Hi,<br><br>I have been trying to enable SRTP in FreeSWITCH-1.0.7 and have been facing some issues.<br>I have the following entry in my dialplan XML file:<br><br><i><extension name="IVR"><br> <condition field="destination_number" expression="^IVR$"><br>
<action application="bridge" data="loopback/app=socket:<a href="http://47.152.232.156:8084/" target="_blank">47.152.232.156:8084</a> async full"/><br> </condition<br></extension></i><br>
<br>A
SIP phone (Avaya 12XX) configured in "SRTP best effort" mode dials into
this extension and is connected to the IVR. But the media is
established in SRTP in one way and RTP in the other way.<br>
The phone offers the following SDP in the INVITE message:<br><br>v=0<br>o=- 10170 10170 IN IP4 47.152.232.147<br>s=Sip Call<br>c=IN IP4 47.152.232.147<br>t=0 0<br>m=audio 5016 RTP/AVP 0 8 18 101 102<br>a=rtpmap:0 PCMU/8000<br>
a=ptime:20<br>a=rtpmap:8 PCMA/8000<br>a=ptime:20<br>a=rtpmap:18 G729/8000<br>a=ptime:20<br>a=fmtp:18 annexb=no<br>a=rtpmap:101 telephone-event/8000<br>a=fmtp:101 0-15<br>a=rtpmap:102 X-nt-inforeq/8000<br>a=sendrecv<br>m=audio 5016 RTP/SAVP 0 8 18 101 102<br>
a=rtpmap:0 PCMU/8000<br>a=ptime:20<br>a=rtpmap:8 PCMA/8000<br>a=ptime:20<br>a=rtpmap:18 G729/8000<br>a=ptime:20<br>a=fmtp:18 annexb=no<br>a=rtpmap:101 telephone-event/8000<br>a=fmtp:101 0-15<br>a=rtpmap:102 X-nt-inforeq/8000<br>
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Tjivoci1I/mVkt/Fq/ZsiY+<div id=":1eg">+ornJoXjZ5tSadho4<br>a=sendrecv<br><br>As
we can see, there are two "m=" lines in the SDP of the offer; one for
RTP and another for SRTP. FreeSWITCH-1.0.7 answers the call by sending
200OK with the following SDP:<br>
<br>v=0<br>o=FreeSWITCH 1291628984 1291628985 IN IP4 47.152.232.156<br>s=FreeSWITCH<br>c=IN IP4 47.152.232.156<br>t=0 0<br>m=audio 11280 RTP/AVP 0 101<br>a=rtpmap:0 PCMU/8000<br>a=rtpmap:101 telephone-event/8000<br>a=fmtp:101 0-16<br>
a=silenceSupp:off - - - -<br>a=ptime:20<br>m=audio 0 RTP/SAVP 19<br><br>As
you can see above, FreeSWITCH accepts the RTP stream and rejects the
SRTP stream (by sending port as 0) in the SDP. The SIP phone sends the media in
RTP(which is expected). But, FreeSWITCH sends the
media in SRTP to the SIP phone. I believe this is a bug in FreeSWITCH as it is
supposed to send the media in RTP since it accepted RTP in the answer
(200OK).<br>
<br><b>Query:<br>======</b><br>In order to make FreeSWITCH select SRTP in the SDP of the answer(200OK), I made the following change(in <b>bold</b>) in FS dial plan:<br><br><i><extension name="IVR"><br> <condition field="destination_number" expression="^IVR$"><br>
<b> <action application="set" data="sip_secure_media=true"/></b><br> <action application="bridge" data="loopback/app=socket:<a href="http://47.152.232.156:8084/" target="_blank">47.152.232.156:8084</a> async full"/><br>
</condition<br></extension></i><br><br>In
FreeSWITCH-1.0.6(before updating to 1.0.7), this worked and FS accepted
the SRTP stream and rejected RTP in the answer(200 OK) as shown below:<br><br>m=audio 0 RTP/AVP 19<br>
m=audio 12084 RTP/SAVP 0 101<br>a=rtpmap:0 PCMU/8000<br>a=rtpmap:101 telephone-event/8000<br>a=fmtp:101 0-16<br>a=silenceSupp:off - - - -<br>a=ptime:20<br>a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:hgv7ClqDx1irTRrXq2NEm9Gbouw0969bBU3n+LcM<br>
<br>But after updating the FreeSWITCH-1.0.6 to 1.0.7, the above
mentioned dial plan change (i.e, setting sip_secure_media=true) is not
working. It is still behaving in the same way as it did without the XML
change.<br><br>
Can you please let me know if anything else needs to be added in
dialplan XML file for enabling SRTP in this case in FreeSWITCH-1.0.7 or
am I missing something here?<br><br>I have referred the following FS wiki pages for making the SRTP changes:<br>
<a href="http://wiki.freeswitch.org/wiki/Secure_RTP" target="_blank">http://wiki.freeswitch.org/wiki/Secure_RTP</a><br><a href="http://wiki.freeswitch.org/wiki/SRTP" target="_blank">http://wiki.freeswitch.org/wiki/SRTP</a><br>
<br>Note:
There is no issue when the SIP phone is configured in "SRTP only" mode
where only SRTP stream is offered in the SDP of the INVITE. In this
case, SIP phone and FreeSWITCH communicate properly using SRTP. This
doesn't require setting "sip_secure_media=true" in the dialplan XML
file.<br>
P.S: I am a newbie to FreeSWITCH. So, please forgive me if I am asking basic questions.<br><br>Thanks<br>Goutham B G</div>