[Freeswitch-users] Secure B-Leg from PSTN call - how to?

Wed Jul 3 23:23:20 MSD 2013

I created http://wiki.freeswitch.org/wiki/Release_Notesas a source for such
changes that might break configs, but noone has documented that one yet.
Feel free to add it. Bonus points if you can find the version or git commit
where it changed.

On Tuesday, July 2, 2013, Carlos Flor wrote:

> I'm really glad that did it!  Honestly, the only reason I knew was because
> I had the same issue after upgrading FS one day.  When I upgrade, I usually
> save off the sample configs in case I need to refer to them and so I
> happened to look and see that the variable name had changed.  It was pure
> luck that I found it, but now I usually take a quick glance at the sample
> configs that are copied after I upgrade to see if anything stands out as
> being different.
>
>
> On Tue, Jul 2, 2013 at 8:44 AM, Peter Waldheim <struwwelp at gmail.com<javascript:_e({}, 'cvml', 'struwwelp at gmail.com');>
> > wrote:
>
>> Wow thanks a lot, Carlos - that actually did it (you wouldn't believe how
>> happy I am right now).
>>
>> As this was kinda hard and painful to figure out - is there a place I
>> should be reading to know about such changes?
>>
>>
>> 2013/7/1 Carlos Flor <jackal at cybershroud.net <javascript:_e({}, 'cvml',
>> 'jackal at cybershroud.net');>>
>>
>>> Not sure if this is your issue, but depending on what version of FS you
>>> are running, sip_secure_media has been replaced with rtp_secure_media.  Try
>>> exporting that instead and see if it works.
>>>
>>>
>>> On Mon, Jul 1, 2013 at 5:04 AM, Peter Waldheim <struwwelp at gmail.com<javascript:_e({}, 'cvml', 'struwwelp at gmail.com');>
>>> > wrote:
>>>
>>>> I'm still struggling with this and cleaned up the whole configuration.
>>>>
>>>> The only SRTP-related setting now is the
>>>> <action application='export' data='nolocal:sip_secure_media=true'/>
>>>> before the bridging.
>>>>
>>>> The info app seems to reflect that by
>>>> 2013-07-01 10:40:49.640784 [DEBUG] switch_channel.c:1176 FreeTDM/1:1/21
>>>> EXPORTING[export_vars][sip_secure_media]=[true] to event
>>>>
>>>> (Could anybody please confirm if this is the right place to look and
>>>> this should trigger a secure b-leg?)
>>>>
>>>> But the "Local SDP" still has no crypto or savp in it - like in the
>>>> original post. (It should show up here, right?)
>>>>
>>>> And eventually the connection gets denied by the client, which would
>>>> only allow srtp connections.
>>>>
>>>> Does anybody have an idea, what could prevent the secure  b-leg (if my
>>>> assumptions are correct it seems I get a non-secure sdp despite having
>>>> sip_secure_media set to true)?
>>>>
>>>> Thanks and regards
>>>> Peter
>>>>
>>>>
>>>> 2013/6/28 Peter Waldheim <struwwelp at gmail.com <javascript:_e({},
>>>> 'cvml', 'struwwelp at gmail.com');>>
>>>>
>>>>> Thanks Daniel but I know and am already doing that. Would the debug
>>>>> output about "EXPORTING[export_vars]... to event" not confirm that working,
>>>>> or am I mistaken?
>>>>>
>>>>>
>>>>> 2013/6/28 Daniel Ivanov <sertys at gmail.com <javascript:_e({}, 'cvml',
>>>>> 'sertys at gmail.com');>>
>>>>>
>>>>>> Well you have to export the variables instead of setting them to
>>>>>> apply to b-leg.
>>>>>> Like
>>>>>> <action application='export' data='nolocal:sip_secure_media=true'/>
>>>>>> On Jun 28, 2013 10:51 AM, "Peter Waldheim" <struwwelp at gmail.com<javascript:_e({}, 'cvml', 'struwwelp at gmail.com');>>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I'm trying to secure (SRTP) the b-leg for a call coming in via pstn
>>>>>>> (pri/freetdm).
>>>>>>> For this I'm setting sip_secure_media and also
>>>>>>> trying sdp_secure_savp_only, but it seems freeswitch does not offer SAVP to
>>>>>>> my client (which in turn will refuse). SIP-to-SIP this works fine.
>>>>>>>
>>>>>>> Here the the portion of the log where I would have expected to see
>>>>>>> SAVP in the sdp:
>>>>>>>
>>>>>>> EXECUTE FreeTDM/1:5/21 bridge(sofia/external5090/21%10.1.1.12)
