[Freeswitch-users] SRTP in PhonerLite and Freeswitch
Brian West
brian at freeswitch.org
Wed Apr 23 14:13:22 PDT 2008
Yep this client is broken.
You should NEVER offer crypto in the RTP/AVP. There are two ways to
do this... Only offer RTP/SAVP or offer two m= lines. one with RTP/
AVP and one with RTP/SAVP. m=audio 0 RTP/AVP 19 indicates the stack
rejected the offer because its invalid.
RFC 3711 clearly states that SRTP is RTP/SAVP.
If you have a contact at the company that makes the client maybe we
can get them to fix it? The Polycom is the only phone that does this
little tid bit correctly.
Let me outline what it should look like and this is one people will
argue about till the cows come home...
On but optional/preferred:
v=0
o=root 1130561626 1130561626 IN IP4 10.0.1.241
s=call
c=IN IP4 10.0.1.241
t=0 0
m=audio 52970 RTP/SAVP 9 0 8 2 3 18 4 101
a=rtpmap:9 g722/8000
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:2 g726-32/8000
a=rtpmap:3 gsm/8000
a=rtpmap:18 g729/8000
a=rtpmap:4 g723/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=crypto:1 AES_CM_128_HMAC_SHA1_32
inline:WvPreyjK82pM0I5vtUY2zkpIKPbRVSKH1QcPrsWP
a=ptime:60
m=audio 52970 RTP/AVP 9 0 8 2 3 18 4 101
a=rtpmap:9 g722/8000
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:2 g726-32/8000
a=rtpmap:3 gsm/8000
a=rtpmap:18 g729/8000
a=rtpmap:4 g723/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:60
On Manditory:
v=0
o=root 1130561626 1130561626 IN IP4 10.0.1.241
s=call
c=IN IP4 10.0.1.241
t=0 0
m=audio 52970 RTP/SAVP 9 0 8 2 3 18 4 101
a=rtpmap:9 g722/8000
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:2 g726-32/8000
a=rtpmap:3 gsm/8000
a=rtpmap:18 g729/8000
a=rtpmap:4 g723/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=crypto:1 AES_CM_128_HMAC_SHA1_32
inline:WvPreyjK82pM0I5vtUY2zkpIKPbRVSKH1QcPrsWP
a=ptime:60
Off not offered/Not Supported:
v=0
o=root 1130561626 1130561626 IN IP4 10.0.1.241
s=call
c=IN IP4 10.0.1.241
t=0 0
m=audio 52970 RTP/AVP 9 0 8 2 3 18 4 101
a=rtpmap:9 g722/8000
a=rtpmap:0 pcmu/8000
a=rtpmap:8 pcma/8000
a=rtpmap:2 g726-32/8000
a=rtpmap:3 gsm/8000
a=rtpmap:18 g729/8000
a=rtpmap:4 g723/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:60
/b
On Apr 23, 2008, at 3:21 PM, Krzysiek wrote:
> Sorry for such a long post here :). I was using wireshark and it
> looks like this (the 4 most important messages) :
> ==============================================
> Initiator (192.168.1.5) -> Freeswitch( 192.168.1.3):
> ----------------------------------------------
> INVITE sip:1001 at 192.168.1.3 SIP/2.0
> Via: SIP/2.0/UDP
> 192.168.1.5:5060;branch=z9hG4bK001834b8b20fdd11b704000fb0e3cf84;rport
> From: "Tosh" <sip:1002 at 192.168.1.3>;tag=370855464
> To: <sip:1001 at 192.168.1.3>
> Call-ID: 001834B8-B20F-DD11-B702-000FB0E3CF84 at 192.168.1.5
> CSeq: 98361155 INVITE
> Contact: <sip:1002 at 192.168.1.5:5060>
> Proxy-Authorization: (...)
