[SOLVED]: rtpengine no voice when working between DTLS-SRTP endpoints - sr-users

11 Apr 2018


      DTLS=passive solved it.
Thanks guys.
On Tue, 10 Apr 2018, 11:37 pm Aqs Younas, aqsyounas@gmail.com wrote:
...
Sometimes, I see below logs in RTP engine.
Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: Received command 'answer' from
127.0.0.1:44933
Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: answer time = 0.000163 sec
Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: Replying to 'answer' from
127.0.0.1:44933
[1523383161.279950] ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port
8268]: SRTP output wanted, but no crypto suite was negotiated
Apr 10 17:59:21 centos-1024mb-nyc-02 rtpengine[65101]: ERR:
[24b95195-3da3-4e12-8400-5fcf908183e5 port  8268]: SRTP output wanted, but
no crypto suite was negotiated
Apr 10 17:59:25 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5 port  8268]: Confirmed peer address
as 72.214.35.171:64834
[1523383171.481023] ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port
8269]: SRTCP output wanted, but no crypto suite was negotiated
Apr 10 17:59:31 centos-1024mb-nyc-02 rtpengine[65101]: ERR:
[24b95195-3da3-4e12-8400-5fcf908183e5 port  8269]: SRTCP output wanted, but
no crypto suite was negotiated
Apr 10 17:59:31 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5 port  8269]: Confirmed peer address
as 72.214.35.171:50108
[1523383176.025296] ERR: [24b95195-3da3-4e12-8400-5fcf908183e5 port
8268]: SRTP output wanted, but no crypto suite was negotiated
Apr 10 17:59:36 centos-1024mb-nyc-02 rtpengine[65101]: ERR:
[24b95195-3da3-4e12-8400-5fcf908183e5 port  8268]: SRTP output wanted, but
no crypto suite was negotiated
[1523383186.000280] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS
error: 1 (read timeout expired)
[1523383186.000335] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS
error on local port 8248
[1523383186.000419] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS
error: 1 (read timeout expired)
[1523383186.000429] ERR: [02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS
error on local port 8249
*Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR:
[02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error: 1 (read timeout
expired)*
*Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR:
[02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error on local port 8248*
*Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR:
[02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error: 1 (read timeout
expired)*
*Apr 10 17:59:46 centos-1024mb-nyc-02 rtpengine[65101]: ERR:
[02d8ccfb-831e-4a81-bd2b-09b007d39209]: DTLS error on local port 8249*
*Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: Closing call due to timeout*
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: Final packet stats:
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: --- Tag
'f6d2237d-f960-4542-b138-f39a7fb52770', created 1:32 ago for branch '', in
dialogue with '6bdf30d1-2da6-4b6d-b917-aaa720c9c1fa'
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: ------ Media #1 (audio over
UDP/TLS/RTP/SAVP) using unknown codec
*Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port  209.182.216.71:8288
http://209.182.216.71:8288  <>  100.84.103.245:4002
http://100.84.103.245:4002 , SSRC 0, 0 p, 0 b, 0 e, 92 ts*
*Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port  209.182.216.71:8289
http://209.182.216.71:8289  <>  100.84.103.245:4003
http://100.84.103.245:4003  (RTCP), SSRC 0, 0 p, 0 b, 0 e, 92 ts*
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: --- Tag
'6bdf30d1-2da6-4b6d-b917-aaa720c9c1fa', created 1:32 ago for branch '', in
dialogue with 'f6d2237d-f960-4542-b138-f39a7fb52770'
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: ------ Media #1 (audio over
UDP/TLS/RTP/SAVP) using G722/8000
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port
209.182.216.71:8268  <>   72.214.35.171:64834, SSRC 653128b4, 935 p,
160820 b, 0 e, 60 ts
Apr 10 18:00:41 centos-1024mb-nyc-02 rtpengine[65101]: INFO:
[24b95195-3da3-4e12-8400-5fcf908183e5]: --------- Port
209.182.216.71:8269  <>   72.214.35.171:50108 (RTCP), SSRC 653128b4, 3 p,
278 b, 0 e, 60 ts
Any suggestion what might be happening?
Br, Aqs.
On 10 April 2018 at 22:59, Aqs Younas aqsyounas@gmail.com wrote:
...
I could see SRTP packets coming from one device but they never leave
rtpeninge.
I put a link to Pastebin containing a call trace with the hope that
someone might help me out.
I could provide more info if required.
https://pastebin.com/tYVpFQAh
Br, Aqs.
On 10 April 2018 at 01:39, Aqs Younas aqsyounas@gmail.com wrote:
...
Greetings list,
I am trying to make two endpoints talking on DTLS-SRTP. But I hear on
audio.
Things work perfectly fine if I use RTP or SRTP with TLS.
Endpoints are pjsip based application not webrtc based clients.
