Opensips + RTPEngine
575 views
Skip to first unread message
Pratik Patel
Jul 26, 2023, 5:28:21 AM7/26/23
to rtpengine
Hello ,
I am working with opensips and make opensips as work with TLS.
Facing below Error :
rtpengine[3736234]: ERR: [a2951f57-a628-123c-439c-001dd8b70179 port 20422]: [core] SRTP output wanted, but no crypto suite was negotiated
My Code for RTP Engine offer and RTPEngine Answer :
route[rtpengine_offer] {
if (isflagset("SRC_WS") && isbflagset("WS_DEVICE"))
# - Web to web
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=public out-iface=public SDES-off ICE=force";
else if (isflagset("SRC_WS"))
# - Web to SIP
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=public out-iface=public DTLS=off SDES-off rtcp-mux-demux ICE=remove RTP/AVP";
else if (isbflagset("WS_DEVICE"))
# - SIP to web
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=public out-iface=public rtcp-mux-offer generate-mid DTLS=passive ICE=force codec-mask-PCMA codec-strip-opus transcode-opus SDES-off UDP/TLS/RTP/SAVP";
else
# - SIP to SIP
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=public out-iface=public rtcp-mux-demux ICE=remove RTP/AVP";
xlog("L_INFO", "$ci|log Offer|$var(reflags)");
rtpengine_offer("$var(reflags)");
}
route[rtpengine_answer] {
if (isflagset("SRC_WS") && isbflagset("WS_DEVICE"))
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=private out-iface=public SDES-off ICE=force";
else if (isflagset("SRC_WS"))
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=private out-iface=public rtcp-mux-require ICE=force RTP/SAVPF";
else if (isbflagset("WS_DEVICE"))
# - SIP to web
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=private out-iface=public rtcp-mux-offer generate-mid DTLS=passive ICE=force codec-mask-PCMA codec-strip-opus transcode-opus SDES-off UDP/TLS/RTP/SAVP";
else
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=private out-iface=public rtcp-mux-demux ICE=remove RTP/AVP";
xlog("L_INFO", "$ci|log Answer|$var(reflags)");
rtpengine_answer("$var(reflags)");
}
I am facing this issue when caller with SIP(UDP) and destination(wss with tls) and caller(wss with tls) and destination (wss with wss).
What i am doing wrong when call going in tls destination for rptengine offer.
Thanks in advance for any suggestion
I am working with opensips and make opensips as work with TLS.
Facing below Error :
rtpengine[3736234]: ERR: [a2951f57-a628-123c-439c-001dd8b70179 port 20422]: [core] SRTP output wanted, but no crypto suite was negotiated
My Code for RTP Engine offer and RTPEngine Answer :
route[rtpengine_offer] {
if (isflagset("SRC_WS") && isbflagset("WS_DEVICE"))
# - Web to web
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=public out-iface=public SDES-off ICE=force";
else if (isflagset("SRC_WS"))
# - Web to SIP
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=public out-iface=public DTLS=off SDES-off rtcp-mux-demux ICE=remove RTP/AVP";
else if (isbflagset("WS_DEVICE"))
# - SIP to web
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=public out-iface=public rtcp-mux-offer generate-mid DTLS=passive ICE=force codec-mask-PCMA codec-strip-opus transcode-opus SDES-off UDP/TLS/RTP/SAVP";
else
# - SIP to SIP
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=public out-iface=public rtcp-mux-demux ICE=remove RTP/AVP";
xlog("L_INFO", "$ci|log Offer|$var(reflags)");
rtpengine_offer("$var(reflags)");
}
route[rtpengine_answer] {
if (isflagset("SRC_WS") && isbflagset("WS_DEVICE"))
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=private out-iface=public SDES-off ICE=force";
else if (isflagset("SRC_WS"))
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=private out-iface=public rtcp-mux-require ICE=force RTP/SAVPF";
else if (isbflagset("WS_DEVICE"))
# - SIP to web
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=private out-iface=public rtcp-mux-offer generate-mid DTLS=passive ICE=force codec-mask-PCMA codec-strip-opus transcode-opus SDES-off UDP/TLS/RTP/SAVP";
else
$var(reflags) = "trust-address replace-origin replace-session-connection in-iface=private out-iface=public rtcp-mux-demux ICE=remove RTP/AVP";
xlog("L_INFO", "$ci|log Answer|$var(reflags)");
rtpengine_answer("$var(reflags)");
}
I am facing this issue when caller with SIP(UDP) and destination(wss with tls) and caller(wss with tls) and destination (wss with wss).
