voiprtpfreeswitchopensips

[RTPEngine]Failed to init DTLS connection: key values mismatch

i got the connection like this

sip flow
freeswitch server --(sip)-- > opensips ----(wss)---> sip client in chrome with jssip/webrtc
the rtp flow
freeswitch server ---- > rtpengine-------> sip client in chrome with jssip/webrtc

the sip client is registered in opensips, when sip calls is originated, opensips will shift the sip call to wss protocol while the rtpengine will transfer the rtp stream in an encrypted way.

everything works fine unless the part between rtpengine to jssip client. the call will hangup in 30 sec due to NO MEDIA by freeswitch.

i checked the logs in rtpengine, and found these warnings and error,

ERR [crypto] Failed to init DTLS connection: key values mismatch 
WARNING [core] ICE restart detected, but reset not allowed at this point
ERR [rtcp] SRTCP output wanted, but no crypto suite was negotiated

Here is my configure part for rtpengine offer in opensips.cfg


branch_route[1] {

# couples of lines omitted

$var(rtpengine_flags) = "RTP/SAVPF SDES-no rtcp-mux-offer replace-session-connection replace-origin ICE=force address-family=IP4 out-iface=pub in-iface=pub";
rtpengine_offer("$var(rtpengine_flags)");

}

Here are the SDP negotiation part

rtpengine-> jssip client in INVITE

v=0
o=FreeSWITCH 1668770237 1668770238 IN IP4 8.210.107.107
s=FreeSWITCH
c=IN IP4 8.210.107.107
t=0 0
a=msid-semantic: WMS 2ImUufOQPNDojzwQRNjtlprF4InCfAd7
m=audio 42782 RTP/SAVPF 8 0 101
a=ssrc:1803089321 cname:8pRtvw9aaDpk3M0K
a=ssrc:1803089321 msid:2ImUufOQPNDojzwQRNjtlprF4InCfAd7 a0
a=ssrc:1803089321 mslabel:2ImUufOQPNDojzwQRNjtlprF4InCfAd7
a=ssrc:1803089321 label:2ImUufOQPNDojzwQRNjtlprF4InCfAd7a0
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=sendrecv
a=rtcp:42783
a=rtcp-mux
a=setup:actpass
a=fingerprint:sha-256 A4:C8:C6:97:DA:0A:FA:BC:B9:C1:97:D2:22:EF:70:6D:A1:78:B9:F9:00:60:AC:DF:69:E3:60:DB:F7:EA:2C:F5
a=ptime:20
a=ice-ufrag:ODhSSSee
a=ice-pwd:sK872thzGVIdizUSWzfuVzEOWe
a=candidate:zGAW3IRHAMII4q3e 1 UDP 2130706431 8.210.107.107 42782 typ host
a=candidate:zGAW3IRHAMII4q3e 2 UDP 2130706430 8.210.107.107 42783 typ host

jssip client --> rtpengine in reply 200 OK

v=0
o=- 5243747727296622141 2 IN IP4 127.0.0.1
s=-
t=0 0
a=msid-semantic: WMS O9XWhjITMoc3TM2D2J9KMKWKOC7Bd0xR9DZf
m=audio 64247 RTP/SAVPF 8 0 101
c=IN IP4 10.11.0.34
a=rtcp:9 IN IP4 0.0.0.0
a=candidate:589451690 1 udp 2122260223 10.11.0.34 64247 typ host generation 0 network-id 1 network-cost 50
a=candidate:3667169833 1 udp 2122194687 169.254.43.39 64248 typ host generation 0 network-id 2
a=candidate:2999745851 1 udp 2122129151 192.168.56.1 64249 typ host generation 0 network-id 3
a=candidate:6184858 1 udp 2122063615 169.254.223.104 64250 typ host generation 0 network-id 4
a=candidate:508951713 1 udp 2121998079 192.168.3.30 64251 typ host generation 0 network-id 5 network-cost 10
a=candidate:1839312218 1 tcp 1518280447 10.11.0.34 9 typ host tcptype active generation 0 network-id 1 network-cost 50
a=candidate:2484563673 1 tcp 1518214911 169.254.43.39 9 typ host tcptype active generation 0 network-id 2
a=candidate:4233069003 1 tcp 1518149375 192.168.56.1 9 typ host tcptype active generation 0 network-id 3
a=candidate:1323148138 1 tcp 1518083839 169.254.223.104 9 typ host tcptype active generation 0 network-id 4
a=candidate:1356202065 1 tcp 1518018303 192.168.3.30 9 typ host tcptype active generation 0 network-id 5 network-cost 10
a=ice-ufrag:xbP9
a=ice-pwd:5zKlMQDpo8aqCnJliT5bt6rH
a=ice-options:trickle
a=fingerprint:sha-256 12:FD:0A:B5:05:0B:0D:B8:62:7E:59:65:45:F9:5A:07:10:63:7C:0C:05:96:35:C9:27:D7:D7:7B:DE:C5:70:8A
a=setup:active
a=mid:0
a=sendrecv
a=rtcp-mux
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=ssrc:2078142037 cname:ARU0gPhz4hvVPHMO
a=ssrc:2078142037 msid:O9XWhjITMoc3TM2D2J9KMKWKOC7Bd0xR9DZf f4a6248a-f3ca-4e23-a656-36b5d039ee3e

I tried to search any related issue or question and found issue 1524

However, it is no answer and solution for it yet.

I also read the source code of rtpengine, and realise it was from openssl, but i don't quite fimiliar with that. Hope anyone can help.

Solution

  • After a lot of ways to try, i just figured it out by myself.

    before i tell the cause, i need to brief the process of dtls process of rtpengine.

    when RtpEngine starts, it creates a certificate itself.

    [1668851507.814949] INFO: [crypto] Generating new DTLS certificate
[1668851507.818173] INFO: [core] Startup complete, version undefined

    the underlayer thing is invoking openssl api to create the certificate that interacts in dtls. this openssl api depends on the installed openssl lib in the os.

    It performs as Servce end, and its gereated cert will be passed to the Client; My client is a webrtc sip client in Chrome, which has a latest version of openssl i guess.

    It seems that client and server have different version for the encryption, which causes the error: key value mismatched

    therefore, the root cause is old-version openssl lib.

    i installed rtpengine in centos 7, which has a quite old version of openssl, like openssl 1.0.2k .( this is likely to be 2015 if i'm not wrong)

    when i changed the os version to ubuntu 20, this issue was gone immediately.

    And then I checked the base version of openssl that ubuntu 20 installed, it is openssl 3.0. I'm not sure whether this version is a must or not, but it works for this version.

    So theoretically if you installed this verson of openssl in your OS, it could fix this issue.

    but i didn't try that in centos 7 anyway.

    Hope it can help the guys who encountered the similar issue like this.