Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[asterisk-users] Grandstream GXP2160 + SRTP


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users
View previous topic :: View next topic  
Author Message
jonas.kellens at telen...
Guest





PostPosted: Tue Oct 07, 2014 5:33 am    Post subject: [asterisk-users] Grandstream GXP2160 + SRTP Reply with quote

Hello,

I am trying to setup a Grandstream GXP2160 IP-phone with secure calling (SRTP).

Secure signaling SSIP for registration is working great !

I follow this guide : https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial

But when I try to make a call with SRTP, I get stuck. There is an initial INVITE which is anwered with a 401. There should follow a new INVITE with a nonce, but this does not happen. Any idea why ? Is it the Grandstream IP-phone ??



<--- SIP read from TLS:my.pub.lic.ip:53416 --->
INVITE sip:0123123123@ast.ser.ver.ip:5061 ([email]sip:0123123123@ast.ser.ver.ip:5061[/email]) SIP/2.0
Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;rport;alias
From: <sip:testacc77005@ast.ser.ver.ip:5061> ([email]sip:testacc77005@ast.ser.ver.ip:5061[/email]);tag=263162018
To: <sip:0123123123@ast.ser.ver.ip:5061> ([email]sip:0123123123@ast.ser.ver.ip:5061[/email])
Call-ID: 1695864968-5068-8@BJC.BGI.B.BAE (1695864968-5068-8@BJC.BGI.B.BAE)
CSeq: 50 INVITE
Contact: <sips:testacc77005@192.168.1.104:5068;transport=tls> ([email]sips:testacc77005@192.168.1.104:5068;transport=tls[/email])
X-Grandstream-PBX: true
Max-Forwards: 70
User-Agent: Grandstream GXP2160 1.0.2.9
Privacy: none
P-Preferred-Identity: <sip:testacc77005@ast.ser.ver.ip:5061> ([email]sip:testacc77005@ast.ser.ver.ip:5061[/email])
Supported: replaces, path, timer
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE
Content-Type: application/sdp
Accept: application/sdp, application/dtmf-relay
Content-Length: 522

v=0
o=testacc77005 8004 8000 IN IP4 192.168.1.104
s=SIP Call
c=IN IP4 192.168.1.104
t=0 0
m=audio 5020 RTP/SAVP 0 8 18 9 2 101
a=sendrecv
a=rtpmap:0 PCMU/8000
a=ptime:20
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:9 G722/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8m7ZfG+0t3KBFGK40IfDO11SZ6D54glKKIwdgo00|2^32
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:nn+id/sSK7OErMfnZZduKNPLejpscxx1vUQB2seO|2^32


<--- Reliably Transmitting (NAT) to my.pub.lic.ip:53416 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;alias;received=my.pub.lic.ip;rport=53416
From: <sip:testacc77005@ast.ser.ver.ip:5061> ([email]sip:testacc77005@ast.ser.ver.ip:5061[/email]);tag=263162018
To: <sip:0123123123@ast.ser.ver.ip:5061> ([email]sip:0123123123@ast.ser.ver.ip:5061[/email]);tag=as1e527556
Call-ID: 1695864968-5068-8@BJC.BGI.B.BAE (1695864968-5068-8@BJC.BGI.B.BAE)
CSeq: 50 INVITE
Server: mydomain
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="mydomain.be", nonce="13b47342"
Content-Length: 0


<--- SIP read from TLS:my.pub.lic.ip:53416 --->
ACK sip:0123123123@ast.ser.ver.ip:5061 ([email]sip:0123123123@ast.ser.ver.ip:5061[/email]) SIP/2.0
Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;rport;alias
From: <sip:testacc77005@ast.ser.ver.ip:5061> ([email]sip:testacc77005@ast.ser.ver.ip:5061[/email]);tag=263162018
To: <sip:0123123123@ast.ser.ver.ip:5061> ([email]sip:0123123123@ast.ser.ver.ip:5061[/email]);tag=as1e527556
Call-ID: 1695864968-5068-8@BJC.BGI.B.BAE (1695864968-5068-8@BJC.BGI.B.BAE)
CSeq: 50 ACK
Content-Length: 0
Back to top
jonas.kellens at telen...
Guest





PostPosted: Wed Oct 08, 2014 4:01 am    Post subject: [asterisk-users] Grandstream GXP2160 + SRTP Reply with quote

On 07-10-14 12:32, Jonas Kellens wrote:
Quote:
Hello,

I am trying to setup a Grandstream GXP2160 IP-phone with secure calling (SRTP).