Below are logs from rtpengine. I hope someone could point out amiss.
Apr  9 20:02:43 centos-1024mb-nyc-02 rtpengine[58438]: INFO:
[66d2da58-21fe-48bd-9999-a1f3a22afa6d]: --------- Port
209.182.216.71:8176  <>   72.214.35.171:63577, SSRC 1234c6eb, 641 p,
110252 b, 0 e, 60 ts
Apr  9 20:02:43 centos-1024mb-nyc-02 rtpengine[58438]: INFO:
[66d2da58-21fe-48bd-9999-a1f3a22afa6d]: --------- Port
209.182.216.71:8177  <>   72.214.35.171:63056 (RTCP), SSRC 1234c6eb, 4
p, 372 b, 0 e, 60 ts
Apr  9 20:12:24 centos-1024mb-nyc-02 rtpengine[58438]: INFO: Version
git-master-3ef300b shutting down
Apr  9 20:12:37 centos-1024mb-nyc-02 rtpengine[58958]: INFO: Generating
new DTLS certificate
Apr  9 20:12:37 centos-1024mb-nyc-02 rtpengine[58959]: INFO: Startup
complete, version git-master-3ef300b
Apr  9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: INFO:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Received command 'offer' from
127.0.0.1:57645
Apr  9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: NOTICE:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Creating new call
Apr  9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: INFO:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: offer time = 0.002612 sec
Apr  9 20:13:43 centos-1024mb-nyc-02 rtpengine[58959]: INFO:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Replying to 'offer' from
127.0.0.1:57645
Apr  9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Received command 'answer' from
127.0.0.1:42309
Apr  9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: answer time = 0.000220 sec
Apr  9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08]: Replying to 'answer' from
127.0.0.1:42309
Apr  9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: DTLS: Peer certificate
accepted
Apr  9 20:13:56 centos-1024mb-nyc-02 rtpengine[58959]: INFO:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: DTLS-SRTP successfully
negotiated
Apr  9 20:13:57 centos-1024mb-nyc-02 rtpengine[58959]: ERR:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: SRTP output wanted, but
no crypto suite was negotiated
Apr  9 20:14:00 centos-1024mb-nyc-02 rtpengine[58959]: INFO:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: Confirmed peer address
as 72.214.35.171:58634
Apr  9 20:14:07 centos-1024mb-nyc-02 rtpengine[58959]: ERR:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8001]: SRTCP output wanted, but
no crypto suite was negotiated
Apr  9 20:14:07 centos-1024mb-nyc-02 rtpengine[58959]:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08] version=2, padding=0, count=1,
payloadtype=200, length=12, ssrc=2045607967, ntp_sec=1379282714,
ntp_fractions=439054259, rtp_ts=1838072137, sender_packets=3366262813,
sender_bytes=2383498210, ssrc=815258372, fraction_lost=96,
packet_loss=13713522, last_seq=3314313929, jitter=2878956247,
last_sr=2456273253, delay_since_last_sr=3351655681
Apr  9 20:14:07 centos-1024mb-nyc-02 rtpengine[58959]: INFO:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8001]: Confirmed peer address
as 72.214.35.171:57732
Apr  9 20:14:12 centos-1024mb-nyc-02 rtpengine[58959]: ERR:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: SRTP output wanted, but
no crypto suite was negotiated
Apr  9 20:14:17 centos-1024mb-nyc-02 rtpengine[58959]:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08] version=2, padding=0, count=1,
payloadtype=200, length=12, ssrc=2045607967, ntp_sec=2811881700,
ntp_fractions=4080266212, rtp_ts=371429680, sender_packets=958830616,
sender_bytes=2579186043, ssrc=1909756377, fraction_lost=174,
packet_loss=11416637, last_seq=3106722675, jitter=758758394,
last_sr=2663618457, delay_since_last_sr=1399181077
Apr  9 20:14:27 centos-1024mb-nyc-02 rtpengine[58959]: ERR:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8000]: SRTP output wanted, but
no crypto suite was negotiated
Apr  9 20:14:27 centos-1024mb-nyc-02 rtpengine[58959]: ERR:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08 port  8001]: SRTCP output wanted, but
no crypto suite was negotiated
Apr  9 20:14:27 centos-1024mb-nyc-02 rtpengine[58959]:
[a5ca8335-84d2-4daf-a0e2-6465e72b6d08] version=2, padding=0, cou
It is how I have programmed it in my Kamailio configuration.
ON INVITE
rtpengine_offer("replace-origin replace-session-connection ICE=remove
UDP/TLS/RTP/SAVP");
ON 200-ok
rtpengine_answer("replace-origin replace-session-connection ICE=remove
UDP/TLS/RTP/SAVP");
Best Regards,
Aqs Younas