您好我知道有很多关于此错误的主题(或者我可能没有同样的问题),但他们都没有回答我的问题,我在我的电脑和我的闪烁的本地网络星号服务器位于由ovh托管的外部服务器上(所以有nat可以做)。我通过加密的ssh session ofc控制服务器。 只要呼叫没有加密,一切都很好,我可以呼叫任何我想要的用户。但是当我开始加密我的流量时,一切都出错了,我无法找到原因。我已经为客户端和服务器生成了证书,流量已加密,因为我无法在wireshark中看到任何内容(我无法看到加密流量,但我看到了非加密流量。 Blink配置正确,SDES强制,.pem文件,car.crt,代理端口5061 tls,但我认为错误是在其他地方。 sconf.conf的Myconig是这样的:
[general]
udpbindaddr=0.0.0.0
tcpenable=yes ; Enable server for incoming TCP connections (default is no)
tcpbindaddr=0.0.0.0 ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces) ; Optionally add a port number, 192.168.1.1:5062 (default is port 5060)
tlsenable=yes ; Enable server for incoming TLS (secure) connections (default is no)
tlsbindaddr=0.0.0.0
transport=udp
disallow=all
allow=ulaw ; Allow codecs in order of preference
allow=alaw
dtmfmode = rfc2833
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
[201](can't communicate instant 488 error)
type=friend
username=vincent
context=from-sip
host=dynamic
secret=not4usry
callerid=vincent<201>
mailbox=201@default
nat=comedia
transport=tls
encryption=yes
[203](no tls user and can communicate with the ones who don't use tls)
type=friend
username=antoine
context=from-sip
host=dynamic
secret=not4usry
callerid=antoine<203>
mailbox=203@default
nat=comedia
证书已使用./ast_tls_cert ....
生成RTP日志
==使用SIP RTP CoS标记5 [5月11日15:34:33] 警告[21893] [C-00000d0e]:chan_sip.c:10803 process_sdp:拒绝 没有加密细节的安全音频流:音频50026 RTP / SAVP 113 9 0 8 101
SIP LOGS
INVITE sip:203 @ vps466556.ovh.net SIP / 2.0
Via:SIP / 2.0 / TLS 192.168.1.35:53076;rport;branch=z9hG4bKPj275105fe6a304b89b2b18ee5186b5085;alias
Max-Forwards:70
来自:&#34; Vincent&#34; ;标记= 523fe49e3a8646608481fbac0801b605
致:
联络:
Call-ID:0fb841de523e4ff0a74514247bb3445a
CSeq:4966 INVITE
允许:订阅,通知,邀请,确认,再见,取消,更新,留言, REFER
支持:替换,norefersub,gruu
User-Agent:Blink 3.0.0(Windows)
Content-Type:application / sdp
内容长度:425
V = 0
o = - 3735043210 3735043210 IN IP4 192.168.1.35
s = Blink 3.0.0(Windows)
t = 0 0
m = audio 50004 RTP / AVP 113 9 0 8 101
c = IN IP4 192.168.1.35
α= RTCP:50005
a = rtpmap:113 opus / 48000/2
a = fmtp:113 useinbandfec = 1
a = rtpmap:9 G722 / 8000
a = rtpmap:0 PCMU / 8000
a = rtpmap:8 PCMA / 8000
a = rtpmap:101 telephone-event / 8000
a = fmtp:101 0-16
α= ZRTP哈希:1.10 af10bf32a78e03147ffbf2859f96cc8d401048ee46a1f2cb961c20139b219913
α= SENDRECV
- 2018-05-11 16:00:11.003276 [blink.exe 3320]:RECEIVED:Packet 136,+ 0:06:21.266013 54.37.8.124:5061 - (SIP over TLS) - &gt; 192.168.1.35:53076 SIP / 2.0 401未经授权
Via:SIP / 2.0 / TLS 192.168.1.35:53076;branch=z9hG4bKPj275105fe6a304b89b2b18ee5186b5085;alias;received=90.112.223.194;rport=53076
来自:&#34; Vincent&#34; ;标记= 523fe49e3a8646608481fbac0801b605
收件人:; tag = as50eb1885
Call-ID:0fb841de523e4ff0a74514247bb3445a
CSeq:4966 INVITE
服务器:Asterisk PBX 13.21.0
允许:邀请,确认,取消,选项,再见,参考,订阅,通知, 信息,发布,消息
支持:替换,计时器
-Authenticate:Digest algorithm = MD5,realm =&#34; asterisk&#34;,nonce =&#34; 6650a402&#34;