Secure signaling SSIP for registration is working great !

I follow this guide : https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial

But when I try to make a call with SRTP, I get stuck. There is an initial INVITE which is anwered with a 401. There should follow a new INVITE with a nonce, but this does not happen. Any idea why ? Is it the Grandstream IP-phone ??



<--- SIP read from TLS:my.pub.lic.ip:53416 --->
INVITE sip:0123123123@ast.ser.ver.ip:5061 ([email]sip:0123123123@ast.ser.ver.ip:5061[/email]) SIP/2.0
Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;rport;alias
From: <sip:testacc77005@ast.ser.ver.ip:5061> ([email]sip:testacc77005@ast.ser.ver.ip:5061[/email]);tag=263162018
To: <sip:0123123123@ast.ser.ver.ip:5061> ([email]sip:0123123123@ast.ser.ver.ip:5061[/email])
Call-ID: 1695864968-5068-8@BJC.BGI.B.BAE (1695864968-5068-8@BJC.BGI.B.BAE)
CSeq: 50 INVITE
Contact: <sips:testacc77005@192.168.1.104:5068;transport=tls> ([email]sips:testacc77005@192.168.1.104:5068;transport=tls[/email])
X-Grandstream-PBX: true
Max-Forwards: 70
User-Agent: Grandstream GXP2160 1.0.2.9
Privacy: none
P-Preferred-Identity: <sip:testacc77005@ast.ser.ver.ip:5061> ([email]sip:testacc77005@ast.ser.ver.ip:5061[/email])
Supported: replaces, path, timer
Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE
Content-Type: application/sdp
Accept: application/sdp, application/dtmf-relay
Content-Length: 522

v=0
o=testacc77005 8004 8000 IN IP4 192.168.1.104
s=SIP Call
c=IN IP4 192.168.1.104
t=0 0
m=audio 5020 RTP/SAVP 0 8 18 9 2 101
a=sendrecv
a=rtpmap:0 PCMU/8000
a=ptime:20
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:9 G722/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:8m7ZfG+0t3KBFGK40IfDO11SZ6D54glKKIwdgo00|2^32
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:nn+id/sSK7OErMfnZZduKNPLejpscxx1vUQB2seO|2^32


<--- Reliably Transmitting (NAT) to my.pub.lic.ip:53416 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;alias;received=my.pub.lic.ip;rport=53416
From: <sip:testacc77005@ast.ser.ver.ip:5061> ([email]sip:testacc77005@ast.ser.ver.ip:5061[/email]);tag=263162018
To: <sip:0123123123@ast.ser.ver.ip:5061> ([email]sip:0123123123@ast.ser.ver.ip:5061[/email]);tag=as1e527556
Call-ID: 1695864968-5068-8@BJC.BGI.B.BAE (1695864968-5068-8@BJC.BGI.B.BAE)
CSeq: 50 INVITE
Server: mydomain
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="mydomain.be", nonce="13b47342"
Content-Length: 0


<--- SIP read from TLS:my.pub.lic.ip:53416 --->
ACK sip:0123123123@ast.ser.ver.ip:5061 ([email]sip:0123123123@ast.ser.ver.ip:5061[/email]) SIP/2.0
Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;rport;alias
From: <sip:testacc77005@ast.ser.ver.ip:5061> ([email]sip:testacc77005@ast.ser.ver.ip:5061[/email]);tag=263162018
To: <sip:0123123123@ast.ser.ver.ip:5061> ([email]sip:0123123123@ast.ser.ver.ip:5061[/email]);tag=as1e527556
Call-ID: 1695864968-5068-8@BJC.BGI.B.BAE (1695864968-5068-8@BJC.BGI.B.BAE)
CSeq: 50 ACK
Content-Length: 0


Hello,

I seem to have the same problem with Snom 370 IP-phone. Registration works fine ! But I can not make calls with encrypted rtp.


