ASTERISK通信加密问题

george_young

近来学习trixbox过程中，发现电信接入不定时的阻挡ATA到SERVER的连接。使通信不能正常运行，后来在LINKSYS的ATA里面看到有
srtp（安全rtp?） 的设定,还有某些key的设定，   想搭建起来看能否突破限制。

但没有了解过这方面东西，请知道的高人给个能联接或者文章地址

先谢谢

george_young

另外，这段时间手上的一个LINKSYS的PAP2-NA不知道出了什么问题：连接到pennytel上面一段时间后，监视界面显示online,拿起来有拨号音，但拨对方号码不提示对方用户不在线（对方确实在线！！），只有类似忙音的DO   DO 声。


以为是过热 拔掉电源过10分钟再接上去还是不行。

另外一个PAP2-NA是连通电源1段时间之后拨出接入都有非常大的噪音，断电5分钟后再连就没有问题。

zhyiquan

http://blog.chinaunix.net/u/31419/showart_459824.html

Asterisk SRTP



Asterisk SRTP
History
Ref. http://bugs.digium.com/view.php?id=5413

REQUIREMENTS
for Centos4 (does not compile )
for fedora6
yum -y install gcc gcc-c++ pkgconfig zlib-devel openssl-devel ncurses-devel
yum -y install autoconf automake libtool

LIBSRTP
test configuration
download http://srtp.sourceforge.net/download.html
tar -xzf srtp-tarball
./configure --prefix=/usr
make
make runtest
make install

MINISIP libraries (IT'S IMPORTANT TO KEEP FOLLOWING ORDER!)
(yum -y install subversion if is not installed)
svn co -r3250 svn://svn.minisip.org/minisip/trunk minisip-trunk
cd minisip-trunk

Compiling and installing libmutil
First we run the bootstrap script to generate the configure script.
cd libmutil
libmutil$ ./bootstrap

Now we are ready to compile the source code of libmutil and install it:
libmutil$ ./configure --prefix=/usr
libmutil$ make
libmutil$ make install

Compiling and installing libmnetutil
Configuring, compiling and installing libmnetutil is done the same way as with libmutil:
cd ../libmnetutil
libmnetutil$ ./bootstrap
libmnetutil$ ./configure --prefix=/usr
libmnetutil$ make
libmnetutil$ make install

Compiling and installing libmcrypto
Configuring, compiling and installing libmcrypto is done the same way as with libmutil:
cd ../libmcrypto
libmcrypto$ ./bootstrap
libmcrypto$ ./configure --prefix=/usr
libmcrypto$ make
libmcrypto$ make install

Compiling and installing libmikey
Configuring, compiling and installing libmikey is done the same way as with libmutil:
cd ../libmikey
libmikey$ ./bootstrap
libmikey$ ./configure --prefix=/usr
libmikey$ make
libmikey$ make install

ASTERISK

svn checkout -r61760 http://svn.digium.com/svn/asterisk/trunk asterisk-trunk
cd asterisk-trunk
wget "http://bugs.digium.com/file_download.php?file_id=13837&type=bug"
patch -p1 < ast_srtp_r61760_mikey_r3250.patch
./bootstrap.sh
(!in fc6 you must delete SED check in configure vi ./configure - line 3589!)
./configure
make menuselect (check res_srtp in "resource modules"
make
make install


CONFIG
This patch supports the following channel variables:

SIPSRTP=<any>
Outgoing methods:
SIPSRTP_CRYPTO=disable - Enable/disable sdescriptions
SIPSRTP_MIKEY=disable - Enable/disable MIKEY DH-HMAC




extensions.conf
[main]
exten => 600,1,Set(_SIPSRTP=optional)
exten => 600,n,Set(_SIPSRTP_CRYPTO=enable)
exten => 600,n,Playback(demo-echotest) ; Let them know what's going on
exten => 600,n,Echo ; Do the echo test
exten => 600,n,Playback(demo-echodone) ; Let them know it's over
exten => 600,n,hangup

exten => 610,1,Set(_SIPSRTP=require)
exten => 610,n,Set(_SIPSRTP_MIKEY=enable)
exten => 610,n,Playback(demo-echotest) ; Let them know what's going on
exten => 610,n,Echo ; Do the echo test
exten => 610,n,Playback(demo-echodone) ; Let them know it's over
exten => 610,n,hangup

sip.conf
[700]
type=friend
c
host=dynamic
secret=700
nat=yes

[701]
type=friend
c
host=dynamic
secret=701
nat=yes


call to 600
look at ethereal dump at asterisk box i.e tethereal host <phone ip>


Known issues
MIKEY method doesn't support optional encryption. The callee can't force encryption or select method. The caller need to hangup if it requires encryption and it isn't available.