I'm setting TLS + SRTP on my VoIP app in android. So far i have compiled PJSIP 2.8 with OpenSSL 1.0.2g. making call without srtp works fine, but when i force to use SRTP, call in not make.
I enable SRTP with following code:
AccountConfig.getMediaConfig().setSrtpUse(pjmedia_srtp_use.PJMEDIA_SRTP_MANDATORY);
AccountConfig.getMediaConfig().setSrtpSecureSignaling(1);
TLS works fine, because if I set secureSignaling to 1 (need TLS transport) and srtpUse to disable, I still can make call and it works fine.
I checked my server with Zoiper, and Zoiper could make a secure call.
So, I'm sure problem is from my configuration of SRTP.
This is my configs on Android App:
TLS Transport :
sipTpConfig.getTlsConfig().setMethod(pjsip_ssl_method.PJSIP_TLSV1_METHOD);
sipTpConfig.getTlsConfig().setVerifyServer(false);
sipTpConfig.getTlsConfig().setVerifyClient(false);
sipTpConfig.getTlsConfig().setRequireClientCert(false);
Port = 5061
and Media Config:
AccountConfig.getMediaConfig().setSrtpUse(pjmedia_srtp_use.PJMEDIA_SRTP_MANDATORY);
AccountConfig.getMediaConfig().setSrtpSecureSignaling(1);
AccountConfig.getMediaConfig().getTransportConfig().getTlsConfig().setMethod(pjsip_ssl_method.PJSIP_TLSV1_METHOD);
In my Server (Asterisk 13.26) I have these configs:
Sip.conf :
[general]
context=internal
externaddr= 192.168.1.2
externip= 192.168.1.2
externtcpport=5060
externudpport=5060
externtlsport=5061
tcpbindaddr=0.0.0.0:5060
udpbindaddr=0.0.0.0:5060
tlsbindaddr=0.0.0.0:5061
allowguest=no
allowoverlap=no
srvlookup=no
allow=all
alwaysauthreject=yes
canreinvite=no
nat=force_rport,comedia
session-timers=refuse
localnet=192.168.1.0/255.255.255.0
tcpenable=yes
srtpcapable=yes
tlsenable=yes
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
encryption=yes
direct_media=no
media_encryption_optimistic=false
media_encryption=sdes
[6002]
type=friend
host=dynamic
secret=12345
context=internal
transport=tls
had anyone same issue or know a way to fix this ?
Log files of android and asterisk :
https://drive.google.com/file/d/18j98zp9FWJGRSvRdKy5k96VNbjUYaRc5/view?usp=sharing
https://drive.google.com/file/d/1eAeX5Gd6phIvKDLCRjVyD6uZV_CP9h6p/view?usp=sharing
Related
I'm trying to use the latest version of pjsip for android
https://github.com/VoiSmart/pjsip-android.
And got an error for incoming call:
Error creating SDP answer: SRTP crypto attribute required (PJMEDIA_SRTP_ESDPREQCRYPTO) [status=220228]
inv0x78653290a8 .Sending Response msg 406/INVITE/cseq=47488686 (tdta0x78bfbcf0a8)
Account configuration for use srtp
SrtpOpt opt = new SrtpOpt();
IntVector optVector = new IntVector();
optVector.add(pjmedia_srtp_keying_method.PJMEDIA_SRTP_KEYING_DTLS_SRTP);
optVector.add(pjmedia_srtp_keying_method.PJMEDIA_SRTP_KEYING_SDES);
opt.setKeyings(optVector);
accCfg.getMediaConfig().setSrtpOpt(opt);
accCfg.getMediaConfig().setSrtpUse(pjmedia_srtp_use.PJMEDIA_SRTP_OPTIONAL);
accCfg.getMediaConfig().setRtcpMuxEnabled(true);
accCfg.getMediaConfig().setSrtpSecureSignaling(0);
Looks like that missed a=crypto: attribute in sdp, but I don't understand how to include it.
However, old version that we used before - works and I don't understand the reason.
And I think if error in creating SDP answer then maybe problem is in incoming sdp.
Is it client or server problem?
Please, help me resolve it.
It was a server problem.
Works well after upgrade server and add a=crypto attribute into SDP.
I try to create a DoT Gateway with nginx. However, i get every time when i try to connect via Android private DNS a status 500 response.
My Nginx config looks like this:
stream {
log_format basic '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time $upstream_addr';
upstream dns {
server 8.8.8.8:53;
}
server {
listen 853 ssl;
access_log /var/log/nginx/dot-access.log basic;
error_log /var/log/nginx/dot-error.log;
ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_timeout 4h;
ssl_handshake_timeout 10s;
proxy_pass dns;
}
}
I have tried to solve the error with https://medium.com/#nykolas.z/troubleshooting-dns-over-tls-e7ca570b6337 and https://www.aaflalo.me/2019/03/dns-over-tls/. A test request with https://getdnsapi.net/query/ works fine and i get "status": GETDNS_RESPSTATUS_GOOD. In in /var/log/nginx/dot-access.log i see
185.49.141.27 [01/Oct/2021:11:59:57 +0200] TCP 200 56 130 0.210 8.8.8.8:53
However, if i enter "my.domain.com" in Android private DNS settings, i get the error message "Connection not possible" and in /var/log/nginx/dot-access.log
84.33.44.28 [01/Oct/2021:11:55:01 +0200] TCP 500 0 0 0.131 -
For me, this means that this setup basically works, however not with Android Private DNS. Anyone with ideas?
