ahh right, I thought of asking you the same before but anyway, I was using Debian stretch, with this repo deb http://pkg.yeti-switch.org/debian/stretch 1.10 main
which did not work either. I ended up doing a full upgrade of the system to Debian Buster and the SRTP issue still exists. It is not sending out STRP upon request and dropping calls.
SEMS Versions
libsems1 is already the newest version (1.18.1).
sems is already the newest version (1.18.1).
sems-modules-base is already the newest version (1.18.1).
sems-modules-g729-bcg is already the newest version (0.0.1).
sems-modules-yeti is already the newest version (1.9.2core18).
sems-sounds is already the newest version (1.18.1).
Here is my media interface config and sip trace
media-interfaces {
interface public {
ip4 {
rtp {
address = SEMS.RTP.IP
low-port = 16383
high-port = 32767
dscp = 46
use-raw-sockets = off
srtp {
enable_srtp=yes
sdes {
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
}
dtls {
client {
protocols = { DTLSv1, DTLSv1.2 }
certificate = /etc/sems/ssl/crt.pem
certificate_key = /etc/sems/ssl/key.pem
ca_list = /etc/sems/ssl/ca_list.pem
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
verify_certificate_chain = false
verify_certificate_cn = false
}
server {
protocols = { DTLSv1, DTLSv1.2 }
certificate = /etc/sems/ssl/crt.pem
certificate_key = /etc/sems/ssl/key.pem
ca_list = /etc/sems/ssl/ca_list.pem
profiles = { AES_256_CM_HMAC_SHA1_80, AES_256_CM_HMAC_SHA1_32, AES_CM_128_HMAC_SHA1_80, AES_CM_128_HMAC_SHA1_32 }
ciphers = {ChaCha20Poly1305, AES-256/GCM, AES-128/GCM, AES-256/CCM, AES-128/CCM, AES-256, AES-128}
macs = {AEAD, SHA-256, SHA-384, SHA-1}
verify_client_certificate = false
require_client_certificate = false
}
}
}
}
}
}
}
SIP Trace
2020/05/28 11:04:02.308331 SIP.Proxy.IP:5060 -> SEMS.RTP.IP:PORT
INVITE sip:+61411111111@customer.realm.fqdn:5061;user=phone;transport=tls SIP/2.0
Allow: INVITE, ACK, CANCEL, BYE, INFO, NOTIFY, PRACK, UPDATE, OPTIONS
Record-Route: <sip:SIP.Proxy.IP;r2=on;lr>
Record-Route: <sip:SIP.Proxy.IP:5061;transport=tls;r2=on;lr>
FROM: admin admin<sip:+DID-Number@remote.fqdn:5061;user=phone>;tag=ab69300c008847d98a4f8b716819ab76
TO: <sip:+61411111111@customer.realm.fqdn:5061;user=phone>
CSEQ: 1 INVITE
CALL-ID: e21999e06ac158ea9870176f09369daf
MAX-FORWARDS: 69
Via: SIP/2.0/UDP SIP.Proxy.IP;branch=z9hG4bKeb5e.9db44872f93f8e7a9d1e2635d1284733.0;i=1
VIA: SIP/2.0/TLS Remote.Proxy.IP:5061;branch=z9hG4bK606ca2d9
RECORD-ROUTE: <sip:remote.proxy.fqdn:5061;transport=tls;lr>
CONTACT: <sip:remote.proxy2.fqdn:443;x-i=715a105a-ca25-40b2-acc9-6751a940d22d;x-c=e21999e06ac158ea9870176f09369daf/d/8/557a8da3bc5f4ab6827baad8152f3e1f>
CONTENT-LENGTH: 1599
MIN-SE: 300
SUPPORTED: timer
USER-AGENT: Remote.Proxy UA
CONTENT-TYPE: application/sdp
P-ASSERTED-IDENTITY: <tel:+DID-Number>,<sip:admin.admin@domain.net>
PRIVACY: id
SESSION-EXPIRES: 3600
v=0
o=- 49877 0 IN IP4 SIP.Proxy.IP
s=session
c=IN IP4 SIP.Proxy.IP
b=CT:10000000
t=0 0
m=audio 39682 RTP/SAVP 104 117 9 103 111 18 0 8 97 101 13 118
c=IN IP4 SIP.Proxy.IP
a=label:main-audio
a=mid:1
a=rtpmap:104 SILK/16000
a=rtpmap:117 G722/8000/2
a=rtpmap:9 G722/8000
a=rtpmap:103 SILK/8000