<--- SIP read from TLS:my.pub.lic.ip:1068 --->
INVITE sip:0123123123@ast.ser.ver.ip;user=phone ([email]sip:0123123123@ast.ser.ver.ip;user=phone[/email]) SIP/2.0
Via: SIP/2.0/TLS 192.168.1.107:1068;branch=z9hG4bK-gxm8w1q7l2co;rport
From: <sip:testacc77003@ast.ser.ver.ip> ([email]sip:testacc77003@ast.ser.ver.ip[/email]);tag=zdwiwg10qx
To: <sip:0123123123@ast.ser.ver.ip;user=phone> ([email]sip:0123123123@ast.ser.ver.ip;user=phone[/email])
Call-ID: 3c2679977b67-9j0euqvseh5v
CSeq: 1 INVITE
Max-Forwards: 70
Contact: <sip:testacc77003@192.168.1.107:1068;transport=tls> ([email]sip:testacc77003@192.168.1.107:1068;transport=tls[/email]);reg-id=1
X-Serialnumber: 0004132E2809
P-Key-Flags: resolution="31x13", keys="4"
User-Agent: snom370/8.4.35
Accept: application/sdp
Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, PRACK, MESSAGE, INFO, UPDATE
Allow-Events: talk, hold, refer, call-info
Supported: timer, 100rel, replaces, from-change
Call-Info: <sip:ast.ser.ver.ip>;appearance-index=1
Session-Expires: 3600;refresher=uas
Min-SE: 90
Content-Type: application/sdp
Content-Length: 632

v=0
o=root 1052895538 1052895538 IN IP4 192.168.1.107
s=call
c=IN IP4 192.168.1.107
t=0 0
m=audio 65418 RTP/SAVP 8 3 18 99 101
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:KiXn5H+mKwavoDNa1PfnBqPoODTnxK6hOlWSNJM7
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:99 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv
m=audio 65418 RTP/AVP 8 3 18 99 101
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:99 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv
<------------->



<--- Reliably Transmitting (NAT) to my.pub.lic.ip:1068 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.1.107:1068;branch=z9hG4bK-gxm8w1q7l2co;received=my.pub.lic.ip;rport=1068
From: <sip:testacc77003@ast.ser.ver.ip> ([email]sip:testacc77003@ast.ser.ver.ip[/email]);tag=zdwiwg10qx
To: <sip:0123123123@ast.ser.ver.ip;user=phone> ([email]sip:0123123123@ast.ser.ver.ip;user=phone[/email]);tag=as1cd819c5
Call-ID: 3c2679977b67-9j0euqvseh5v
CSeq: 1 INVITE
Server: mydomain
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="mydomain.be", nonce="323823f6"
Content-Length: 0


<------------>

<--- SIP read from TLS:my.pub.lic.ip:1068 --->
ACK sip:0123123123@ast.ser.ver.ip;user=phone ([email]sip:0123123123@ast.ser.ver.ip;user=phone[/email]) SIP/2.0
Via: SIP/2.0/TLS 192.168.1.107:1068;branch=z9hG4bK-gxm8w1q7l2co;rport
From: <sip:testacc77003@ast.ser.ver.ip> ([email]sip:testacc77003@ast.ser.ver.ip[/email]);tag=zdwiwg10qx
To: <sip:0123123123@ast.ser.ver.ip;user=phone> ([email]sip:0123123123@ast.ser.ver.ip;user=phone[/email]);tag=as1cd819c5
Call-ID: 3c2679977b67-9j0euqvseh5v
CSeq: 1 ACK
Max-Forwards: 70
Contact: <sip:testacc77003@192.168.1.107:1068;transport=tls> ([email]sip:testacc77003@192.168.1.107:1068;transport=tls[/email]);reg-id=1
Content-Length: 0

<------------->



Any feedback is welcome.


Jonas
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> Asterisk Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services