Property:SRTP

Protocol

Goto:   FRITZ!OS   -   Attention  -  SMW-Browser

SRTP (Secure Real-time Transport Protocol) is the secure variant of the RTP protocol using AES encryption.
It shares the same features and uses an even port above 1024 like the RTP protocol.

SRTP works in conjunction with the SRTCP (Secure Real-time Control Protocol), which uses an odd port above 1024.
While SRTP provides the audio or video stream the SRTCP protocol provides stream control and status feedback.

In FRITZ!OS SRTP is used for VoIP and is performed by voipd using librtpstream.so.

For every Fritzbox with configured Telephony the 40 ports Port-7078-7109-udp are open to the Internet.
This is required for a maximum of 20 SIP accounts, 20 even ports for RTP / SRTP and 20 odd ports for RTCP / SRTCP.

SRTP and SRTCP support was prerpared since long time, the variable CONFIG_SRTP exists since fw 4.38.
However, it was never enabled. This happened in fw 7.19, when this variable turned to y the first time.

libsrtp.so by Cisco is present in FRITZ!OS since fw 4.80 and is optionally loaded by librtpstream.so used by voipd.

The Webinterface maintains the SRTP / SRTCP settings per SIP account in the sip ui-module, which is maintained by libfon.so.

Keys added in fw 7.19:

sip:settings/sip$N/encryption_enabled
sip:settings/sip$N/transport_type
sip:settings/sip$N/crypto_avp_mode

$N is the SIP account number (0-19). In fw 7.39 further keys were added:

sip:settings/sip/$N/transport_type_used
sip:settings/sip/$N/tls_version
sip:settings/sip/$N/current_cipher

The settings are stored in the ua* sections of voip.cfg which is maintained by libar7cfg.so.

Attention

FRITZ!OS 7.25 to 7.28 had a bug which initiated a SRTP session but used RTP instead.
Make sure you update to at least fw 7.29 if you intend to use SRTP.

The german ISP Telekom blocks VoIP from the FRITZ!OS versions which are affected by this bug^[1].

If you know further facts about this bug get in touch.

SMW-Browser