What i am doing wrong when call going in tls destination for rptengine offer.
Thanks in advance for any suggestion
Richard Fuchs
Jul 26, 2023, 8:27:47 AM7/26/23
to rtpe...@googlegroups.com
On 26/07/2023 05.28, [EXT] Pratik Patel wrote:
> Hello ,
>
> I am working with opensips and make opensips as work with TLS.
>
> Facing below Error :
>
> rtpengine[3736234]: ERR: [a2951f57-a628-123c-439c-001dd8b70179 port
> 20422]: [core] SRTP output wanted, but no crypto suite was negotiated
>
> My Code for RTP Engine offer and RTPEngine Answer :
>
> ...
> Hello ,
>
> I am working with opensips and make opensips as work with TLS.
>
> Facing below Error :
>
> rtpengine[3736234]: ERR: [a2951f57-a628-123c-439c-001dd8b70179 port
> 20422]: [core] SRTP output wanted, but no crypto suite was negotiated
>
> My Code for RTP Engine offer and RTPEngine Answer :
>
> I am facing this issue when caller with SIP(UDP) and destination(wss
> with tls) and caller(wss with tls) and destination (wss with wss).
>
> What i am doing wrong when call going in tls destination for rptengine
> offer.
Can't really say without seeing a debug log excerpt or perhaps an error
> with tls) and caller(wss with tls) and destination (wss with wss).
>
> What i am doing wrong when call going in tls destination for rptengine
> offer.
message from the WebRTC client, but a few suggestions:
Since you're handling the answer separately anyway, if you have a
somewhat recent version of rtpengine you can omit the case distinctions
there and let rtpengine handle it. All the relevant options have been
set in the offer already.
As for the offer, except for the source interface selection you can
mostly ignore where the offer is coming from and only do a case
distinction based on where it's going to. Most of your options look fine
with some exceptions. WebRTC generally wants `rtcp-mux-require` instead
of `-offer`, it generally wants `RTP/SAVPF` instead of just `SAVP`, and
I would suggest not to use passive DTLS.
IOW if the offer is going to plain SIP, try `rtcp-mux-demux ICE=remove
RTP/AVP` and if it's going to WebRTC, try `rtcp-mux-require
no-rtcp-attribute generate-mid ICE=force SDES-off UDP/TLS/RTP/SAVPF`
plus any codec options you may want.
HTH
Cheers
Pratik Patel
Jul 26, 2023, 9:22:46 AM7/26/23
to rtpengine
RTPEngine logs :
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [ice] ICE negotiated: peer for component 1 is 10.24.35.46:38334
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [ice] ICE negotiated: local interface 17.1.2.11
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25557]: [crypto] DTLS: Peer certificate accepted
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25556]: [crypto] DTLS: Peer certificate accepted
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25557]: [crypto] DTLS-SRTP successfully negotiated using AEAD_AES_256_GCM
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25556]: [crypto] DTLS-SRTP successfully negotiated using AEAD_AES_256_GCM
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [crypto] DTLS: Peer certificate accepted
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [crypto] DTLS-SRTP successfully negotiated using AES_CM_128_HMAC_SHA1_80
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [crypto] DTLS-SRTP successfully negotiated using AES_CM_128_HMAC_SHA1_80
Jul 26 13:16:23 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25556]: [core] Confirmed peer address as 10.24.35.46:53377
Jul 26 13:16:23 D1 rtpengine[3736234]: WARNING: [6d7c6867-a659-123c-439c-001dd8b70179 port 25556]: [core] No support for kernel packet forwarding available (interface to kernel module not open)
Jul 26 13:16:23 D1 rtpengine[3736234]: ERR: [6d7c6867-a659-123c-439c-001dd8b70179 port 25575]: [rtcp] SRTCP output wanted, but no crypto suite was negotiated
