[Freeswitch-users] How to setup TLS and SRTP

Peter P GMX Prometheus001 at gmx.net
Sun Aug 3 12:14:39 PDT 2008 

I got TLS working right now. It turned out that the modified start/stop 
script for freeswitch which I had from the Ubuntu package caused that 
problem.
Starting freeswitch from the bin directory worked fine with TLS and 
unsecure RTP.

Now I am stuck with SRTP. I followed 
http://wiki.freeswitch.org/wiki/SRTP . I could connect 2 Snom 320 phones 
with firmware 6.5.16 via TLS but could not hear anything. Then I 
upgraded the Snoms to 7.1.33 (as you suggsted here: 
http://www.mail-archive.com/freeswitch-users@lists.freeswitch.org/msg00836.html) 
and now the other phone hangs up directly after pickup. Calling 
voicemail didn't work either.

Here is a console output when calling voicemail (1002 calls 1002)

2008-08-03 21:03:25 [DEBUG] mod_dptools.c:683 set_function() SET 
[voicemail_authorized]=[true]
2008-08-03 21:03:25 [DEBUG] switch_core_state_machine.c:140 
switch_core_standard_on_execute() sofia/internal/1002 at 192.168.178.31 
Execute answer()
2008-08-03 21:03:25 [DEBUG] sofia_glue.c:1756 sofia_glue_activate_rtp() 
AUDIO RTP [sofia/internal/1002 at 192.168.178.31] 192.168.178.31 port 24278 
-> 192.168.178.25 port 51322 codec: 0 ms: 20
2008-08-03 21:03:25 [DEBUG] switch_rtp.c:813 switch_rtp_create() 
Starting timer [soft] 160 bytes per 20000ms
2008-08-03 21:03:25 [INFO] switch_rtp.c:721 switch_rtp_add_crypto_key() 
Activating Secure RTP SEND
2008-08-03 21:03:25 [INFO] switch_rtp.c:701 switch_rtp_add_crypto_key() 
Activating Secure RTP RECV
2008-08-03 21:03:25 [DEBUG] mod_sofia.c:439 sofia_answer_channel() Local 
SDP sofia/internal/1002 at 192.168.178.31:
v=0
o=FreeSWITCH 1217765927 1217765928 IN IP4 192.168.178.31
s=FreeSWITCH
c=IN IP4 192.168.178.31
t=0 0
a=sendrecv
m=audio 24278 RTP/SAVP 0 101 13
a=rtpmap:0 pcmu/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=rtpmap:13 CN/8000
a=ptime:20
a=crypto:1 AES_CM_128_HMAC_SHA1_32 
inline:FG+lWx0snfbgUOMW6EqyPehCibrkSXrG1Y7qJldO

2008-08-03 21:03:25 [DEBUG] switch_core_session.c:430 
switch_core_session_receive_message() Kill 
sofia/internal/1002 at 192.168.178.31 [BREAK]
2008-08-03 21:03:25 [DEBUG] sofia.c:2137 sofia_handle_sip_i_state() 
Channel sofia/internal/1002 at 192.168.178.31 entering state [completed]
2008-08-03 21:03:25 [NOTICE] mod_dptools.c:606 answer_function() Channel 
[sofia/internal/1002 at 192.168.178.31] has been answered
2008-08-03 21:03:25 [DEBUG] switch_core_state_machine.c:140 
switch_core_standard_on_execute() sofia/internal/1002 at 192.168.178.31 
Execute sleep(1000)
2008-08-03 21:03:25 [DEBUG] sofia.c:2137 sofia_handle_sip_i_state() 
Channel sofia/internal/1002 at 192.168.178.31 entering state [ready]
2008-08-03 21:03:25 [DEBUG] sofia.c:2137 sofia_handle_sip_i_state() 
Channel sofia/internal/1002 at 192.168.178.31 entering state [terminated]
2008-08-03 21:03:25 [NOTICE] sofia.c:2553 sofia_handle_sip_i_state() 
Hangup sofia/internal/1002 at 192.168.178.31 [CS_EXECUTE] [NORMAL_CLEARING]
2008-08-03 21:03:25 [DEBUG] switch_channel.c:1361 
switch_channel_perform_hangup() Kill sofia/internal/1002 at 192.168.178.31 
[KILL]
2008-08-03 21:03:25 [DEBUG] switch_core_session.c:722 
switch_core_session_signal_state_change() Kill 
sofia/internal/1002 at 192.168.178.31 [BREAK]
2008-08-03 21:03:25 [DEBUG] switch_core_state_machine.c:430 
switch_core_session_run() (sofia/internal/1002 at 192.168.178.31) State 
EXECUTE going to sleep
2008-08-03 21:03:25 [DEBUG] switch_core_state_machine.c:365 
switch_core_session_run() sofia/internal/1002 at 192.168.178.31 Running 
State Change CS_HANGUP
2008-08-03 21:03:25 [DEBUG] switch_core_state_machine.c:393 
switch_core_session_run() (sofia/internal/1002 at 192.168.178.31) State HANGUP
2008-08-03 21:03:25 [DEBUG] mod_sofia.c:264 sofia_on_hangup() Channel 
sofia/internal/1002 at 192.168.178.31 hanging up, cause: NORMAL_CLEARING
2008-08-03 21:03:25 [DEBUG] switch_core_state_machine.c:46 
switch_core_standard_on_hangup() Standard HANGUP 
sofia/internal/1002 at 192.168.178.31, cause: NORMAL_CLEARING
2008-08-03 21:03:25 [DEBUG] switch_core_state_machine.c:393 
switch_core_session_run() (sofia/internal/1002 at 192.168.178.31) State 
HANGUP going to sleep
2008-08-03 21:03:25 [DEBUG] switch_core_session.c:789 
switch_core_session_thread() Session 21 
(sofia/internal/1002 at 192.168.178.31) Locked, Waiting on external entities
2008-08-03 21:03:25 [NOTICE] switch_core_session.c:807 
switch_core_session_thread() Session 21 
(sofia/internal/1002 at 192.168.178.31) Ended
2008-08-03 21:03:25 [NOTICE] switch_core_session.c:809 
switch_core_session_thread() Close Channel 
sofia/internal/1002 at 192.168.178.31 [CS_HANGUP]

It looks like the call is setup correctly and then it hangs up.

Did I miss something?

Best regards
Peter

Brian West schrieb:
> And you have everything in conf/ssl right?
>
> /b
>
>
> On Aug 3, 2008, at 12:01 PM, Peter P GMX wrote:
>
>> Hello Brian,
>>
>> Yes it's turned on:
>>     <!-- TLS: disabled by default, set to "true" to enable -->
>>     <param *name="tls" value="true"*/>
>>     <!-- additional bind parameters for TLS -->
>>     <param name="tls-bind-params" value="transport=tls"/>
>>     <!-- Port to listen on for TLS requests. (5061 will be used if 
>> unspecified) -->
>>     <param name="tls-sip-port" value="5061"/>
>>     <!-- Location of the agent.pem and cafile.pem ssl certificates 
>> (needed for TLS server) -->
>>     <param name="tls-cert-dir" value="$${base_dir}/conf/ssl"/>
>>     <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may 
>> not work with TLSv1 -->
>>     <param name="tls-version" value="tlsv1"/>
>>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>

More information about the FreeSWITCH-users mailing list