> Content-Type: application/sdp
> Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE,
> UPDATE
> Max-Forwards: 70
> Supported: 100rel, replaces
> User-Agent: SIPPER for PhonerLite
> Content-Length: 446
>
> v=0
> o=- 1232061542 0 IN IP4 192.168.1.5
> s=SIPPER for PhonerLite
> c=IN IP4 192.168.1.5
> t=0 0
> m=audio 5062 RTP/AVP 0 8 2 3 97 110 101
> a=rtpmap:0 PCMU/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:2 G726-32/8000
> a=rtpmap:3 GSM/8000
> a=rtpmap:97 iLBC/8000
> a=rtpmap:110 speex/8000
> a=rtpmap:101 telephone-event/8000
> a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:
> 3dhne7Il7YqlVZAdnLVgdhngndKXXoNZm7v4/wwC
> a=encryption:optional
> a=fmtp:101 0-15
> a=sendrecv
> ----------------------------------------------------
> Freeswitch -> Receiver (192.168.1.4)
>
> INVITE sip:1001 at 192.168.1.4:5060 SIP/2.0
> Via: SIP/2.0/UDP 192.168.1.3;rport;branch=z9hG4bKeeFDH2FB5j0Dj
> Max-Forwards: 69
> From: "Extension 1002" <sip:1002 at 192.168.1.3>;tag=ND0tXZH5Qe0aD
> To: <sip:1001 at 192.168.1.4:5060>
> Call-ID: fa523794-8be7-122b-2780-39a48cb53b8d
> CSeq: 98362890 INVITE
> Contact: <sip:mod_sofia at 192.168.1.3:5060>
> User-Agent: FreeSWITCH-mod_sofia/1.0.rc1-7946
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
> NOTIFY, REFER, UPDATE, REGISTER, INFO, PUBLISH
> Supported: 100rel, precondition, timer
> Min-SE: 120
> Content-Type: application/sdp
> Content-Disposition: session
> Content-Length: 428
> Remote-Party-ID: "Extension 1002" <sip:
> 1002 at 192.168.1.3>;screen=yes;privacy=off
>
> v=0
> o=FreeSWITCH 5985117983522540515 5861368874018127564 IN IP4
> 192.168.1.3
> s=FreeSWITCH
> c=IN IP4 192.168.1.3
> t=0 0
> a=sendrecv
> m=audio 26382 RTP/SAVP 0 9 8 3 101 13
> a=rtpmap:0 PCMU/8000
> a=rtpmap:9 G722/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:3 GSM/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=rtpmap:13 CN/8000
> a=ptime:20
> a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:C/
> XV148O1ZQ0V3LEpByfrFCRL7PGtFDJLcjTCwwV
>
> ------------------------------------------------
> Receiver -> Freeswitch
>
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 192.168.1.3;rport=5060;branch=z9hG4bKeeFDH2FB5j0Dj
> From: "Extension 1002" <sip:1002 at 192.168.1.3>;tag=ND0tXZH5Qe0aD
> To: <sip:1001 at 192.168.1.4:5060>;tag=00c93cd1b20fdd11886f00b0d0b8ce20
> Call-ID: fa523794-8be7-122b-2780-39a48cb53b8d
> CSeq: 98362890 INVITE
> Contact: <sip:1001 at 192.168.1.4:5060>
> Content-Type: application/sdp
> Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE,
> UPDATE
> Supported: replaces, timer
> User-Agent: SIPPER for PhonerLite
> Content-Length: 258
>
> v=0
> o=- 3139884392 1 IN IP4 192.168.1.4
> s=SIPPER for PhonerLite
> c=IN IP4 192.168.1.4
> t=0 0
> m=audio 5062 RTP/SAVP 0 8 3 101
> a=rtpmap:0 PCMU/8000
> a=rtpmap:8 PCMA/8000
> a=rtpmap:3 GSM/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-15
> a=sendrecv
> ------------------------------------------------
> Freeswitch -> Initiator
>
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP
> 192.168.1.5
> :5060;branch=z9hG4bK001834b8b20fdd11b704000fb0e3cf84;rport=5060
> From: "Tosh" <sip:1002 at 192.168.1.3>;tag=370855464
> To: <sip:1001 at 192.168.1.3>;tag=m461U401t59QH