Jul 26 13:16:24 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [core] Confirmed peer address as 10.24.35.46:38334
Jul 26 13:16:24 D1 rtpengine[3736234]: WARNING: [deo4dn1pjco37mlp64e3 port 25543]: [core] No support for kernel packet forwarding available (interface to kernel module not open)
Jul 26 13:16:24 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25557]: [core] Confirmed peer address as 10.24.35.46:40401
Jul 26 13:16:24 D1 rtpengine[3736234]: WARNING: [6d7c6867-a659-123c-439c-001dd8b70179 port 25557]: [core] No support for kernel packet forwarding available (interface to kernel module not open)
Jul 26 13:16:27 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25535]: [core] Confirmed peer address as 17.1.0.11:21439
Jul 26 13:16:27 D1 rtpengine[3736234]: WARNING: [deo4dn1pjco37mlp64e3 port 25535]: [core] No support for kernel packet forwarding available (interface to kernel module not open)
Jul 26 13:16:38 D1 rtpengine[3736234]: ERR: [6d7c6867-a659-123c-439c-001dd8b70179 port 25575]: [rtcp] SRTCP output wanted, but no crypto suite was negotiated
Jul 26 13:16:41 D1 /usr/local/sbin/opensips[3966349]: ERROR:rtpengine:rtpengine_offer_answer_body: can't extract body from the message
Jul 26 13:16:41 D1 /usr/local/sbin/opensips[3966349]: ERROR:rtpengine:rtpengine_offer_answer_body: can't extract body from the message
Jul 26 13:16:53 D1 rtpengine[3736234]: ERR: [6d7c6867-a659-123c-439c-001dd8b70179 port 25575]: [rtcp] SRTCP output wanted, but no crypto suite was negotiated
RTPEngine Version :
rtpengine -v
Version: 11.2.1.9+0~mr11.2.1.9 git-mr11.2.1-44ffc5ee
opensips -V
version: opensips 3.3.3 (x86_64/linux)
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [ice] ICE negotiated: peer for component 1 is 10.24.35.46:38334
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [ice] ICE negotiated: local interface 17.1.2.11
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25557]: [crypto] DTLS: Peer certificate accepted
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25556]: [crypto] DTLS: Peer certificate accepted
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25557]: [crypto] DTLS-SRTP successfully negotiated using AEAD_AES_256_GCM
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25556]: [crypto] DTLS-SRTP successfully negotiated using AEAD_AES_256_GCM
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [crypto] DTLS: Peer certificate accepted
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [crypto] DTLS-SRTP successfully negotiated using AES_CM_128_HMAC_SHA1_80
Jul 26 13:16:21 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [crypto] DTLS-SRTP successfully negotiated using AES_CM_128_HMAC_SHA1_80
Jul 26 13:16:23 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25556]: [core] Confirmed peer address as 10.24.35.46:53377
Jul 26 13:16:23 D1 rtpengine[3736234]: WARNING: [6d7c6867-a659-123c-439c-001dd8b70179 port 25556]: [core] No support for kernel packet forwarding available (interface to kernel module not open)
Jul 26 13:16:23 D1 rtpengine[3736234]: ERR: [6d7c6867-a659-123c-439c-001dd8b70179 port 25575]: [rtcp] SRTCP output wanted, but no crypto suite was negotiated
Jul 26 13:16:24 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25543]: [core] Confirmed peer address as 10.24.35.46:38334
Jul 26 13:16:24 D1 rtpengine[3736234]: WARNING: [deo4dn1pjco37mlp64e3 port 25543]: [core] No support for kernel packet forwarding available (interface to kernel module not open)
Jul 26 13:16:24 D1 rtpengine[3736234]: INFO: [6d7c6867-a659-123c-439c-001dd8b70179 port 25557]: [core] Confirmed peer address as 10.24.35.46:40401
Jul 26 13:16:24 D1 rtpengine[3736234]: WARNING: [6d7c6867-a659-123c-439c-001dd8b70179 port 25557]: [core] No support for kernel packet forwarding available (interface to kernel module not open)
