Setup TLS + ZRTP For VOIP Using Asterisk and CSipSimple

问题

Im trying to setup voip exchange using asterisk ans CSipSimple as client, fol are the detials

Server Side:

1. Generate certificates for server and two clients
2. Place the server cert in /etc/asterisk/keys/

sip.conf:

[general]
context=local
allowguest=no
alwaysauthreject=yes
allow=gsm
allow=ulaw
allow=alaw

directmedia=yes  

allowoverlap=no
bindport=5061
tlsdontverifyserver=yes      
tlsenable=yes
tlsbindaddr=192.168.0.119

tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscapath=/etc/asterisk/keys

register => tls://john:password@192.168.0.119:5061
register => tls://jane:password@192.168.0.119:5061
tlscipher=ALL
tlsclientmethod=tlsv1
localnet=192.168.0.119/255.255.255.0

[john]
type=peer
defaultuser=john
secret=password
dtmfmode=rfc2833
callerid="User one"
host=dynamic      
canreinvite=no
nat=no
encryption=yes
transport=tls

[jane]
type=peer
defaultuser=jane
secret=password
dtmfmode=rfc2833
callerid="User two"
host=dynamic   
canreinvite=no
nat=no
encryption=yes
transport=tls

Client Side:

setup the TLS setting in OSTN account

udp enabled tcp enabled
srtp disabled zrtp create zrtp codes => GSM,ulaw,alw

Problem

TLS +zRTP displayed and the call is made instead on the asterisk CLI i see a messsage,

WARNING[5008][C-00000034]: chan_sip.c:10433 process_sdp: Matched device setup to use SRTP, but request was not!

im using android 4.2.2 asterisk 1.8, if i make srtp mandatory and zRTP => create zrtp the call is made indicating TLS to the immediate hop + srtp

How can i achieve TLS +ZRTP on asterisk using CSipSimple as client.

Regards.

回答1:

ZRTP is a protocol for end-to-end devices encryption and this cannot be achieved with the standard unmodified Asterisk since it is basically designed as a server not as a proxy (which is what you need in order to achieve zrtp forwarding). However, The Zfgone project has released some patches for Asterisk to support it. The implementation is quite a challenge since some problems may occurs on the go (for example, sound distortion caused by some codecs) due some bugs on asterisk and it also implies some feature limitations (like not being able to transfer or put a call on hold). But you can use SRTP (it also encrypts traffic but only between server and client) If you want to use zrtp, I will recommend you to use a kamailio sip server.

来源：https://stackoverflow.com/questions/26729200/setup-tls-zrtp-for-voip-using-asterisk-and-csipsimple