[Freeswitch-users] Query related to enabling SRTP in FreeSWITCH-1.0.7

Goutham BG bggoutham at gmail.com
Wed Dec 22 13:01:27 MSK 2010 

Thanks for the response.
I have pasted the freeswitch debug log of the call coming in to FreeSWITCH
in http://pastebin.freeswitch.org/14852 .

I think I have set sip_secure_media=true before answering the call in my
dialplan. The following is the entry for this extension in my dialplan:

  <extension name="IVR">
    <condition field="destination_number" expression="^IVR$">
*      <action application="set" data="sip_secure_media=true"/>*
      <action application="bridge" data="loopback/app=socket:
47.152.232.156:8084 async full"/>
    </condition>
  </extension>

Thanks
Goutham B G

On Tue, Dec 21, 2010 at 11:47 PM, Brian West <brian at freeswitch.org> wrote:

> And clearly you overlooked my response... are you setting
> sip_secure_media=true after the call is answered in your dialplan?\
>
> I need to see the full debug log of a call coming in to FreeSWITCH please
> on our pastebin.
>
> /b
>
> On Dec 21, 2010, at 12:00 PM, Goutham BG wrote:
>
> > Posting the below query to freeswitch-users list as well. Any hints will
> be really helpful.
> >
> > ---------- Forwarded message ----------
> > From: Goutham BG <bggoutham at gmail.com>
> > Date: Mon, Dec 20, 2010 at 9:16 PM
> > Subject: Query related to enabling SRTP in FreeSWITCH-1.0.7
> > To: freeswitch-dev at lists.freeswitch.org
> >
> >
> > Hi,
> >
> > I have been trying to enable SRTP in FreeSWITCH-1.0.7 and have been
> facing some issues.
> > I have the following entry in my dialplan XML file:
> >
> > <extension name="IVR">
> >     <condition field="destination_number" expression="^IVR$">
> >       <action application="bridge" data="loopback/app=socket:
> 47.152.232.156:8084 async full"/>
> >     </condition
> > </extension>
> >
> > A SIP phone (Avaya 12XX) configured in "SRTP best effort" mode dials into
> this extension and is connected to the IVR. But the media is established in
> SRTP in one way and RTP in the other way.
> > The phone offers the following SDP in the INVITE message:
> >
> > v=0
> > o=- 10170 10170 IN IP4 47.152.232.147
> > s=Sip Call
> > c=IN IP4 47.152.232.147
> > t=0 0
> > m=audio 5016 RTP/AVP 0 8 18 101 102
> > a=rtpmap:0 PCMU/8000
> > a=ptime:20
> > a=rtpmap:8 PCMA/8000
> > a=ptime:20
> > a=rtpmap:18 G729/8000
> > a=ptime:20
> > a=fmtp:18 annexb=no
> > a=rtpmap:101 telephone-event/8000
> > a=fmtp:101 0-15
> > a=rtpmap:102 X-nt-inforeq/8000
> > a=sendrecv
> > m=audio 5016 RTP/SAVP 0 8 18 101 102
> > a=rtpmap:0 PCMU/8000
> > a=ptime:20
> > a=rtpmap:8 PCMA/8000
> > a=ptime:20
> > a=rtpmap:18 G729/8000
> > a=ptime:20
> > a=fmtp:18 annexb=no
> > a=rtpmap:101 telephone-event/8000
> > a=fmtp:101 0-15
> > a=rtpmap:102 X-nt-inforeq/8000
> > a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Tjivoci1I/mVkt/Fq/ZsiY+
> > +ornJoXjZ5tSadho4
> > a=sendrecv
> >
> > As we can see, there are two "m=" lines in the SDP of the offer; one for
> RTP and another for SRTP. FreeSWITCH-1.0.7 answers the call by sending 200OK
> with the following SDP:
> >
> > v=0
> > o=FreeSWITCH 1291628984 1291628985 IN IP4 47.152.232.156
> > s=FreeSWITCH
> > c=IN IP4 47.152.232.156
> > t=0 0
> > m=audio 11280 RTP/AVP 0 101
> > a=rtpmap:0 PCMU/8000
> > a=rtpmap:101 telephone-event/8000
> > a=fmtp:101 0-16
> > a=silenceSupp:off - - - -
> > a=ptime:20
> > m=audio 0 RTP/SAVP 19
> >
> > As you can see above, FreeSWITCH accepts the RTP stream and rejects the
> SRTP stream (by sending port as 0) in the SDP. The SIP phone sends the media
> in RTP(which is expected). But, FreeSWITCH sends the media in SRTP to the
> SIP phone. I believe this is a bug in FreeSWITCH as it is supposed to send
> the media in RTP since it accepted RTP in the answer (200OK).
> >
> > Query:
> > ======
> > In order to make FreeSWITCH select SRTP in the SDP of the answer(200OK),
> I made the following change(i.e, setting sip_secure_media=true) in FS dial
> plan:
> >
> > <extension name="IVR">
> >     <condition field="destination_number" expression="^IVR$">
> >       <action application="set" data="sip_secure_media=true"/>
> >       <action application="bridge" data="loopback/app=socket:
> 47.152.232.156:8084 async full"/>
> >     </condition
> > </extension>
> >
> > In FreeSWITCH-1.0.6(before updating to 1.0.7), this worked and FS
> accepted the SRTP stream and rejected RTP in the answer(200 OK) as shown
> below:
> >
> > m=audio 0 RTP/AVP 19
> > m=audio 12084 RTP/SAVP 0 101
> > a=rtpmap:0 PCMU/8000
> > a=rtpmap:101 telephone-event/8000
> > a=fmtp:101 0-16
> > a=silenceSupp:off - - - -
> > a=ptime:20
> > a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:hgv7ClqDx1irTRrXq2NEm9Gbouw0969bBU3n+LcM
> >
> > But after updating the FreeSWITCH-1.0.6 to 1.0.7, the above mentioned
> dial plan change (i.e, setting sip_secure_media=true) is not working. It is
> still behaving in the same way as it did without the XML change.
> >
> > Can you please let me know if anything else needs to be added in dialplan
> XML file for enabling SRTP in this case in FreeSWITCH-1.0.7 or am I missing
> something here?
> >
> > I have referred the following FS wiki pages for making the SRTP changes:
> > http://wiki.freeswitch.org/wiki/Secure_RTP
> > http://wiki.freeswitch.org/wiki/SRTP
> >
> > Note: There is no issue when the SIP phone is configured in "SRTP only"
> mode where only SRTP stream is offered in the SDP of the INVITE. In this
> case, SIP phone and FreeSWITCH communicate properly using SRTP. This doesn't
> require setting "sip_secure_media=true" in the dialplan XML file.
> > P.S: I am a newbie to FreeSWITCH. So, please forgive me if I am asking
> basic questions.
> >
> > Thanks
> > Goutham B G
> > _______________________________________________
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20101222/15056e54/attachment-0001.html

More information about the FreeSWITCH-users mailing list