[Freeswitch-users] SRTP in PhonerLite and Freeswitch

Krzysiek cris7 at o2.pl
Wed Apr 23 13:21:40 PDT 2008 

Sorry for such a long post here :). I was using wireshark and it looks like this (the 4 most important messages) :
==============================================
Initiator (192.168.1.5) -> Freeswitch( 192.168.1.3):
----------------------------------------------
INVITE sip:1001 at 192.168.1.3 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.5:5060;branch=z9hG4bK001834b8b20fdd11b704000fb0e3cf84;rport
From: "Tosh" <sip:1002 at 192.168.1.3>;tag=370855464
To: <sip:1001 at 192.168.1.3>
Call-ID: 001834B8-B20F-DD11-B702-000FB0E3CF84 at 192.168.1.5
CSeq: 98361155 INVITE
Contact: <sip:1002 at 192.168.1.5:5060>
Proxy-Authorization: (...)
Content-Type: application/sdp
Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE, UPDATE
Max-Forwards: 70
Supported: 100rel, replaces
User-Agent: SIPPER for PhonerLite
Content-Length:   446

v=0
o=- 1232061542 0 IN IP4 192.168.1.5
s=SIPPER for PhonerLite
c=IN IP4 192.168.1.5
t=0 0
m=audio 5062 RTP/AVP 0 8 2 3 97 110 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:3 GSM/8000
a=rtpmap:97 iLBC/8000
a=rtpmap:110 speex/8000
a=rtpmap:101 telephone-event/8000
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:3dhne7Il7YqlVZAdnLVgdhngndKXXoNZm7v4/wwC
a=encryption:optional
a=fmtp:101 0-15
a=sendrecv
----------------------------------------------------
Freeswitch -> Receiver (192.168.1.4)

INVITE sip:1001 at 192.168.1.4:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.3;rport;branch=z9hG4bKeeFDH2FB5j0Dj
Max-Forwards: 69
From: "Extension 1002" <sip:1002 at 192.168.1.3>;tag=ND0tXZH5Qe0aD
To: <sip:1001 at 192.168.1.4:5060>
Call-ID: fa523794-8be7-122b-2780-39a48cb53b8d
CSeq: 98362890 INVITE
Contact: <sip:mod_sofia at 192.168.1.3:5060>
User-Agent: FreeSWITCH-mod_sofia/1.0.rc1-7946
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO, PUBLISH
Supported: 100rel, precondition, timer
Min-SE: 120
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 428
Remote-Party-ID: "Extension 1002" <sip:1002 at 192.168.1.3>;screen=yes;privacy=off

v=0
o=FreeSWITCH 5985117983522540515 5861368874018127564 IN IP4 192.168.1.3
s=FreeSWITCH
c=IN IP4 192.168.1.3
t=0 0
a=sendrecv
m=audio 26382 RTP/SAVP 0 9 8 3 101 13
a=rtpmap:0 PCMU/8000
a=rtpmap:9 G722/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=rtpmap:13 CN/8000
a=ptime:20
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:C/XV148O1ZQ0V3LEpByfrFCRL7PGtFDJLcjTCwwV

------------------------------------------------
Receiver -> Freeswitch

SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.3;rport=5060;branch=z9hG4bKeeFDH2FB5j0Dj
From: "Extension 1002" <sip:1002 at 192.168.1.3>;tag=ND0tXZH5Qe0aD
To: <sip:1001 at 192.168.1.4:5060>;tag=00c93cd1b20fdd11886f00b0d0b8ce20
Call-ID: fa523794-8be7-122b-2780-39a48cb53b8d
CSeq: 98362890 INVITE
Contact: <sip:1001 at 192.168.1.4:5060>
Content-Type: application/sdp
Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE, UPDATE
Supported: replaces, timer
User-Agent: SIPPER for PhonerLite
Content-Length:   258

v=0
o=- 3139884392 1 IN IP4 192.168.1.4
s=SIPPER for PhonerLite
c=IN IP4 192.168.1.4
t=0 0
m=audio 5062 RTP/SAVP 0 8 3 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
------------------------------------------------
Freeswitch -> Initiator

SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.5:5060;branch=z9hG4bK001834b8b20fdd11b704000fb0e3cf84;rport=5060
From: "Tosh" <sip:1002 at 192.168.1.3>;tag=370855464
To: <sip:1001 at 192.168.1.3>;tag=m461U401t59QH
Call-ID: 001834B8-B20F-DD11-B702-000FB0E3CF84 at 192.168.1.5
CSeq: 98361155 INVITE
Contact: <sip:mod_sofia at 192.168.1.3:5060;transport=udp>
User-Agent: FreeSWITCH-mod_sofia/1.0.rc1-7946
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, NOTIFY, REFER, UPDATE, REGISTER, INFO, PUBLISH
Supported: 100rel, precondition, timer
Min-SE: 120
Content-Type: application/sdp
Content-Disposition: session
Content-Length: 155

v=0
o=FreeSWITCH 5425860535457980718 3341838566411422164 IN IP4 192.168.1.3
s=FreeSWITCH
c=IN IP4 192.168.1.3
t=0 0
a=sendrecv
m=audio 0 RTP/AVP 19

=================================================

And voice traffic looks like this:

Reciever    -> Freeswitch       SRTP
Freeswitch -> Initiator            RTP

I hope this will explain everything. I have also a wireshark pcap file from this call (but i don't know where and how to send it). 
Thanks for help
Chris
  ----- Original Message ----- 
  From: Michael Jerris 
  To: freeswitch-users at lists.freeswitch.org 
  Sent: Wednesday, April 23, 2008 9:11 PM
  Subject: Re: [Freeswitch-users] SRTP in PhonerLite and Freeswitch


  Can you post a sip trace of this entire call, the 19 means we are rejecting that m= line, are there 2 m lines, AVP and SAVP to indicate optional secure?


  Mike


  On Apr 23, 2008, at 3:01 PM, Krzysiek wrote:

    Hi 
    I have 2 softphones PhonerLite (they support SRTP via SDES ) and the freeswitch (windows RC1 version) server and I wanted to make secure call between those two endpoints (SRTP).
    I spend whole day on testing this scenario and my conclusions are:
    - when the option: <action application="export" data="sip_secure_media=true"/> is uncommented, and both enpoints have enabled SRTP then:
    1) Initiator of the session sends SIP Invite with a=crypto paramter and supported codecs
    2) Freeswitch receives SIP Invite and sends SIP Invite to the receiver (also with the crypto)
    3) Receiver receives the SIP Invite with the a=crypto parameter and he sends back supported codecs with 200 OK message (but without a=crypto parametr. Is that ok? I'm afraid not)
    4) Freeswitch sends 200 OK message but witout any codecs: m=audio 0 RTP/AVP 19 and no a= parameters!
    5) Final result is that the second leg of the session between Freeswitch and receiver has SRTP transport enbaled and the first leg (initiator- Freeswitch) doesn't hear anything - no codecs! However Freeswitch is sending RTP (not SRTP) pacekets to the initiator.

    Could someone explain to me, what is going on, and why freeswitch doesn't forward codecs accepted by the receiver to the initiator?
    Is it a PhonerLite's bug or freeswitch's? Maybe someone has tested SRTP with the PhonerLite softphone or any other free softphone with srtp support?

    When I uncommented: <param name="Inbound-no-media" value="true">
    everything works fine. The parameter <action application="export" data="sip_secure_media=true"/> doesn't change anything then (but i cound miss something).

    Thanks for help
    Chris
    _______________________________________________
    Freeswitch-users mailing list
    Freeswitch-users at lists.freeswitch.org
    http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
    UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
    http://www.freeswitch.org





------------------------------------------------------------------------------


  _______________________________________________
  Freeswitch-users mailing list
  Freeswitch-users at lists.freeswitch.org
  http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
  UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
  http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20080423/59de0839/attachment-0002.html

More information about the FreeSWITCH-users mailing list