TLS and SRTP trunk connection

Get help with installing, upgrading and running Asterisk.

Moderators: muppetmaster, Support, Moderator

TLS and SRTP trunk connection

Postby noy_siam » Thu Jun 06, 2013 6:22 am

Hi,

I am trying to connect 2 servers (Primary / Secondery) via trunk, enforcing TLS and SRTP communication only.
Application wise, the secondry server is an identical clone of the primary server.
The servers are able to issue and receive calls, using TLS and SRTP, to softphone client.

Following are trunk settings used both on Primary and Secondy servers:

Incoming:
type=peer
host=1.1.1.1 ;second server IP
context=from-internal
dtmfmode=rfc2833
disallow=all
allow=ulaw&alaw
transport=tls
encryption=yes

Outgoing:
type=peer
username=xxxxxxxx
secret=xxxxxxxx
host=1.1.1.1 ;second server IP
dtmfmode=rfc2833
disallow=all
allow=ulaw&alaw
context=from-internal
transport=tls
encryption=yes

When the trunks are trying to connect, I received the following error from both servers and both trunks statuses is shown as Unreachable:

[2013-05-28 08:35:59] ERROR[1042]: tcptls.c:215 handle_tcptls_connection: Certificate common name did not match (1.1.1.1)
SSL certificate ok

Each of the servers has its own set of certificates generated (ca.crt & asterisk.pem) and in place. To my understanding the keys of the "other server" needs to be specified somehow in the trunk settings, but I didn't found any example, or furthe info of it.

I will appreciate if someone can give me an example of trunk settings allowing such secured trunk connection.


We are using:
CentOS release 6.4
libSRTP 1.4.4
Asterisk 1.8.13
FreePBX 2.10

Best regards,
Noy
noy_siam
Newsterisk
 
Posts: 5
Joined: Sun Apr 21, 2013 4:34 am

Return to Asterisk Support

Who is online

Users browsing this forum: No registered users and 34 guests