Has anyone have instructions to share on how to get Jitsi to connect
to an Asterisk 11 PBX (FreePBX) using DTLS/SRTP? If you do would
youplease make them available to me?
If you insist on using DTLS: I have no idea how that works over SIP
nor whether our implementation actually works with SIP and not just
First thank you for your reply. I appreciate the assistance very much.
I simply do not know very much about this technology, notwithstanding
that I successfully installed and configured our Asterisk/FreePBX
system back in 2013. What I can say is that our internal hardsets,
Snom-870s for the most part, are configured to use SRTP (AES-80) and
WireShark traces seem to confirm that this is working as it should,
Voice calls are successfully completed and the packets appear to be
encrypted to and from the Asterisk server host. We connect to PSTN
from there so obviously encryption for outside calls is not possible
via that channel.
Asterisk11/FreePBX provides support for SRTP at the device level and
they have recently added the ability to enable DTLS/SRTP by device as
well. There are a number of configuration issues with this that I
have yet to solve so I may be premature in bringing this matter to
your attention. But I am desperate for some clues on how to proceed,
however tangential they may turn out to be.
Otherwise, consider using SDES together with signaling transport over
TLS. Configure your DNS so that Jitsi can perform autodetection of the
server (i.e. create an SRV for _sips._tcp.example.org that points to
your Asterisk on port 5061) and configure the SIP account (e.g. with
provisioning) to use SDES as key exchange only and set RTP/SAVP to
From everything I have read Asterisk11 only listens for SIP on 5060
regardless of TLS or not. Am I misinformed?
SDES/SRTP seems to be the manner in which Asterisk supports the Snom
hard-sets. I am presently trying to sort out in my mind how to enable
TLS for this. I find it hard to locate documentation from reputable
sources on this subject. And what I do find usually assumes a level
of expertise with this technology that I have yet to acquire.
Nevertheless, I am making progress and so I expect that eventually all
this will work as I require.
One question I have though is that Jitsi appears, from wireshark
observation and gateway logs, to use UDP exclusively for SIP and I
have been unable to find an option setting to change this behaviour.
How does one tell Jitsi to use TCP for SIP instead of UDP?
Be sure that you use libsrtp >= 1.5.0 on the server side, or Asterisk
That will be a problem. The version of libsrtp shipped with the
FreePBX CentOS-6.5 based distro is 1.4.4 and it is unlikely that I
would be able to update this without breaking a lot of the system.
On Tue, February 24, 2015 06:15, Ingo Bauersachs wrote:
On Mon, February 23, 2015 17:08 (+5:00) "James B. Byrne" wrote:
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3