DTLS=passive solved it.

Thanks guys. 

On Tue, 10 Apr 2018, 11:37 pm Aqs Younas, <aqsyounas@gmail.com> wrote:
Sometimes, I see below logs in RTP engine. 


Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: Received command 'answer' from 127.0.0.1:44933
Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: answer time = 0.000163 sec
Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: Replying to 'answer' from 127.0.0.1:44933
[1523383161.279950] ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port  8268]: SRTP output wanted, but no crypto suite was negotiated
Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port  8268]: SRTP output wanted, but no crypto suite was negotiated
Apr 10 17:59:25 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5 port  8268]: Confirmed peer address as 72.214.35.171:64834
[1523383171.481023] ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port  8269]: SRTCP output wanted, but no crypto suite was negotiated
Apr 10 17:59:31 centos-1024mb-nyc-02 rtpengine[65101]: ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port  8269]: SRTCP output wanted, but no crypto suite was negotiated
Apr 10 17:59:31 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5 port  8269]: Confirmed peer address as 72.214.35.171:50108
[1523383176.025296] ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port  8268]: SRTP output wanted, but no crypto suite was negotiated
Apr 10 17:59:36 centos-1024mb-nyc-02 rtpengine[65101]: ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port  8268]: SRTP output wanted, but no crypto suite was negotiated
[1523383186.000280] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error: 1 (read timeout expired)
[1523383186.000335] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error on local port 8248
[1523383186.000419] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error: 1 (read timeout expired)
[1523383186.000429] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error on local port 8249
Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error: 1 (read timeout expired)
Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error on local port 8248
Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error: 1 (read timeout expired)
Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error on local port 8249
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: Closing call due to timeout
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: Final packet stats:
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: --- Tag 'f6d2237d-f960-4542-b138-f39a7fb52770', created 1:32 ago for branch '', in dialogue with '6bdf30d1-2da6-4b6d-b917-aaa720c9c1fa'
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: ------ Media #1 (audio over UDP/TLS/RTP/SAVP) using unknown codec
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port  209.182.216.71:8288  <>  100.84.103.245:4002 , SSRC 0, 0 p, 0 b, 0 e, 92 ts
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port  209.182.216.71:8289  <>  100.84.103.245:4003  (RTCP), SSRC 0, 0 p, 0 b, 0 e, 92 ts
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: --- Tag '6bdf30d1-2da6-4b6d-b917-aaa720c9c1fa', created 1:32 ago for branch '', in dialogue with 'f6d2237d-f960-4542-b138-f39a7fb52770'
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: ------ Media #1 (audio over UDP/TLS/RTP/SAVP) using G722/8000
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port  209.182.216.71:8268  <>   72.214.35.171:64834, SSRC 653128b4, 935 p, 160820 b, 0 e, 60 ts
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO: [24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port  209.182.216.71:8269  <>   72.214.35.171:50108 (RTCP), SSRC 653128b4, 3 p, 278 b, 0 e, 60 ts


Any suggestion what might be happening?

Br, Aqs. 

On 10 April 2018 at 22:59, Aqs Younas <aqsyounas@gmail.com> wrote:
I could see SRTP packets coming from one device but they never leave rtpeninge. 

I put a link to Pastebin containing a call trace with the hope that someone might help me out.  

I could provide more info if required. 


On 10 April 2018 at 01:39, Aqs Younas <aqsyounas@gmail.com> wrote:
Greetings list, 

I am trying to make two endpoints talking on DTLS-SRTP. But I hear on audio. 

Things work perfectly fine if I use RTP or SRTP with TLS. 

Endpoints are pjsip based application not webrtc based clients. 


Below are logs from rtpengine. I hope someone could point out amiss. 