内容长度:0
- 2018-05-11 16:00:11.004276 [blink.exe 3320]:SENDING:Packet 137,+ 0:06:21.267013 192.168.1.35:53076 - (SIP over TLS) - &gt; 54.37.8.124:5061 ACK sip:203@vps466556.ovh.net SIP / 2.0
Via:SIP / 2.0 / TLS 192.168.1.35:53076;rport;branch=z9hG4bKPj275105fe6a304b89b2b18ee5186b5085;alias
Max-Forwards:70
来自:&#34; Vincent&#34; ;标记= 523fe49e3a8646608481fbac0801b605
收件人:; tag = as50eb1885
Call-ID:0fb841de523e4ff0a74514247bb3445a
CSeq:4966 ACK
User-Agent:Blink 3.0.0(Windows)
内容长度:0
- 2018-05-11 16:00:11.005276 [blink.exe 3320]:SENDING:Packet 138,+ 0:06:21.268013 192.168.1.35:53076 - (SIP over TLS) - &gt; 54.37.8.124:5061邀请sip:203 @ vps466556.ovh.net SIP / 2.0
Via:SIP / 2.0 / TLS 192.168.1.35:53076;rport;branch=z9hG4bKPj3e8da342afaa41a385d9989648fd069f;alias
Max-Forwards:70
来自:&#34; Vincent&#34; ;标记= 523fe49e3a8646608481fbac0801b605
致:
联络:
Call-ID:0fb841de523e4ff0a74514247bb3445a
CSeq:4967邀请
允许:订阅,通知,邀请,确认,再见,取消,更新,留言, REFER
支持:替换,norefersub,gruu
User-Agent:Blink 3.0.0(Windows)
授权:摘要用户名=&#34; 201&#34;,realm =&#34;星号&#34;, nonce =&#34; 6650a402&#34;,uri =&#34; sip:203@vps466556.ovh.net", 响应=&#34; dcd6fcd9d8b7381f86f07e1326aa9134&#34;,算法= MD5
Content-Type:application / sdp
内容长度:425
V = 0
o = - 3735043210 3735043210 IN IP4 192.168.1.35
s = Blink 3.0.0(Windows)
t = 0 0
m = audio 50004 RTP / AVP 113 9 0 8 101
c = IN IP4 192.168.1.35
α= RTCP:50005
a = rtpmap:113 opus / 48000/2
a = fmtp:113 useinbandfec = 1
a = rtpmap:9 G722 / 8000
a = rtpmap:0 PCMU / 8000
a = rtpmap:8 PCMA / 8000
a = rtpmap:101 telephone-event / 8000
a = fmtp:101 0-16
α= ZRTP哈希:1.10 af10bf32a78e03147ffbf2859f96cc8d401048ee46a1f2cb961c20139b219913
α= SENDRECV
- 2018-05-11 16:00:11.087226 [blink.exe 3320]:RECEIVED:Packet 139,+ 0:06:21.349963 54.37.8.124:5061 - (SIP over TLS) - &gt; 192.168.1.35:53076 SIP / 2.0 488这里不可接受
Via:SIP / 2.0 / TLS 192.168.1.35:53076;branch=z9hG4bKPj3e8da342afaa41a385d9989648fd069f;alias;received=90.112.223.194;rport=53076
来自:&#34; Vincent&#34; ;标记= 523fe49e3a8646608481fbac0801b605
收件人:; tag = as50eb1885
Call-ID:0fb841de523e4ff0a74514247bb3445a
CSeq:4967邀请
服务器:Asterisk PBX 13.21.0
允许:邀请,确认,取消,选项,再见,参考,订阅,通知, 信息,发布,消息
支持:替换,计时器
内容长度:0
- 2018-05-11 16:00:11.088227 [blink.exe 3320]:SENDING:Packet 140,+ 0:06:21.350964 192.168.1.35:53076 - (SIP over TLS) - &gt; 54.37.8.124:5061 ACK sip:203@vps466556.ovh.net SIP / 2.0
Via:SIP / 2.0 / TLS 192.168.1.35:53076;rport;branch=z9hG4bKPj3e8da342afaa41a385d9989648fd069f;alias
Max-Forwards:70
来自:&#34; Vincent&#34; ;标记= 523fe49e3a8646608481fbac0801b605
收件人:; tag = as50eb1885
Call-ID:0fb841de523e4ff0a74514247bb3445a
CSeq:4967确认
User-Agent:Blink 3.0.0(Windows)
内容长度:0
感谢您的帮助,Vince
答案 0 :(得分:0)
您的SIP端点指定encryption = yes,但客户端的INVITE指定RTP / AVP,而不是RTP / SAVP。 iirc,Blink可以选择乐观或强制加密;你需要把它改成强制性的。
答案 1 :(得分:0)
如果你和我有同样的问题,重新安装Srtp库和星号,也记录sip请求,因为我有一个错误,Blink不再发送注册请求(即使按下1000次注册按钮)所以我下载了PhonerLite一切都很完美