> Call-ID: 001834B8-B20F-DD11-B702-000FB0E3CF84 at 192.168.1.5
> CSeq: 98361155 INVITE
> Contact: <sip:mod_sofia at 192.168.1.3:5060;transport=udp>
> User-Agent: FreeSWITCH-mod_sofia/1.0.rc1-7946
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE,
> NOTIFY, REFER, UPDATE, REGISTER, INFO, PUBLISH
> Supported: 100rel, precondition, timer
> Min-SE: 120
> Content-Type: application/sdp
> Content-Disposition: session
> Content-Length: 155
>
> v=0
> o=FreeSWITCH 5425860535457980718 3341838566411422164 IN IP4
> 192.168.1.3
> s=FreeSWITCH
> c=IN IP4 192.168.1.3
> t=0 0
> a=sendrecv
> m=audio 0 RTP/AVP 19
>
> =================================================
>
> And voice traffic looks like this:
>
> Reciever -> Freeswitch SRTP
> Freeswitch -> Initiator RTP
>
> I hope this will explain everything. I have also a wireshark pcap
> file from this call (but i don't know where and how to send it).
> Thanks for help
> Chris
> ----- Original Message -----
> From: Michael Jerris
> To: freeswitch-users at lists.freeswitch.org
> Sent: Wednesday, April 23, 2008 9:11 PM
> Subject: Re: [Freeswitch-users] SRTP in PhonerLite and Freeswitch
>
> Can you post a sip trace of this entire call, the 19 means we are
> rejecting that m= line, are there 2 m lines, AVP and SAVP to
> indicate optional secure?
>
> Mike
>
> On Apr 23, 2008, at 3:01 PM, Krzysiek wrote:
>> Hi
>> I have 2 softphones PhonerLite (they support SRTP via SDES ) and
>> the freeswitch (windows RC1 version) server and I wanted to make
>> secure call between those two endpoints (SRTP).
>> I spend whole day on testing this scenario and my conclusions are:
>> - when the option: <action application="export"
>> data="sip_secure_media=true"/> is uncommented, and both enpoints
>> have enabled SRTP then:
>> 1) Initiator of the session sends SIP Invite with a=crypto paramter
>> and supported codecs
>> 2) Freeswitch receives SIP Invite and sends SIP Invite to the
>> receiver (also with the crypto)
>> 3) Receiver receives the SIP Invite with the a=crypto parameter and
>> he sends back supported codecs with 200 OK message (but without
>> a=crypto parametr. Is that ok? I'm afraid not)
>> 4) Freeswitch sends 200 OK message but witout any codecs: m=audio 0
>> RTP/AVP 19 and no a= parameters!
>> 5) Final result is that the second leg of the session between
>> Freeswitch and receiver has SRTP transport enbaled and the first
>> leg (initiator- Freeswitch) doesn't hear anything - no codecs!
>> However Freeswitch is sending RTP (not SRTP) pacekets to the
>> initiator.
>>
>> Could someone explain to me, what is going on, and why freeswitch
>> doesn't forward codecs accepted by the receiver to the initiator?
>> Is it a PhonerLite's bug or freeswitch's? Maybe someone has tested
>> SRTP with the PhonerLite softphone or any other free softphone with
>> srtp support?
>>
>> When I uncommented: <param name="Inbound-no-media" value="true">
>> everything works fine. The parameter <action application="export"
>> data="sip_secure_media=true"/> doesn't change anything then (but i
>> cound miss something).
>>
>> Thanks for help
>> Chris
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
Brian West
sip:brian at freeswitch.org
More information about the FreeSWITCH-users
mailing list