SRTP + Asterisk + Centos 6.2

By doug | Published May 18, 2012

So, supposedly the libsrtp is included with 1.8.X (at some point) asterisk releases, but… I’m not having luck so, I went through with install it from a tarball and going from there.

What you’re going to want to do is, well first, reference this guy. Who got me pointed in the right direction.

You can download libsrtp straight up from here. But I was struggling with linkage of the shared object, so I found this sRPM (which I found from this forum post)

Then I had to specify the prefix anyways… I got the code hint from Asterisk ./configure.

[user@host]$ ./configure CFLAGS=-fPIC --prefix=/usr
[user@host]$ make
[user@host]$ make install

Then… recompile Asterisk, starting with a ./configure. Also in “make menuselect” ensure that there’s a res_srtp.

I went and used the canonical reference @ wiki.asterisk.org. Which will get you most of the way there. And I bought myself this Bria softphone for Android.

Because, who wants to have your calls heard from a packet capture!? By the same token, I am supporting SIP/RTP as well on this machine. “It’s your dime” is my motto.

Here’s what my sip.conf looks like afterwards:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

[general]
context=default                 ; Default context for incoming calls
allowoverlap=no                 ; Disable overlap dialing support. (Default is yes)
udpbindaddr=0.0.0.0             ; IP address to bind UDP listen socket to (0.0.0.0 binds to all)
tcpenable=no                    ; Enable server for incoming TCP connections (default is no)
tcpbindaddr=0.0.0.0             ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces)
transport=udp                   ; Set the default transports.  The order determines the primary default transport.
srvlookup=yes                   ; Enable DNS SRV lookups on outbound calls
externaddr=1.2.3.4
localnet=192.168.0.0/255.255.0.0
 
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1 ;none of the others seem to work with Blink as the client
 
[yoursipclient]
type=peer
secret=extrasecretpasswordhere 
host=dynamic
context=whereyouwantittoland
dtmfmode=rfc2833
transport=tls ;# important! (no tls without this)
mailbox=200
setvar=MyMail=200
encryption=yes ;# important! (no srtp without this)

Rock out

This entry was posted in Asterisk, Uncategorized. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>