[Freeswitch-users] How to setup TLS and SRTP
Peter P GMX
Prometheus001 at gmx.net
Mon Aug 4 06:00:16 PDT 2008
Hallo Brian,
thank you for your hint for the Snom settings. SRTP works now, but I am
not sure wether it's actually 100% safe.
On the Snom phone I set RTP/SAVP to optional (was off before). Then it
works.
But if I set it to mandatory it doesn't work anymore.
When set to optional it starts Invites with
m=audio 49806 RTP/AVP 0 9 8 3 101
However after the OK message the SDP message contains RTP/SAVP as follows.
m=audio 20260 RTP/SAVP 0 101 13
I checked with Wireshark and the RTP stream only contained noise. So it
seems to be encrypted.
Do you think there is still an security issue here?
Best regards
Peter
Brian West schrieb:
> OK you have to go to the RTP tab and make sure the Encryption is on..
> then set it to optional or mandatory. Call 9999 if you hear the bong
> it works.
>
> Then in this condition <condition field="${sip_has_crypto}"
> expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$"
> break="never">
>
> You see that it has part of it commented out to secure the B-Leg
> also. Uncomment that. Since this is a variable you can also set this
> stuff on a user in the directory.
>
> Then new snom 7.3.7(beta) firmware has both AES_CM_128_HMAC_SHA1_32
> and AES_CM_128_HMAC_SHA1_80. I highly recommend you only enable one
> cypher suite...
>
> /b
>
>
>
> On Aug 3, 2008, at 2:14 PM, Peter P GMX wrote:
>
>
>> I got TLS working right now. It turned out that the modified start/
>> stop
>> script for freeswitch which I had from the Ubuntu package caused that
>> problem.
>> Starting freeswitch from the bin directory worked fine with TLS and
>> unsecure RTP.
>>
>> Now I am stuck with SRTP. I followed
>> http://wiki.freeswitch.org/wiki/SRTP . I could connect 2 Snom 320
>> phones
>> with firmware 6.5.16 via TLS but could not hear anything. Then I
>> upgraded the Snoms to 7.1.33 (as you suggsted here:
>> http://www.mail-archive.com/freeswitch-users@lists.freeswitch.org/msg00836.html)
>> and now the other phone hangs up directly after pickup. Calling
>> voicemail didn't work either.
>>
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
More information about the FreeSWITCH-users
mailing list