[Freeswitch-users] Secure B-Leg from PSTN call - how to?

Peter Waldheim struwwelp at gmail.com
Tue Jul 2 16:44:25 MSD 2013


Wow thanks a lot, Carlos - that actually did it (you wouldn't believe how
happy I am right now).

As this was kinda hard and painful to figure out - is there a place I
should be reading to know about such changes?


2013/7/1 Carlos Flor <jackal at cybershroud.net>

> Not sure if this is your issue, but depending on what version of FS you
> are running, sip_secure_media has been replaced with rtp_secure_media.  Try
> exporting that instead and see if it works.
>
>
> On Mon, Jul 1, 2013 at 5:04 AM, Peter Waldheim <struwwelp at gmail.com>wrote:
>
>> I'm still struggling with this and cleaned up the whole configuration.
>>
>> The only SRTP-related setting now is the
>> <action application='export' data='nolocal:sip_secure_media=true'/>
>> before the bridging.
>>
>> The info app seems to reflect that by
>> 2013-07-01 10:40:49.640784 [DEBUG] switch_channel.c:1176 FreeTDM/1:1/21
>> EXPORTING[export_vars][sip_secure_media]=[true] to event
>>
>> (Could anybody please confirm if this is the right place to look and this
>> should trigger a secure b-leg?)
>>
>> But the "Local SDP" still has no crypto or savp in it - like in the
>> original post. (It should show up here, right?)
>>
>> And eventually the connection gets denied by the client, which would only
>> allow srtp connections.
>>
>> Does anybody have an idea, what could prevent the secure  b-leg (if my
>> assumptions are correct it seems I get a non-secure sdp despite having
>> sip_secure_media set to true)?
>>
>> Thanks and regards
>> Peter
>>
>>
>> 2013/6/28 Peter Waldheim <struwwelp at gmail.com>
>>
>>> Thanks Daniel but I know and am already doing that. Would the debug
>>> output about "EXPORTING[export_vars]... to event" not confirm that working,
>>> or am I mistaken?
>>>
>>>
>>> 2013/6/28 Daniel Ivanov <sertys at gmail.com>
>>>
>>>> Well you have to export the variables instead of setting them to apply
>>>> to b-leg.
>>>> Like
>>>> <action application='export' data='nolocal:sip_secure_media=true'/>
>>>> On Jun 28, 2013 10:51 AM, "Peter Waldheim" <struwwelp at gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I'm trying to secure (SRTP) the b-leg for a call coming in via pstn
>>>>> (pri/freetdm).
>>>>> For this I'm setting sip_secure_media and also
>>>>> trying sdp_secure_savp_only, but it seems freeswitch does not offer SAVP to
>>>>> my client (which in turn will refuse). SIP-to-SIP this works fine.
>>>>>
>>>>> Here the the portion of the log where I would have expected to see
>>>>> SAVP in the sdp:
>>>>>
>>>>> EXECUTE FreeTDM/1:5/21 bridge(sofia/external5090/21%10.1.1.12)
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [sip_secure_media]=[true] to event
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [dialed_extension]=[21] to event
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [sip_secure_media]=[true] to event
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [sdp_secure_savp_only]=[true] to event
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_ivr_originate.c:2050 Parsing
>>>>> global variables
>>>>> 2013-06-28 09:20:10.800816 [NOTICE] switch_channel.c:1030 New Channel
>>>>> sofia/external5090/21 [2b0bff7e-dfc3-11e2-b111-c96542f7174a]
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:4420
>>>>> (sofia/external5090/21) State Change CS_NEW -> CS_INIT
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_session.c:1341 Send
>>>>> signal sofia/external5090/21 [BREAK]
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:416
>>>>> (sofia/external5090/21) Running State Change CS_INIT
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:455
>>>>> (sofia/external5090/21) State INIT
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:87
>>>>> sofia/external5090/21 SOFIA INIT
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1191
>>>>> sip:21 at client.ip.is.secret:49915;rinstance=e177370cb4131e9f;transport=tls
>>>>> Setting proxy route to sofia/external5090/21
>>>>> 2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1220 Local SDP:
>>>>> v=0
>>>>> o=FreeSWITCH 1372384350 1372384351 IN IP4 my.ip.is.secret
>>>>> s=FreeSWITCH
>>>>> c=IN IP4 my.ip.is.secret
>>>>> t=0 0
>>>>> m=audio 19660 RTP/AVP 8 3 101 13
>>>>> a=rtpmap:101 telephone-event/8000
>>>>> a=fmtp:101 0-16
>>>>> a=ptime:20
>>>>> a=sendrecv
>>>>> m=video 20590 RTP/AVP 34 98
>>>>> a=rtpmap:34 H263/90000
>>>>> a=rtpmap:98 H264/90000
>>>>>
>>>>> Any help with this would be greatly appreciated.
>>>>>
>>>>> Regards
>>>>> Peter
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> 
>>>>> 
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130702/b4ecfa00/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list