a=rtpmap:111 SIREN/16000
a=rtpmap:18 G729/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:97 RED/8000
a=rtpmap:101 telephone-event/8000
a=rtpmap:13 CN/8000
a=rtpmap:118 CN/16000
a=fmtp:111 bitrate=16000
a=fmtp:18 annexb=no
a=fmtp:101 0-16
a=sendrecv
a=rtcp:39683
a=rtcp-mux
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:g45vKgaLV09B3uMrV0zp0hl35NJ856SFMmRoLiY/
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:XUVyxvZmfvnph+n3RSKrFaXvkhWLJYPIV/bMJ5QF
a=crypto:3 AES_192_CM_HMAC_SHA1_80 inline:KZ427P1SZd7V3gLEaHsEBMCNB3yQTlcWjrWYRYN0sRtbc6T6x/c
a=crypto:4 AES_192_CM_HMAC_SHA1_32 inline:BxKBvxsyXxOj9caowb2eKDKBIxC8sd0DW/6jhjOycNSvat4Lq24
a=crypto:5 AES_256_CM_HMAC_SHA1_80 inline:6V1KvhdZ8jbhSslzEU0CDq3sNQedhL6Y5rO20/mVWJI3D6DD+UCkwizs56gxcZ
a=crypto:6 AES_256_CM_HMAC_SHA1_32 inline:pZZ7NjonmkGeWnqONDoFlyZ1pUfVKsMT6JHR5buhuouhyhcaEoPQ+bZntblZi4
a=crypto:7 F8_128_HMAC_SHA1_80 inline:rt1o2E+8aHgn0yaTzu9HbUpSUhw5toTv/LOtXDo+
a=crypto:8 F8_128_HMAC_SHA1_32 inline:ckTM+7QcY8STYxX0sEtFlASMJ81qVGk9FLWDy6aa
a=crypto:9 NULL_HMAC_SHA1_80 inline:fwDQdY/3IGG+K9HgFMgeKQIdfdTxTzAliJ/SBSgP
a=crypto:10 NULL_HMAC_SHA1_32 inline:csWxDZYT4QNJX9iHWlow3db7AkvE9s55HsjDgqOn
a=setup:actpass
a=fingerprint:sha-1 48:90:58:16:EE:DD:61:59:6E:8D:2B:D6:01:2E:F8:01:59:5A:95:7D
a=ptime:20
2020/05/28 11:04:02.309320 SEMS.RTP.IP:PORT -> SIP.Proxy.IP:5060
SIP/2.0 100 Connecting
Record-Route: <sip:SIP.Proxy.IP;r2=on;lr>
Record-Route: <sip:SIP.Proxy.IP:5061;transport=tls;r2=on;lr>
FROM: admin admin<sip:+DID-Number@remote.fqdn:5061;user=phone>;tag=ab69300c008847d98a4f8b716819ab76
TO: <sip:+61411111111@customer.realm.fqdn:5061;user=phone>
CSEQ: 1 INVITE
CALL-ID: e21999e06ac158ea9870176f09369daf
Via: SIP/2.0/UDP SIP.Proxy.IP;branch=z9hG4bKeb5e.9db44872f93f8e7a9d1e2635d1284733.0;i=1
VIA: SIP/2.0/TLS Remote.Proxy.IP:5061;branch=z9hG4bK606ca2d9
RECORD-ROUTE: <sip:remote.proxy.fqdn:5061;transport=tls;lr>
Server: SBC 1.8.58-2
Content-Length: 0
2020/05/28 11:04:04.252112 SEMS.RTP.IP:PORT -> SIP.Proxy.IP:5060
SIP/2.0 183 Session Progress
Record-Route: <sip:SIP.Proxy.IP;r2=on;lr>
Record-Route: <sip:SIP.Proxy.IP:5061;transport=tls;r2=on;lr>
FROM: admin admin<sip:+DID-Number@remote.fqdn:5061;user=phone>;tag=ab69300c008847d98a4f8b716819ab76
TO: <sip:+61411111111@customer.realm.fqdn:5061;user=phone>;tag=12-45ED1897-5ECF0E020007B93D-7C287700
CSEQ: 1 INVITE
CALL-ID: e21999e06ac158ea9870176f09369daf
Via: SIP/2.0/UDP SIP.Proxy.IP;branch=z9hG4bKeb5e.9db44872f93f8e7a9d1e2635d1284733.0;i=1
VIA: SIP/2.0/TLS Remote.Proxy.IP:5061;branch=z9hG4bK606ca2d9
RECORD-ROUTE: <sip:remote.proxy.fqdn:5061;transport=tls;lr>
Server: SBC 1.8.58-2
Contact: <sip:SEMS.RTP.IP:PORT;transport=udp>
Content-Type: application/sdp
Content-Length: 315
v=0
o=- 194029192 194029192 IN IP4 SEMS.RTP.IP
s=-
t=0 0
m=audio 16385 RTP/AVP 0 18 101 8
c=IN IP4 SEMS.RTP.IP
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=rtpmap:8 PCMA/8000
a=ptime:20
a=sendrecv
a=setup:actpass
a=maxptime:40
2020/05/28 11:04:15.191778 SEMS.RTP.IP:PORT -> SIP.Proxy.IP:5060
SIP/2.0 200 OK
Record-Route: <sip:SIP.Proxy.IP;r2=on;lr>
Record-Route: <sip:SIP.Proxy.IP:5061;transport=tls;r2=on;lr>
