[Freeswitch-users] Question about srtp secured B-Leg

Kristian Kielhofner kris at kriskinc.com
Tue Aug 10 08:29:10 PDT 2010


It's probably not as clean as you'd like and there may be a better way to do
it but why don't you just try calling the device twice, the first time with
SRTP/SDES and the second (failover) time without? I'd think this would be
compatible with the largest number of devices (whether using SRTP or not).


--
Kristian Kielhofner
http://blog.krisk.org

----- Original Message -----
From: freeswitch-users-bounces at lists.freeswitch.org
<freeswitch-users-bounces at lists.freeswitch.org>
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Sent: Tue Aug 10 09:21:06 2010
Subject: [Freeswitch-users] Question about srtp secured B-Leg

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I have late codec negotiation enabled and using Snom devices for
encrypted calls (inernal only). When sdp of A-leg (Snom) has a=crypto I
export sip_secure_media=true in my dialplan, so that B-leg (Snom) is
also encrypted via srtp. That works nicely.

When the B-Leg doesn't support srtp I got an "incompatible_device"
error. This is also ok so far.

Unfortunately this way you can't use Snom's optional srtp mechanism
which consists simply of two media profiles in A-Leg's SDP (first
RTP/SAVP then RTP/AVP) so the target can choose to encrypt or not.

I don't know whether this is RFC conform or not nor if this makes really
sense. I would like to be able to call a non encrypting ATA for checking
for eaxample fax devices by simply calling them.

My question is now, is there a way to tell FS sending outbound calls
also with a non crypto offer within same sdp to B-Leg, so that it can
choose to encrypt or not?


regards
helmut



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFMYVJB4tZeNddg3dwRApBGAJ9d4keb5RQqMlS5sJ6jfN3VLAQkhwCeO3/x
QlwcZMCW2ipsAIjV7cet2aU=
=qzpR
-----END PGP SIGNATURE-----

_______________________________________________
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



More information about the FreeSWITCH-users mailing list