[Freeswitch-dev] Query related to enabling SRTP in FreeSWITCH-1.0.7

Goutham BG bggoutham at gmail.com
Mon Dec 20 18:46:31 MSK 2010


Hi,

I have been trying to enable SRTP in FreeSWITCH-1.0.7 and have been facing
some issues.
I have the following entry in my dialplan XML file:

*<extension name="IVR">
    <condition field="destination_number" expression="^IVR$">
      <action application="bridge" data="loopback/app=socket:
47.152.232.156:8084 async full"/>
    </condition
</extension>*

A SIP phone (Avaya 12XX) configured in "SRTP best effort" mode dials into
this extension and is connected to the IVR. But the media is established in
SRTP in one way and RTP in the other way.
The phone offers the following SDP in the INVITE message:

v=0
o=- 10170 10170 IN IP4 47.152.232.147
s=Sip Call
c=IN IP4 47.152.232.147
t=0 0
m=audio 5016 RTP/AVP 0 8 18 101 102
a=rtpmap:0 PCMU/8000
a=ptime:20
a=rtpmap:8 PCMA/8000
a=ptime:20
a=rtpmap:18 G729/8000
a=ptime:20
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=rtpmap:102 X-nt-inforeq/8000
a=sendrecv
m=audio 5016 RTP/SAVP 0 8 18 101 102
a=rtpmap:0 PCMU/8000
a=ptime:20
a=rtpmap:8 PCMA/8000
a=ptime:20
a=rtpmap:18 G729/8000
a=ptime:20
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=rtpmap:102 X-nt-inforeq/8000
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Tjivoci1I/mVkt/Fq/ZsiY+
+ornJoXjZ5tSadho4
a=sendrecv

As we can see, there are two "m=" lines in the SDP of the offer; one for RTP
and another for SRTP. FreeSWITCH-1.0.7 answers the call by sending 200OK
with the following SDP:

v=0
o=FreeSWITCH 1291628984 1291628985 IN IP4 47.152.232.156
s=FreeSWITCH
c=IN IP4 47.152.232.156
t=0 0
m=audio 11280 RTP/AVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
a=ptime:20
m=audio 0 RTP/SAVP 19

As you can see above, FreeSWITCH accepts the RTP stream and rejects the SRTP
stream (by sending port as 0) in the SDP. The SIP phone sends the media in
RTP(which is expected). But, FreeSWITCH sends the media in SRTP to the SIP
phone. I believe this is a bug in FreeSWITCH as it is supposed to send the
media in RTP since it accepted RTP in the answer (200OK).

*Query:
======*
In order to make FreeSWITCH select SRTP in the SDP of the answer(200OK), I
made the following change(in *bold*) in FS dial plan:

*<extension name="IVR">
    <condition field="destination_number" expression="^IVR$">
      <action application="set" data="sip_secure_media=true"/>
      <action application="bridge" data="loopback/app=socket:
47.152.232.156:8084 async full"/>
    </condition
</extension>*

In FreeSWITCH-1.0.6(before updating to 1.0.7), this worked and FS accepted
the SRTP stream and rejected RTP in the answer(200 OK) as shown below:

m=audio 0 RTP/AVP 19
m=audio 12084 RTP/SAVP 0 101
a=rtpmap:0 PCMU/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
a=ptime:20
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:hgv7ClqDx1irTRrXq2NEm9Gbouw0969bBU3n+LcM

But after updating the FreeSWITCH-1.0.6 to 1.0.7, the above mentioned dial
plan change (i.e, setting sip_secure_media=true) is not working. It is still
behaving in the same way as it did without the XML change.

Can you please let me know if anything else needs to be added in dialplan
XML file for enabling SRTP in this case in FreeSWITCH-1.0.7 or am I missing
something here?

I have referred the following FS wiki pages for making the SRTP changes:
http://wiki.freeswitch.org/wiki/Secure_RTP
http://wiki.freeswitch.org/wiki/SRTP

Note: There is no issue when the SIP phone is configured in "SRTP only" mode
where only SRTP stream is offered in the SDP of the INVITE. In this case,
SIP phone and FreeSWITCH communicate properly using SRTP. This doesn't
require setting "sip_secure_media=true" in the dialplan XML file.
P.S: I am a newbie to FreeSWITCH. So, please forgive me if I am asking basic
questions.

Thanks
Goutham B G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20101220/6572b7eb/attachment.html 


More information about the FreeSWITCH-dev mailing list