[Freeswitch-users] SRTP-Support

Alois Komenda alois.komenda at esk.fraunhofer.de
Fri Jan 18 01:10:42 PST 2008


My problem is solved now. It turned out that I had the openssl-dev package not installed.
With this package installed all profiles start up well.

Regards


--
Alois Komenda
Fraunhofer-Einrichtung für Systeme der Kommunikationstechnik ESK




-----Ursprüngliche Nachricht-----
Von: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] Im Auftrag von Brian West
Gesendet: Mittwoch, 16. Januar 2008 17:27
An: freeswitch-users at lists.freeswitch.org
Betreff: Re: [Freeswitch-users] SRTP-Support

Might have to pay attention to the default config profiles.   
sip_profiles/default.xml

     <!-- TLS: disabled by default, set to "true" to enable -->
     <param name="tls" value="false"/>
     <!-- additional bind parameters for TLS -->
     <param name="tls-bind-params" value="transport=tls"/>
     <!-- Port to listen on for TLS requests. (5061 will be used if
unspecified) -->
     <param name="tls-sip-port" value="5061"/>
     <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
     <param name="tls-cert-dir" value="$${base_dir}/conf/ssl"/>
     <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
     <param name="tls-version" value="sslv23"/>

This works for me.

/b



On Jan 16, 2008, at 10:07 AM, Alois Komenda wrote:

>
>> Just generate your certs.. and set the tls to true in the config....
>> thats all you ahve to do.
>
> I set up a new FS and did as you told me.
> But the error is still there. What can I do?
>
> --
> Alois Komenda
> Fraunhofer-Einrichtung für Systeme der Kommunikationstechnik ESK
>
>
>
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: freeswitch-users-bounces at lists.freeswitch.org 
> [mailto:freeswitch-users-bounces at lists.freeswitch.org
> ] Im Auftrag von Brian West
> Gesendet: Mittwoch, 16. Januar 2008 13:51
> An: freeswitch-users at lists.freeswitch.org
> Betreff: Re: [Freeswitch-users] SRTP-Support
>
> Just generate your certs.. and set the tls to true in the config....
> thats all you ahve to do.
>
> /b
>
> On Jan 16, 2008, at 3:47 AM, Alois Komenda wrote:
>
>>
>> Hello,
>>
>> I get this error when starting FS with TLS enabled:
>>
>> 2008-01-16 10:32:41 [DEBUG] sofia.c:464 sofia_profile_thread_run() 
>> Set params for default
>> 2008-01-16 10:32:41 [DEBUG] sofia.c:486 sofia_profile_thread_run() 
>> activated db for default
>> 2008-01-16 10:32:41 [DEBUG] sofia.c:516 sofia_profile_thread_run() 
>> Starting thread for default
>> nta: bind(192.168.0.21:5061;transport=tls): Protocol not supported
>> nua: initializing SIP stack failed
>> 2008-01-16 10:32:41 [ERR] sofia.c:434 sofia_profile_thread_run() 
>> Error Creating SIP UA for profile: 192.168.0.21
>>
>> I tried with transport=tcp and without any transport setting. The 
>> result is always this error message (with the respective protocol).
>>
>> What's wrong here?
>>
>> --
>> Alois Komenda
>> Fraunhofer-Einrichtung für Systeme der Kommunikationstechnik ESK
>>
>>
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: freeswitch-users-bounces at lists.freeswitch.org
>> [mailto:freeswitch-users-bounces at lists.freeswitch.org
>> ] Im Auftrag von Brian West
>> Gesendet: Dienstag, 15. Januar 2008 15:59
>> An: freeswitch-users at lists.freeswitch.org
>> Betreff: Re: [Freeswitch-users] SRTP-Support
>>
>> Their has been a script added to SVN for this purpose its gentls_cert 
>> in scripts.  And should allow you to create your CA and various files 
>> required for sofia's TLS ... BTW TCP is required on all SIP ua's no 
>> matter if its TLS or not.  Anything that doesn't do TCP is violating 
>> the spec because it says TCP and UDP are a MUST.  ;)
>>
>> /b
>>
>> On Jan 15, 2008, at 1:36 AM, Alois Komenda wrote:
>>
>>> How do I set up TLS?
>>> Do I have to enable TCP to get it working?
>>> Can I use it without certificates? Are the names agent.pem and 
>>> cafile.pem (as mentioned in the comments in sofia config files) 
>>> mandatory?
>>> What is the assumed content of this files? (agent.pem = private key; 
>>> cafile.pem = certificate?)
>>>
>>> Is there any documentation that could answer this questions?
>>> Searching for "tls" or "ssl" or "sips" in the wiki did not bring any 
>>> results.
>>>
>>> Thanks a lot in advance!
>>>
>>> --
>>> Alois Komenda
>>> Fraunhofer-Einrichtung für Systeme der Kommunikationstechnik ESK
>>>
>>>
>>>
>>> Von: freeswitch-users-bounces at lists.freeswitch.org
>>> [mailto:freeswitch-users-bounces at lists.freeswitch.org
>>> ] Im Auftrag von Michael Jerris
>>> Gesendet: Freitag, 11. Januar 2008 15:39
>>> An: freeswitch-users at lists.freeswitch.org
>>> Betreff: Re: [Freeswitch-users] SRTP-Support
>>>
>>> We don't currently have the support integrated into mod_sofia.  That 
>>> being said, we just got TLS support running, and I believe that 
>>> someone was working on integrating the SRTP key negotiation.
>>>
>>> Mike
>>>
>>> On Jan 11, 2008, at 7:24 AM, Alois Komenda wrote:
>>>
>>>> Hello,
>>>>
>>>> my question is: does FreeSWITCH support SRTP? I guess yes, because 
>>>> libsrtp is in the dependency list.
>>>> But how do I configure FS to use SRTP? I did not find any hints in 
>>>> the documentation.
>>>>
>>>> Best Regards
>>>> --
>>>> Alois Komenda
>>>> Fraunhofer-Einrichtung für Systeme der Kommunikationstechnik ESK
>>>>
>>>>
>>>> _______________________________________________
>>>> Freeswitch-users mailing list
>>>> Freeswitch-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-
>>>> us
>>>> ers
>>>> http://www.freeswitch.org
>>>
>>> _______________________________________________
>>> Freeswitch-users mailing list
>>> Freeswitch-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-
>>> use
>>> rs
>>> http://www.freeswitch.org
>>
>>
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-
>> use
>> rs
>> http://www.freeswitch.org
>>
>> _______________________________________________
>> Freeswitch-users mailing list
>> Freeswitch-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-
>> use
>> rs
>> http://www.freeswitch.org
>
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-use
> rs
> http://www.freeswitch.org
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-use
> rs
> http://www.freeswitch.org


_______________________________________________
Freeswitch-users mailing list
Freeswitch-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org




More information about the FreeSWITCH-users mailing list