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [sip_secure_media]=[true] to event
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [dialed_extension]=[21] to event
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [sip_secure_media]=[true] to event
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176
>>>>>>> FreeTDM/1:5/21 EXPORTING[export_vars] [sdp_secure_savp_only]=[true] to event
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_ivr_originate.c:2050
>>>>>>> Parsing global variables
>>>>>>> 2013-06-28 09:20:10.800816 [NOTICE] switch_channel.c:1030 New
>>>>>>> Channel sofia/external5090/21 [2b0bff7e-dfc3-11e2-b111-c96542f7174a]
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:4420
>>>>>>> (sofia/external5090/21) State Change CS_NEW -> CS_INIT
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_session.c:1341 Send
>>>>>>> signal sofia/external5090/21 [BREAK]
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:416
>>>>>>> (sofia/external5090/21) Running State Change CS_INIT
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:455
>>>>>>> (sofia/external5090/21) State INIT
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:87
>>>>>>> sofia/external5090/21 SOFIA INIT
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1191
>>>>>>> sip:21 at client.ip.is.secret:49915;rinstance=e177370cb4131e9f;transport=tls
>>>>>>> Setting proxy route to sofia/external5090/21
>>>>>>> 2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1220 Local SDP:
>>>>>>> v=0
>>>>>>> o=FreeSWITCH 1372384350 1372384351 IN IP4 my.ip.is.secret
>>>>>>> s=FreeSWITCH
>>>>>>> c=IN IP4 my.ip.is.secret
>>>>>>> t=0 0
>>>>>>> m=audio 19660 RTP/AVP 8 3 101 13
>>>>>>> a=rtpmap:101 telephone-event/8000
>>>>>>> a=fmtp:101 0-16
>>>>>>> a=ptime:20
>>>>>>> a=sendrecv
>>>>>>> m=video 20590 RTP/AVP 34 98
>>>>>>> a=rtpmap:34 H263/90000
>>>>>>> a=rtpmap:98 H264/90000
>>>>>>>
>>>>>>> Any help with this would be greatly appreciated.
>>>>>>>
>>>>>>> Regards
>>>>>>> Peter
>>>>>>>
>>>>>>>
>>>>>>> _________________________________________________________________________
>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>> consulting at freeswitch.org <javascript:_e({}, 'cvml',
>>>>>>> 'consulting at freeswitch.org');>
>>>>>>> http://www.freeswitchsolutions.com
>>>>>>>
>>>>>>> 
>>>>>>> 
>>>>>>>
>>>>>>> Official FreeSWITCH Sites
>>>>>>> http://www.freeswitch.org
>>>>>>> http://wiki.freeswitch.org
>>>>>>> http://www.cluecon.com
>>>>>>>
>>>>>>> FreeSWITCH-users mailing list
>>>>>>> FreeSWITCH-users at lists.freeswitch.org <javascript:_e({}, 'cvml',
>>>>>>> 'FreeSWITCH-users at lists.freeswitch.org');>
>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>> UNSUBSCRIBE:
>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>> http://www.freeswitch.org
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org <javascript:_e({}, 'cvml',
>>>>>> 'consulting at freeswitch.org');>
>>>>>> http://www.freeswitchsolutions.com
>>>>>>
>>>>>> 
>>>>>> 
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org
>>>>>> http://wiki.freeswitch.org
>>>>>> http://www.cluecon.com
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org <javascript:_e({}, 'cvml',
>>>>>> 'FreeSWITCH-users at lists.freeswitch.org');>
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org <javascript:_e({}, 'cvml',
>>>> 'consulting at freeswitch.org');>
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org <javascript:_e({}, 'cvml',
>>>> 'FreeSWITCH-users at lists.freeswitch.org');>
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org <javascript:_e({}, 'cvml',
>>> 'consulting at freeswitch.org');>
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org <javascript:_e({}, 'cvml',
>>> 'FreeSWITCH-users at lists.freeswitch.org');>
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <javascript:_e({}, 'cvml',
>> 'consulting at freeswitch.org');>
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <javascript:_e({}, 'cvml',
>> 'FreeSWITCH-users at lists.freeswitch.org');>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130703/3496f1fb/attachment-0001.html 