I have exactly the same setup and it worked until yesterday.
There seems to be an issue with Let's Encrypt certificates:
https://twitter.com/WatfordJC/status/1443611562028245005
The problem can be solved by adding --preferred-chain="ISRG Root X1" to your certbot request. I just force renewed my certificate and now it is working again.
Other users discussing the topic: https://www.reddit.com/r/Adguard/comments/pynis4/agh_android_private_dns_couldnt_connect/
I am not sure if these are the correct behaviours or not but the events work a bit different in iOS and Android.
In Android the react-native-voice module stop listening to voice after calling the following methods
Voice.android.js:70 onSpeechPartialResults {value: Array(1)}
Voice.android.js:70 onSpeechPartialResults {value: Array(1)}
Voice.android.js:70 onSpeechPartialResults {value: Array(1)}
Voice.android.js:70 onSpeechPartialResults {value: Array(1)}
Voice.android.js:74 onSpeechEnd {error: false}
Voice.android.js:78 onSpeechResults {value: Array(5)}
Is it possible to make the module listening without making it stop?
Tested Android versions: 9.0.5, 8.0
Let me start by saying I've found several proposed solutions online, but none of them seem to work for me.
Issue:
I have a meteor app I'm trying to run on android. For this, I've deployed the app on Heroku and I call the run android-device command using the --mobile-server https://myapp.heroku.com parameter.
I permanently receive the error
"XMLHttpRequest cannot load https://myapp.heroku.com/sockjs/... . No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:12848' is therefore not allowed access. The response had HTTP status code 404.", source: http://localhost:12848/ (0)
Here is what I've tried so far:
I set ROOT URL at meteor startup:
process.env.ROOT_URL = "https://myapp.heroku.com";
I tried setting the Access Control like this, server-side at meteor startup:
WebApp.connectHandlers.use(function(req, res, next) {
res.setHeader("Access-Control-Allow-Origin", "*");
res.header('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE, OPTIONS');
res.header('Access-Control-Allow-Origin', 'http://localhost:3000');
res.header('Access-Control-Allow-Origin', 'https://myapp.heroku.com');
res.header('Access-Control-Allow-Origin', 'http://localhost:12848');
res.header('Access-Control-Allow-Origin', 'http://meteor.local');
res.header("Access-Control-Allow-Headers", "Content-type,Accept,X-Custom-Header");
return next();
});
I tried to use the browser-policy package, like this, server-side at meteor startup:
BrowserPolicy.content.allowSameOriginForAll();
BrowserPolicy.content.allowOriginForAll('*');
BrowserPolicy.content.allowOriginForAll('http://meteor.local');
BrowserPolicy.content.allowOriginForAll('https://myapp.heroku.com');
BrowserPolicy.content.allowOriginForAll('https://*.myapp.heroku.com');
BrowserPolicy.content.allowEval();
I tried adding access rules to "mobile-config.js":
App.accessRule("*");
I made sure the name in the "package.json" file under root is identical to the App name under "mobile-config.js"
What else am I missing?
Edit:
I've also tried adding the express and cors packages to whitelist local host:
var whitelist = [
'http://localhost:3000',
'http://localhost:12848',
'https://myapp.heroku.com'
];
var corsOptions = {
origin: function(origin, callback){
var originIsWhitelisted = whitelist.indexOf(origin) !== -1;
callback(null, originIsWhitelisted);
},
credentials: true
};
app.use(cors(corsOptions));
Also tried to enable pre-flight, like this:
app.options('*', cors())
This is probably the stupidest problem I ever ran into. Trying to run the app using the --mobile-server https://myapp.heroku.com parameter was wrong. Instead, it should be https://myapp.herokuapp.com
That was it. That was the problem all along...
Adding '*' to whitelist should do the job. The ultimate solution lies within config.xml, this should be helpful: https://stackoverflow.com/a/36124935/8056323
Hello fellow developers,
I am developing SIP application using PJSIP library...
Here is my code
And here is my Logcat log
The problem is application is not trying to proceed registration, and no errors at all... (Or I missed something?)
And log on my Kamailio Server (when my device tries to connect and log stucks nothing happens):
22(32406) DEBUG: <core> [ip_addr.c:229]: print_ip(): tcpconn_new: new tcp connection: 192.168.0.150
22(32406) DEBUG: <core> [tcp_main.c:985]: tcpconn_new(): on port 17749, type 3
22(32406) DEBUG: <core> [tcp_main.c:1295]: tcpconn_add(): hashes: 879:4076:3775, 50
22(32406) DEBUG: <core> [io_wait.h:376]: io_watch_add(): DBG: io_watch_add(0x9f8540, 44, 2, 0x7f6cdbbf3948), fd_no=34
ps. I tested server with ready client and everything is ok...
Thanks in advance :)
I have resolved issue...
The problem was in registering PJSIP in another thread... I was using main Thread and initializing connection on OnCreate() event in MainActivity. Which means, after OnCreate() fired and finishes its job, initialization process was getting destroyed before it connects into server...
What I did:
Before:
UaConfig ua_cfg = epConfig.getUaConfig();
ua_cfg.setUserAgent("Pjsua2 Android " + ep.libVersion().getFull());
ua_cfg.setThreadCnt(0);
ua_cfg.setMainThreadOnly(true);
After:
UaConfig ua_cfg = epConfig.getUaConfig();
ua_cfg.setUserAgent("Pjsua2 Android " + ep.libVersion().getFull());
Removing those lines makes PJSIP library to create its own worker thread...