Asterisk sRTP with 1.8
Posted on January 16, 2011
In a previous article I explained how to configure Asterisk sRTP support, but using a development version at the time. Since Asterisk 1.8 there is a native support for sRTP, so no need to have some development version.
Moving from development to 1.8 a few things changed in the configuration (not much), here is a quick update
Step 1: Pre-Requisites
On the sRTP side we still need the libraries (which can be found here) otherwise you will see …
checking for mandatory modules: CRYPTO MYSQLCLIENT SRTP OPENSSL... fail configure: *** configure: *** The SRTP installation appears to be missing or broken. configure: *** Either correct the installation, or run configure configure: *** including --without-srtp.
Refer to the sRTP on Asterisk article for how to set this up.
If you plan to include MySQL support on debian, don’t forget to install the libmysqlclient-dev
toera-g-sip1:/sw/src/asterisk-18.104.22.168# apt-get install libmysqlclient15-dev Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: libmysqlclient15-dev 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Step 2: Configuring the binaries
First of all lets configure the binaries, here is the command I used
toera-g-sip1:/sw/src/asterisk-22.214.171.124# ./configure --prefix=/sw/asterisk-126.96.36.199 --with-crypto --with-ssl --with-mysqlclient --with-srtp
The options are self explanatory, –with-crypto, –with-ssl are for the TLS part, –with-srtp for the … sRTP part and finally –with mysqlclient is for the MySQL support (not required by sRTP or TLS, but used for CDR).
Once this is done, run
make menuconfig to enable the TLS and sRTP modules (see the original article for details on that).
Step 3: Configuration part
Here are some changes, first the option in the sip.conf file is not anymore
Second the dial plan part in the extensions.conf file is not
exten => 9999,1,Set(_SIP_SRTP_SDES=optional)
exten => 9999,1,Set(_SIP_SRTP_SDES=1) exten => 9999,2,Set(_SIPSRTP=1) exten => 9999,3,Set(_SIPSRTP_CRYPTO=enable)
And basically that’s the only changes there are compared to the development version. As usual you can check if it’s working through a
sip set debug on :
<--- SIP read from TLS:85.xxx.xxx.xxx:55660 ---> INVITE sip:[email protected];transport=tls SIP/2.0 Via: SIP/2.0/TLS 192.168.0.17:46679;branch=z9hG4bK-d8754z-a51806220748b135-1---d8754z-;rport Max-Forwards: 70 Contact: <sip:[email protected]:55660;transport=TLS> To: "01xxxxxxxx"<sip:[email protected]> From: "Remi"<sip:[email protected]>;tag=bd9bb73d Call-ID: ZTE0ZTdiODBhYTA0MDQ2ZjYwNDZlMTAyYTM0Y2ViZmQ. CSeq: 1 INVITE Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO Content-Type: application/sdp Supported: replaces User-Agent: Bria 3 release 3.1 stamp 58312 Content-Length: 593 v=0 o=- 1295179812598219 1 IN IP4 192.168.0.17 s=Counterpath Bria 3.1 c=IN IP4 192.168.0.17 t=0 0 a=ice-ufrag:4de55c a=ice-pwd:d96683ec023786e73ca78e87d0383765 m=audio 53080 RTP/SAVP 9 0 8 18 101 a=rtpmap:18 G729/8000 a=fmtp:18 annexb=yes a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:2aHmG4LMIzu51D93lMPZpr5HCPuSgsmDpgM4siEz a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:2aHmG4LMIzu51D93lMPZpr5HCPuSgsmDpgM4siEz a=sendrecv a=candidate:1 1 UDP 659136 192.168.0.17 53080 typ host a=candidate:1 2 UDP 659134 192.168.0.17 53081 typ host <------------->
Here we are!