[SR-Users] Re: rtpengine - SRTP <> RTP

Thanks !

czw., 26 sty 2023 o 16:01 Ovidiu Sas osas@voipembedded.com napisał(a):

Here's a quick guide on how to capture and decrypt encrypted traffic: https://voipembedded.wordpress.com/2021/03/22/troubleshooting-kamailio-encry...

Now i see my mistake -

│SIP/2.0 200 OK 172.23.210.210:5060 172.23.9.70:5060 1.2.3.22:5061 │Via: SIP/2.0/UDP 172.23.210.210;received1 8.197.58.44:57301───┬───────── ──────────┬───────── ──────────┬───────── │72.23.210.210;rport=5060;branch=z9hG4bKm─ ▒ 10:22:15.656278 │ INVITE (SDP) │ │ │a4jBUK71BH ▒ +0.000730 │ ──────────────────────────> │ │ │Record-Route: <sip:10.72.42.1:5060;r2=on ▒ 10:22:15.657008 │ 100 trying -- your call is │ │ │tag=KmZjt3Fr4HgZB;lr>,<sip:18.197.58.44: ▒ +0.004722 │ <────────────────────────── │ │ │61;r2=on;transport=tls;ftag=KmZjt3Fr4HgZ ▒ 10:22:15.661730 │ │ │ IN│lr>,<sip:1.2.3.22:5061;transport=tl ▒ +0.027368 │ │ │ ─────────│r2=on;lr=on;ftag=KmZjt3Fr4HgZB>,<sip:172 ▒ 10:22:15.689098 │ │ │ 1│3.9.70;r2=on;lr=on;ftag=KmZjt3Fr4HgZB> ▒ +0.267998 │ │ │ <────────│To: <sip:+48732122479@cludotls.byoc.mypu ▒ 10:22:15.957096 │ │ │ 20│cloud.de>;tag=mDL0l1E ▒ +0.003231 │ │ │ <────────│From: "221223977" <sip:221223977@cludo.p ▒ 10:22:15.960327 │ 200 OK (SDP) │ │ │;tag=KmZjt3Fr4HgZB ▒ +0.001268 │ <────────────────────────── │ │ │Contact: <sip:+48732122479@172.23.9.70:5 ▒ 10:22:15.961595 │ ACK │ │ │0;alias=18.197.58.44~5061~3> ▒ +0.000164 │ ──────────────────────────> │ │ │Call-ID: c565792b-1cb4-123c-708c-001851b ▒ 10:22:15.961759 │ ACK │ │ │1ff ▒ +0.020839 │ ──────────────────────────> │ │ │CSeq: 63067878 INVITE ▒ 10:22:15.982598 │ BYE │ │ │Allow: INVITE, ACK, CANCEL, BYE, OPTIONS │ +0.003088 │ ──────────────────────────> │ │ │INFO │ 10:22:15.985686 │ │ │ │Supported: norefersub, timer │ +0.471166 │ │ │ ─────────│Accept: application/sdp │ 10:22:16.456852 │ │ │ 20│x-inin-cnv: b8c9493d-0b01-4f57-b0b6-673d │ +0.001765 │ │ │ <<<──────│788f5a │ 10:22:16.458617 │ ACK │ │ │Session-Expires: 3600;refresher=uac │ +0.000088 │ ──────────────────────────> │ │ │Require: timer │ 10:22:16.458705 │ ACK │ │

ACKs from - plain RTP don't travel from kamailio and rtpengien to sRTP part there are two ACKs and they don't go to TLS+sRTP party.

what i do:

(..)

# Wrapper for relaying requests route[RELAY] { handle_ruri_alias(); record_route();

if (is_method("INVITE|BYE|SUBSCRIBE|UPDATE")) { if (!t_is_set("branch_route")) t_on_branch("MANAGE_BRANCH"); xlog("L_ERR","ACK I:$var(i) branch_route \n"); } (..)

and

# Handle requests within SIP dialogs route[WITHINDLG] { if (!has_totag()) return;

if ($si=="PBXIP" && $(ru{param.value,alias})!=$null) { xlog("L_INFO","[R-WINDLG_INPBX]: jestem w srodku $si:$sp $ru\n"); route(RTPMANAGE); route(RELAY); exit; }

if (loose_route()) { if ( is_method("NOTIFY") ) { record_route(); }

route(RTPMANAGE); route(RELAY); exit; }

if ( is_method("ACK|BYE") ) { route(RTPMANAGE); route(RELAY); }

simply copy and paste from many examples lying in the internet - but well - i'm stuck here.

The sRTP and TLS part - work as dedigned :) scenario when call comes from TLS/sRTP party - towards the unencrytped part - also works.

BR