Jul 26 13:16:27 D1 rtpengine[3736234]: INFO: [deo4dn1pjco37mlp64e3 port 25535]: [core] Confirmed peer address as 17.1.0.11:21439
Jul 26 13:16:27 D1 rtpengine[3736234]: WARNING: [deo4dn1pjco37mlp64e3 port 25535]: [core] No support for kernel packet forwarding available (interface to kernel module not open)
Jul 26 13:16:38 D1 rtpengine[3736234]: ERR: [6d7c6867-a659-123c-439c-001dd8b70179 port 25575]: [rtcp] SRTCP output wanted, but no crypto suite was negotiated
Jul 26 13:16:41 D1 /usr/local/sbin/opensips[3966349]: ERROR:rtpengine:rtpengine_offer_answer_body: can't extract body from the message
Jul 26 13:16:41 D1 /usr/local/sbin/opensips[3966349]: ERROR:rtpengine:rtpengine_offer_answer_body: can't extract body from the message
Jul 26 13:16:53 D1 rtpengine[3736234]: ERR: [6d7c6867-a659-123c-439c-001dd8b70179 port 25575]: [rtcp] SRTCP output wanted, but no crypto suite was negotiated
RTPEngine Version :
rtpengine -v
Version: 11.2.1.9+0~mr11.2.1.9 git-mr11.2.1-44ffc5ee
opensips -V
version: opensips 3.3.3 (x86_64/linux)
Richard Fuchs
Jul 26, 2023, 9:27:03 AM7/26/23
to rtpe...@googlegroups.com
On 26/07/2023 09.22, [EXT] Pratik Patel wrote:
> RTPEngine logs :
You'll want to enable debug logging for these to be useful.
> RTPEngine logs :
You'll want to enable debug logging for these to be useful.
Pratik Patel
Jul 27, 2023, 12:50:42 AM7/27/23
to rtpengine
Can you please guide me on how to enable debug log?
Pratik Patel
Jul 31, 2023, 5:39:24 AM7/31/23
to rtpengine
Hello
I have increased the log level and generated logs.
Please refer to the Pastebin logs.
https://pastebin.com/70WBP70W
I have increased the log level and generated logs.
Please refer to the Pastebin logs.
https://pastebin.com/70WBP70W
Richard Fuchs
Jul 31, 2023, 8:39:00 AM7/31/23
to rtpe...@googlegroups.com
On 31/07/2023 05.39, [EXT] Pratik Patel wrote:
> Hello
>
> I have increased the log level and generated logs.
>
> Please refer to the Pastebin logs.
There's several calls in that log. I assume
> Hello
>
> I have increased the log level and generated logs.
>
> Please refer to the Pastebin logs.
6a16fd4c-aa27-123c-439c-001dd8b70179 is the problematic one?
That call apparently is already established at the start of the log, so
the initial signalling is missing.
The only other signalling in the log for that call is another offer, and
there's no answer. Perhaps you have your offers and answers mixed up?
Perhaps the second offer should be an answer?
Since the original offer is missing from the log I can only guess, but I
assume this is WebRTC to WebRTC? You should use "UDP/TLS/RTP/SAVPF"
instead of ".../SAVP", and "rtcp-mux-require" instead of "-offer" for
WebRTC.
Cheers
Pratik Patel
Aug 1, 2023, 12:46:01 AM8/1/23
to rtpengine
Hello Richard
Thanks for your help I have tried but still i am not getting a solution can you please help what I missing in my opensips.cfg file.
https://pastebin.com/b3BY4bvf
Thanks for your help I have tried but still i am not getting a solution can you please help what I missing in my opensips.cfg file.
https://pastebin.com/b3BY4bvf
Pratik Patel
Aug 2, 2023, 11:32:16 AM8/2/23
to rtpengine
Hello Richard
Sorry old link expired I have created a new link with a longer time.
https://pastebin.com/w2Kqfqvh
We have been stuck for a long time you quickly guide us on how to fix this problem
Working :
sip2sip
web2sip
Not working:
sip2web
web2web
Sorry old link expired I have created a new link with a longer time.
https://pastebin.com/w2Kqfqvh
We have been stuck for a long time you quickly guide us on how to fix this problem
Working :
sip2sip
web2sip
Not working:
sip2web
web2web
Pratik Patel
Aug 7, 2023, 3:13:18 AM8/7/23
to rtpengine
Any one can help with this please
Reply all
Reply to author
Forward
0 new messages