[Freeswitch-users] Secure B-Leg from PSTN call - how to?
Carlos Flor
jackal at cybershroud.net
Tue Jul 2 17:04:45 MSD 2013
I'm really glad that did it! Honestly, the only reason I knew was because
I had the same issue after upgrading FS one day. When I upgrade, I usually
save off the sample configs in case I need to refer to them and so I
happened to look and see that the variable name had changed. It was pure
luck that I found it, but now I usually take a quick glance at the sample
configs that are copied after I upgrade to see if anything stands out as
being different.
On Tue, Jul 2, 2013 at 8:44 AM, Peter Waldheim <struwwelp at gmail.com> wrote:
> Wow thanks a lot, Carlos - that actually did it (you wouldn't believe how
> happy I am right now).
>
> As this was kinda hard and painful to figure out - is there a place I
> should be reading to know about such changes?
>
>
> 2013/7/1 Carlos Flor <jackal at cybershroud.net>
>
>> Not sure if this is your issue, but depending on what version of FS you
>> are running, sip_secure_media has been replaced with rtp_secure_media. Try
>> exporting that instead and see if it works.
>>
>>
>> On Mon, Jul 1, 2013 at 5:04 AM, Peter Waldheim <struwwelp at gmail.com>wrote:
>>
>>> I'm still struggling with this and cleaned up the whole configuration.
>>>
>>> The only SRTP-related setting now is the
>>> <action application='export' data='nolocal:sip_secure_media=true'/>
>>> before the bridging.
>>>
>>> The info app seems to reflect that by
>>> 2013-07-01 10:40:49.640784 [DEBUG] switch_channel.c:1176 FreeTDM/1:1/21
>>> EXPORTING[export_vars][sip_secure_media]=[true] to event
>>>
>>> (Could anybody please confirm if this is the right place to look and
>>> this should trigger a secure b-leg?)
>>>
>>> But the "Local SDP" still has no crypto or savp in it - like in the
>>> original post. (It should show up here, right?)
>>>
>>> And eventually the connection gets denied by the client, which would
>>> only allow srtp connections.
>>>
>>> Does anybody have an idea, what could prevent the secure b-leg (if my
>>> assumptions are correct it seems I get a non-secure sdp despite having
>>> sip_secure_media set to true)?
>>>
>>> Thanks and regards
>>> Peter
>>>
>>>
>>> 2013/6/28 Peter Waldheim <struwwelp at gmail.com>
>>>
>>>> Thanks Daniel but I know and am already doing that. Would the debug
>>>> output about "EXPORTING[export_vars]... to event" not confirm that working,
>>>> or am I mistaken?
>>>>
>>>>
>>>> 2013/6/28 Daniel Ivanov <sertys at gmail.com>
>>>>
>>>>> Well you have to export the variables instead of setting them to apply
>>>>> to b-leg.
>>>>> Like
>>>>> <action application='export' data='nolocal:sip_secure_media=true'/>
>>>>> On Jun 28, 2013 10:51 AM, "Peter Waldheim" <struwwelp at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I'm trying to secure (SRTP) the b-leg for a call coming in via pstn
>>>>>> (pri/freetdm).
>>>>>> For this I'm setting sip_secure_media and also
>>>>>> trying sdp_secure_savp_only, but it seems freeswitch does not offer SAVP to
>>>>>> my client (which in turn will refuse). SIP-to-SIP this works fine.
>>>>>>
>>>>>> Here the the portion of the log where I would have expected to see
>>>>>> SAVP in the sdp:
>>>>>>
>>>>>> EXECUTE FreeTDM/1:5/21 bridge(sofia/external5090/21%10.1.1.12)
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [sip_secure_media]=[true] to event
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [dialed_extension]=[21] to event
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [sip_secure_media]=[true] to event
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [sdp_secure_savp_only]=[true] to event
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_ivr_originate.c:2050
>>>>>> Parsing global variables
>>>>>> 2013-06-28 09:20:10.800816 [NOTICE] switch_channel.c:1030 New Channel
>>>>>> sofia/external5090/21 [2b0bff7e-dfc3-11e2-b111-c96542f7174a]
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:4420
>>>>>> (sofia/external5090/21) State Change CS_NEW -> CS_INIT
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_session.c:1341 Send
>>>>>> signal sofia/external5090/21 [BREAK]
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:416
>>>>>> (sofia/external5090/21) Running State Change CS_INIT
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:455
>>>>>> (sofia/external5090/21) State INIT
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:87
>>>>>> sofia/external5090/21 SOFIA INIT
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1191
>>>>>> sip:21 at client.ip.is.secret:49915;rinstance=e177370cb4131e9f;transport=tls
>>>>>> Setting proxy route to sofia/external5090/21
>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1220 Local SDP:
>>>>>> v=0
>>>>>> o=FreeSWITCH 1372384350 1372384351 IN IP4 my.ip.is.secret
>>>>>> s=FreeSWITCH
>>>>>> c=IN IP4 my.ip.is.secret
>>>>>> t=0 0
>>>>>> m=audio 19660 RTP/AVP 8 3 101 13
>>>>>> a=rtpmap:101 telephone-event/8000
>>>>>> a=fmtp:101 0-16
>>>>>> a=ptime:20
>>>>>> a=sendrecv
>>>>>> m=video 20590 RTP/AVP 34 98
>>>>>> a=rtpmap:34 H263/90000
>>>>>> a=rtpmap:98 H264/90000
>>>>>>
>>>>>> Any help with this would be greatly appreciated.
>>>>>>
>>>>>> Regards
>>>>>> Peter
>>>>>>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org
>>>>>> http://www.freeswitchsolutions.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org
>>>>>> http://wiki.freeswitch.org
>>>>>> http://www.cluecon.com
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>>
>>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>>
>>>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>>
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130702/82006aad/attachment-0001.html
Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users
mailing list