Search

Secure connection with media encryption (SRTP)

Secure connection with media encryption (SRTP)

In this article, you will learn how to encrypt communication, so that no one will be able to eavesdrop on conversations between extensions on Asterisk.

We will not describe how to generate certificates as this has already been explained in previous articles:

 

Interestingly, even if your SIP communication is encrypted, unencrypted RTP traffic can still be intercepted. Secure connections are made possible by media encryption (SRTP)

Table of Contents

1) Prerequisites

SRTP support is provided by libsrtplibsrtp must be installed on your computer before compiling Asterisk, otherwise you will see the following error:

ERROR[10167]: chan_sip.c:27987 setup_srtp: No SRTP module loaded, can't setup SRTP session.

If necessary, recompile Asterisk with libsrtp selected.

2) SRTP media encryption

 2.1) SIP channels

To enable encryption for SIP extensions, add encryption=yes to individual extensions or globally in the [general] section.

				
					encryption=yes
				
			

 2.2) PJSIP channels

To enable encryption for PJSIP extensions, add media_encryption to the individual extensions.

This variable can have one of the following values:

  • no – res_pjsip will offer no encryption and allow no encryption to be setup (default option)
  • sdes – res_pjsip will offer standard SRTP setup via in-SDP keys (encrypted SIP transport should be used in conjunction with this option to prevent exposure of media encryption keys)
  • dtls – res_pjsip will offer DTLS-SRTP setup

Additionally, you can use the media_encryption_optimistic variable to not enforce encryption, but to treat it as an option for phones that support it.

				
					media_encryption=sdes
media_encryption_optimistic=yes
				
			

As a result, not only SIP communication will be encrypted but also RTP media.

Do you really know what is happening on your PBX? Let’s try our proprietary VOIPERO software.

 

The system arleady has launched and now is completely FREE. Setup takes only a few minutes.

 

Get to know what VOIPERO system is able to do in terms of reporting & live monitoring of VoIP systems created on Asterisk.

Share this post

Do you have questions or you need an offer?

Contact us!

Most popular

Related Posts

We Have Launched

Monitoring & Reporting of Your VoIP Server