我正在使用jitsi和asterisk 1.8.1。我在它们之间成功配置了TLS。它的工作正常。 现在我在它们之间配置SRTP。
以下是配置文件。
sip.conf
[general]
context=incoming
allowguest=no
alwaysauthreject=yes
allow=ulaw
allow=alaw
allow=gsm
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/newbie.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
[user1]
type=peer
defaultuser=user1
secret=1000
dtmfmode=rfc2833
callerid="User one"
host=dynamic ; The device must always register
canreinvite=no
nat=yes
encryption=yes
transport=tls
; Deny registration from anywhere first
deny=0.0.0.0/0.0.0.0
; Replace the IP address and mask below with the actual IP address and mask
; of the computer running the softphone, or the address of the hardware phone,
; either a host address and full mask, or a network address and correct mask,
; registering will be allowed from that host/network.
permit=192.168.51.0/255.255.255.0
context=myphones
[user2]
type=peer
defaultuser=user2
secret=1001
dtmfmode=rfc2833
callerid="User two"
host=dynamic ; The device must always register
canreinvite=no
nat=yes
encryption=yes
transport=tls
; Deny registration from anywhere first
deny=0.0.0.0/0.0.0.0
; Replace the IP address and mask below with the actual IP address and mask
; of the computer running the softphone, or the address of the hardware phone,
; either a host address and full mask, or a network address and correct mask,
; registering will be allowed from that host/network.
permit=192.168.51.0/255.255.255.0
context=myphones
extension.conf
[general]
static=yes
writeprotect=no
clearglobalvars=no
[incoming]
exten => s,1,Hangup()
[myphones]
exten => user1,1,Set(CHANNEL(secure_bridge_signaling)=1)
exten => user1,n,Set(CHANNEL(secure_bridge_media)=1)
exten => user1,n,Dial(SIP/user1)
exten => user1,n,Hangup()
exten => user2,1,Set(CHANNEL(secure_bridge_signaling)=1)
exten => user2,n,Set(CHANNEL(secure_bridge_media)=1)
exten => user2,n,Dial(SIP/user2)
exten => user2,n,Hangup()
exten => 201,1,Answer()
exten => 201,n,Playback(tt-monty-knights)
exten => 201,n,Hangup()
exten => 202,1,Answer()
exten => 202,n,Playback(welcome)
exten => 202,n,Playback(demo-echotest)
exten => 202,n,Echo()
exten => 202,n,Playback(demo-echodone)
exten => 202,n,Playback(vm-goodbye)
exten => 202,n,Hangup()
我也上传了srtp模块。它装了。但是当user1调用user2时,我的星号服务器会出现分段错误并关闭。
这里有任何关于如何配置srtp的帮助。我是否做得正确或有任何问题......
我已在http://forums.asterisk.org/viewtopic.php?f=1&t=84587
发布此问题提前谢谢。,
答案 0 :(得分:2)
Asterisk 1.8对SRTP有本机支持。因此,您可以使用Asterisk 1.8.x服务器轻松尝试此操作。普通SIP电话不支持此系统。您需要找到支持SRTP和TLS支持的IP /软电话才能进行设置。使用闪烁软电话(http://www.icanblink.com)。我按照以下文章设置了安全的VoIP系统。
对于SRTP:http://www.remiphilippe.fr/2011/01/16/asterisk-srtp-with-1-8/
对于TLS:https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial,(您可以在此处找到ast_tls_cert脚本:https://reviewboard.asterisk.org/r/979/diff/)
答案 1 :(得分:0)
我知道这是一个老问题,但我遇到了同样的问题。我突然解释了这个解释,所以我想我会在最后标记它以防其他人出现同样的问题(或者在我们的情况下缺乏理解!)
可在此处找到发布内容:http://permalink.gmane.org/gmane.comp.voip.sip-communicator.user/921
Jitsi确实支持SRTP,但它是通过ZRTP密钥协商实现的。这具有提供端到端加密的优点(与之相反) Asterisk中的标准SRTP impl可以被窃听 服务器)。
然而,Asterisk不支持它,因此您需要 使用实际的SIP和RTP代理,以使其工作。
希望这有帮助,
了Emil