create.c:301
#13 0x0000003f776e8bcd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
I have a feeling that a strange srtp related patch causing the problem...I'd keep an eye out for Asterisk updates because it looks like the version you've got has a bug in SRTP.
Do you have an ETA by any chance?VMware image has not yet been updated.
I see new vmware virtualbox images on sourceforge download page. Are they contain proper SRTP patch?VMware image has not yet been updated.
I see new vmware virtualbox images on sourceforge download page. Are they contain proper SRTP patch?
Link up your team and customers Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.