Grandstream GXP2160 + SRTP

Home » Asterisk Users » Grandstream GXP2160 + SRTP
Asterisk Users 1 Comment

Hello,

I am trying to setup a Grandstream GXP2160 IP-phone with secure calling
(SRTP).

Secure signaling SSIP for registration is working great !

I follow this guide :
https://wiki.asterisk.org/wiki/display/AST/Secure+Calling+Tutorial

But when I try to make a call with SRTP, I get stuck. There is an initial INVITE which is anwered with a 401. There should follow a new INVITE with a nonce, but this does not happen. Any idea why ? Is it the Grandstream IP-phone ??

<--- SIP read from TLS:my.pub.lic.ip:53416 --->
INVITE sip:0123123123@ast.ser.ver.ip:5061 SIP/2.0
Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;rport;alias From: ;tag&3162018
To:
Call-ID: 1695864968-5068-8@BJC.BGI.B.BAE
CSeq: 50 INVITE
Contact:
X-Grandstream-PBX: true Max-Forwards: 70
User-Agent: Grandstream GXP2160 1.0.2.9
Privacy: none P-Preferred-Identity:
Supported: replaces, path, timer Allow: INVITE, ACK, OPTIONS, CANCEL, BYE, SUBSCRIBE, NOTIFY, INFO, REFER, UPDATE, MESSAGE
Content-Type: application/sdp Accept: application/sdp, application/dtmf-relay Content-Length: 522

v=0
o=testacc77005 8004 8000 IN IP4 192.168.1.104
s=SIP Call c=IN IP4 192.168.1.104
t=0 0
m=audio 5020 RTP/SAVP 0 8 18 9 2 101
a=sendrecv a=rtpmap:0 PCMU/8000
a=ptime:20
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no a=rtpmap:9 G722/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:8m7ZfG+0t3KBFGK40IfDO11SZ6D54glKKIwdgo00|2^32
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:nn+id/sSK7OErMfnZZduKNPLejpscxx1vUQB2seO|2^32

<--- Reliably Transmitting (NAT) to my.pub.lic.ip:53416 --->
SIP/2.0 401 Unauthorized Via: SIP/2.0/TLS
192.168.1.104:5068;branch=z9hG4bK60724585;alias;received=my.pub.lic.ip;rportS416
From: ;tag&3162018
To: ;tag=as1e527556
Call-ID: 1695864968-5068-8@BJC.BGI.B.BAE
CSeq: 50 INVITE
Server: mydomain Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer WWW-Authenticate: Digest algorithm=MD5, realm=”mydomain.be”, nonce=”13b47342″
Content-Length: 0

<--- SIP read from TLS:my.pub.lic.ip:53416 --->
ACK sip:0123123123@ast.ser.ver.ip:5061 SIP/2.0
Via: SIP/2.0/TLS 192.168.1.104:5068;branch=z9hG4bK60724585;rport;alias From: ;tag&3162018
To: ;tag=as1e527556
Call-ID: 1695864968-5068-8@BJC.BGI.B.BAE
CSeq: 50 ACK
Content-Length: 0

One thought on - Grandstream GXP2160 + SRTP

  • Hello,

    I seem to have the same problem with Snom 370 IP-phone. Registration works fine ! But I can not make calls with encrypted rtp.

    <--- SIP read from TLS:my.pub.lic.ip:1068 --->
    INVITE sip:0123123123@ast.ser.ver.ip;user=phone SIP/2.0
    Via: SIP/2.0/TLS 192.168.1.107:1068;branch=z9hG4bK-gxm8w1q7l2co;rport From: ;tag=zdwiwg10qx To:
    Call-ID: 3c2679977b67-9j0euqvseh5v CSeq: 1 INVITE
    Max-Forwards: 70
    Contact: ;reg-id=1
    X-Serialnumber: 0004132E2809
    P-Key-Flags: resolution=”31×13″, keys=”4″
    User-Agent: snom370/8.4.35
    Accept: application/sdp Allow: INVITE, ACK, CANCEL, BYE, REFER, OPTIONS, NOTIFY, SUBSCRIBE, PRACK, MESSAGE, INFO, UPDATE
    Allow-Events: talk, hold, refer, call-info Supported: timer, 100rel, replaces, from-change Call-Info: ;appearance-index=1
    Session-Expires: 3600;refresher=uas Min-SE: 90
    Content-Type: application/sdp Content-Length: 632

    v=0
    o=root 1052895538 1052895538 IN IP4 192.168.1.107
    s