[Freeswitch-users] Establishing SRTP from SBC to endpoint

Peter eidevm5 at gmail.com
Tue Aug 13 06:26:58 MSD 2013 

In my environment, I have the following (simplified) setup:

FS1  ----  FS SBC ---  FS2

Phones registered to FS1 (100x) use TLS/SRTP and phones registered to FS2
(200x) use SIP/RTP

FS1 has inbound-bypass-media set to true to allow SRTP peer to peer and
direct to the SBC.

If I make an inbound call (eg: 1000 to 2000), SRTP is correctly established
between the phone and SBC with RTP on the other side of the SBC to the
internal phone.

However, when I try it the other way, I can't get SRTP established from the
SBC to the external phone.

I've been using https://wiki.freeswitch.org/wiki/Secure_RTP as a guide.

I've even tried explicitly setting sip_secure_media to true on the SBC and
FS1.

The dialplan on the SBC has:

  <extension name="outgoing">
        <condition field="destination_number" expression="^(10[0-9][0-9])$">
            <action application="set" data="sip_secure_media=true"/>
            <action application="bridge" data="sofia/external/${
destination_number}@10.1.1.204"/>
        </condition>
  </extension>


And on FS1, the dialplan has:

   <extension name="Local-Numbers">
      <condition field="destination_number" expression="^(10[01][0-9])$">
        <action application="export" data="dialed_extension=$1"/>
        <action application="set" data="sip_secure_media=true"/>
        <action application="bridge" data="user/${dialed_extension}@
${domain_name}"/>
      </condition>
    </extension>


Note that I've been testing this against two phones with SRTP enabled, but
only one that is using TLS.  I get the same result calling each phone.

On a related point, what it the step required for a TLS connection from the
SBC to the phone?   I'm assume the phone just needs the CA cert from the
SBC.  Correct?

Any information as to where I'm going wrong will be gratefully accepted.

Thanks

Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130813/f220c434/attachment.html

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list