FROM: admin admin<sip:+DID-Number@remote.fqdn:5061;user=phone>;tag=ab69300c008847d98a4f8b716819ab76
TO: <sip:+61411111111@customer.realm.fqdn:5061;user=phone>;tag=12-45ED1897-5ECF0E020007B93D-7C287700
CSEQ: 1 INVITE
CALL-ID: e21999e06ac158ea9870176f09369daf
Via: SIP/2.0/UDP SIP.Proxy.IP;branch=z9hG4bKeb5e.9db44872f93f8e7a9d1e2635d1284733.0;i=1
VIA: SIP/2.0/TLS Remote.Proxy.IP:5061;branch=z9hG4bK606ca2d9
RECORD-ROUTE: <sip:remote.proxy.fqdn:5061;transport=tls;lr>
Server: SBC 1.8.58-2
Contact: <sip:SEMS.RTP.IP:PORT;transport=udp>
Content-Type: application/sdp
Content-Length: 315
v=0
o=- 194029192 194029192 IN IP4 SEMS.RTP.IP
s=-
t=0 0
m=audio 16385 RTP/AVP 0 18 101 8
c=IN IP4 SEMS.RTP.IP
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=rtpmap:8 PCMA/8000
a=ptime:20
a=sendrecv
a=setup:actpass
a=maxptime:40
2020/05/28 11:04:15.282113 SIP.Proxy.IP:5060 -> SEMS.RTP.IP:PORT
ACK sip:SEMS.RTP.IP:PORT;transport=udp SIP/2.0
Allow: INVITE, ACK, CANCEL, BYE, INFO, NOTIFY, PRACK, UPDATE, OPTIONS
FROM: admin admin<sip:+DID-Number@remote.fqdn:5061;user=phone>;tag=ab69300c008847d98a4f8b716819ab76
TO: <sip:+61411111111@customer.realm.fqdn:5061>;user=phone;tag=12-45ED1897-5ECF0E020007B93D-7C287700
CSEQ: 1 ACK
CALL-ID: e21999e06ac158ea9870176f09369daf
MAX-FORWARDS: 69
Via: SIP/2.0/UDP SIP.Proxy.IP;branch=z9hG4bKeb5e.20fd044e215a20d1b17f453c4b4e1fd6.0;i=1
VIA: SIP/2.0/TLS Remote.Proxy.IP:5061;branch=z9hG4bK67319981
CONTACT: <sip:remote.proxy2.fqdn:443;x-i=715a105a-ca25-40b2-acc9-6751a940d22d;x-c=e21999e06ac158ea9870176f09369daf/d/8/557a8da3bc5f4ab6827baad8152f3e1f>
CONTENT-LENGTH: 0
USER-AGENT: Remote.Proxy UA
2020/05/28 11:04:15.491097 SIP.Proxy.IP:5060 -> SEMS.RTP.IP:PORT
BYE sip:SEMS.RTP.IP:PORT;transport=udp SIP/2.0
Allow: INVITE, ACK, CANCEL, BYE, INFO, NOTIFY, PRACK, UPDATE, OPTIONS
FROM: admin admin<sip:+DID-Number@remote.fqdn:5061;user=phone>;tag=ab69300c008847d98a4f8b716819ab76
TO: <sip:+61411111111@customer.realm.fqdn:5061>;user=phone;tag=12-45ED1897-5ECF0E020007B93D-7C287700
CSEQ: 2 BYE
CALL-ID: e21999e06ac158ea9870176f09369daf
MAX-FORWARDS: 69
Via: SIP/2.0/UDP SIP.Proxy.IP;branch=z9hG4bKbb5e.8dacef0dfd312760b02d4df9bd54ba72.0;i=1
VIA: SIP/2.0/TLS Remote.Proxy.IP:5061;branch=z9hG4bKb77d6d0
REASON: Q.850;cause=79;text="715a105a-ca25-40b2-acc9-6751a940d22d;InternalDiagCode: SrtpEncryptionRequired, InternalErrorPhrase: Remote did not offer required SRTP"
CONTACT: <sip:remote.proxy2.fqdn:443;x-i=715a105a-ca25-40b2-acc9-6751a940d22d;x-c=e21999e06ac158ea9870176f09369daf/d/8/557a8da3bc5f4ab6827baad8152f3e1f>
CONTENT-LENGTH: 0
USER-AGENT: Remote.Proxy UA
P-ASSERTED-IDENTITY: <tel:+DID-Number>,<sip:admin.admin@domain.net>
PRIVACY: id
2020/05/28 11:04:15.528918 SEMS.RTP.IP:PORT -> SIP.Proxy.IP:5060
SIP/2.0 200 OK
FROM: admin admin<sip:+DID-Number@remote.fqdn:5061;user=phone>;tag=ab69300c008847d98a4f8b716819ab76
TO: <sip:+61411111111@customer.realm.fqdn:5061>;user=phone;tag=12-45ED1897-5ECF0E020007B93D-7C287700
CSEQ: 2 BYE
CALL-ID: e21999e06ac158ea9870176f09369daf
Via: SIP/2.0/UDP SIP.Proxy.IP;branch=z9hG4bKbb5e.8dacef0dfd312760b02d4df9bd54ba72.0;i=1
VIA: SIP/2.0/TLS Remote.Proxy.IP:5061;branch=z9hG4bKb77d6d0
Server: SBC 1.8.58-2
Content-Length: 0