Apr  9 20:02:43 centos-1024mb-nyc-02 rtpengine[58438]: INFO: [66d2da58-21fe-48bd-9999-a1f3a22afa6d]: --------- Port  209.182.216.71:8176  <>   72.214.35.171:63577, SSRC 1234c6eb, 641 p, 110252 b, 0 e, 60 ts
Apr  9 20:02:43 centos-1024mb-nyc-02 rtpengine[58438]: INFO: [66d2da58-21fe-48bd-9999-a1f3a22afa6d]: --------- Port  209.182.216.71:8177  <>   72.214.35.171:63056 (RTCP), SSRC 1234c6eb, 4 p, 372 b, 0 e, 60 ts
Apr  9 20:12:24 centos-1024mb-nyc-02 rtpengine[58438]: INFO: Version git-master-3ef300b shutting down
Apr  9 20:12:37 centos-1024mb-nyc-02 rtpengine[58958]: INFO: Generating new DTLS certificate
Apr  9 20:12:37 centos-1024mb-nyc-02 rtpengine[58959]: INFO: Startup complete, version git-master-3ef300b
Apr  9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: INFO: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Received command 'offer' from 127.0.0.1:57645
Apr  9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: NOTICE: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Creating new call
Apr  9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: INFO: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: offer time = 0.002612 sec
Apr  9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: INFO: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Replying to 'offer' from 127.0.0.1:57645
Apr  9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Received command 'answer' from 127.0.0.1:42309
Apr  9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: answer time = 0.000220 sec
Apr  9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Replying to 'answer' from 127.0.0.1:42309
Apr  9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: DTLS: Peer certificate accepted
Apr  9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: DTLS-SRTP successfully negotiated
Apr  9 20:13:57 centos-1024mb-nyc-02 rtpengine[58959]: ERR: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: SRTP output wanted, but no crypto suite was negotiated
Apr  9 20:14:00 centos-1024mb-nyc-02 rtpengine[58959]: INFO: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: Confirmed peer address as 72.214.35.171:58634
Apr  9 20:14:07 centos-1024mb-nyc-02 rtpengine[58959]: ERR: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8001]: SRTCP output wanted, but no crypto suite was negotiated
Apr  9 20:14:07 centos-1024mb-nyc-02 rtpengine[58959]: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08] version=2, padding=0, count=1, payloadtype=200, length=12, ssrc=2045607967, ntp_sec=1379282714, ntp_fractions=439054259, rtp_ts=1838072137, sender_packets=3366262813, sender_bytes=2383498210, ssrc=815258372, fraction_lost=96, packet_loss=13713522, last_seq=3314313929, jitter=2878956247, last_sr=2456273253, delay_since_last_sr=3351655681
Apr  9 20:14:07 centos-1024mb-nyc-02 rtpengine[58959]: INFO: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8001]: Confirmed peer address as 72.214.35.171:57732
Apr  9 20:14:12 centos-1024mb-nyc-02 rtpengine[58959]: ERR: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: SRTP output wanted, but no crypto suite was negotiated
Apr  9 20:14:17 centos-1024mb-nyc-02 rtpengine[58959]: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08] version=2, padding=0, count=1, payloadtype=200, length=12, ssrc=2045607967, ntp_sec=2811881700, ntp_fractions=4080266212, rtp_ts=371429680, sender_packets=958830616, sender_bytes=2579186043, ssrc=1909756377, fraction_lost=174, packet_loss=11416637, last_seq=3106722675, jitter=758758394, last_sr=2663618457, delay_since_last_sr=1399181077
Apr  9 20:14:27 centos-1024mb-nyc-02 rtpengine[58959]: ERR: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: SRTP output wanted, but no crypto suite was negotiated
Apr  9 20:14:27 centos-1024mb-nyc-02 rtpengine[58959]: ERR: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8001]: SRTCP output wanted, but no crypto suite was negotiated
Apr  9 20:14:27 centos-1024mb-nyc-02 rtpengine[58959]: [a5ca8335-84d2-4daf-a0e2-6465e72b6d08] version=2, padding=0, cou


It is how I have programmed it in my Kamailio configuration. 

ON INVITE

rtpengine_offer("replace-origin replace-session-connection ICE=remove UDP/TLS/RTP/SAVP");

ON 200-ok

rtpengine_answer("replace-origin replace-session-connection ICE=remove UDP/TLS/RTP/SAVP"); 


Best Regards, 

Aqs Younas