search

Sanjivkumarroshan / csipsimple

Automatically exported from code.google.com/p/csipsimple
0 stars 0 forks source link

zRTP cannot be enabled #2823

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
Server Side:

1.Generate certificates for server and two clients
2.Place the server cert in /etc/asterisk/keys/
3.sip.conf:

[general]
context=local
allowguest=no
alwaysauthreject=yes
allow=gsm
allow=ulaw
allow=alaw

directmedia=yes  

allowoverlap=no
bindport=5061
tlsdontverifyserver=yes      
tlsenable=yes
tlsbindaddr=192.168.0.102

tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscapath=/etc/asterisk/keys

register => tls://john:password@192.168.0.119:5061
register => tls://jane:password@192.168.0.119:5061
tlscipher=ALL
tlsclientmethod=tlsv1
localnet=192.168.0.119/255.255.255.0

[john]
type=peer
defaultuser=john
secret=password
dtmfmode=rfc2833
callerid="User one"
host=dynamic      
canreinvite=no
nat=no
encryption=yes
transport=tls

[jane]
type=peer
defaultuser=jane
secret=password
dtmfmode=rfc2833
callerid="User two"
host=dynamic   
canreinvite=no
nat=no
encryption=yes
transport=tls

Client Side:

setup the TLS setting in OSTN account

udp enabled
tcp enabled 
srtp disabled
zrtp create zrtp

What is the expected output? What do you see instead?
TLS +zRTP displayed and the call is made
instead on the asterisk CLI i see a messsage, 

WARNING[5008][C-00000034]: chan_sip.c:10433 process_sdp: Matched device setup 
to use SRTP, but request was not!

What version of the product are you using? On what device / operating
system?
android 4.2.2
asterisk 1.8

Please provide any additional information below.

if i make srtp mandatory and zRTP => create zrtp the call is made indicating 
TLS to the immediate hop + srtp

Original issue reported on code.google.com by dakaitGr...@gmail.com on 4 Nov 2014 at 6:23

GoogleCodeExporter commented 9 years ago 
typo in the OP
tlsbindaddr=192.168.0.119

Original comment by dakaitGr...@gmail.com on 4 Nov 2014 at 6:25

GoogleCodeExporter commented 9 years ago 

Currently SRTP and zRTP modes are not compatible together.
As consequence, if SRTP is enabled and detected as something available
for the call, it will be used instead of ZRTP.

Just to clarify, when you see "SRTP" (rfc3711) in csipsimple it refers
to SRTP announced in SDP profile.
That's why if you want zrtp (with direct peer to peer media
encryption) you must disable this SRTP.

Another point you might be interested in, you can configure the
default "scheme" so that calls are made with "sips:" instead of "sip:"
so that the leg between server and your remote part are also tried
with TLS transport.

Original comment by r3gis...@gmail.com on 11 Nov 2014 at 10:27