[Freeswitch-users] Anyone got ZRTP MiTM working?

Peter Villeneuve petervnv1 at gmail.com
Wed Apr 9 22:48:02 MSD 2014 

Thanks guys. It was indeed a silly mistake.
Recompiling latest mster from git with the ZRTP flag now works.

I see ZRTP being established correctly but I still can't get FS to confirm
that the call is secure in the dialplan.
I think the issue may lie with the correct wording of
the ${zrtp_secure_media_confirmed}

Here's what the logs show (note that zrtp is indeed active as I can see the
SAS in both Jitsi and CSipSimple)

parsing [features->is_zrtp_secure] continue=true
Dialplan: sofia/internal/1010 at my.domain.com Regex (FAIL) [is_zrtp_secure]
${zrtp_secure_media_confirmed}() =~ /^true$/ break=on-false
Dialplan: sofia/internal/1010 at my.domain.com ANTI-Action eval(not_secure)
EXECUTE sofia/internal/1010 at my.domain.com eval(not_secure)
2014-04-09 18:33:10.872707 [NOTICE] switch_core_session.c:2953 Execute
eval(not_secure)
EXECUTE sofia/internal/1010 at my.domain.com eval(not_secure)


I've tried playing with the wording of the ${zrtp_secure_media_confirmed}
since I recall a similar problem with SRTP and some recent code changes in
FS (I added audio to the name of the variable)
Unfortunately none of the 2 options I tried made any difference.

<extension name="is_zrtp_secure" continue="true">
      <condition field="${zrtp_secure_media_confirmed}" expression="^true$">
      <!-- <condition field="${zrtp_secure_media_confirmed_audio}"
expression="^true$">-->
<action application="sleep" data="1000"/>
<action application="playback" data="misc/call_secured.wav"/>
<anti-action application="eval" data="not_secure"/>
      </condition>
    </extension>

Any clues as to what's wrong?


Thanks,

Peter


On Tue, Apr 8, 2014 at 2:04 PM, Steven Ayre <steveayre at gmail.com> wrote:

> Just rebuild and install as normal, it'll be an upgrade. Your config files
> should be preserved, but back them up just in case.
>
>
>
> On Tuesday, April 8, 2014, Peter Villeneuve <petervnv1 at gmail.com> wrote:
>
>> I can't believe how stupid I am. Now that you mention it I'm no longer
>> sure I did compile it explicitly with the --enable-zrtp flag.
>> I guess that would explain it. Sorry for wasting your time with such a
>> silly mistake.
>>
>> Guess I need to start over. Is there a make uninstall or is there a
>> recommended way to remove FS?
>>
>>
>> On Mon, Apr 7, 2014 at 10:55 PM, Brian West <brian at freeswitch.org> wrote:
>>
>>> You compiled with --enable-zrtp?  And you you see the ZRTP activity in
>>> the logs when making calls?
>>> --
>>> Brian West
>>> brian at freeswitch.org
>>> FreeSWITCH Solutions, LLC
>>> PO BOX 2531
>>> Brookfield, WI 53008-2531
>>> Twitter: @FreeSWITCH , @briankwest
>>> http://www.freeswitchbook.com
>>> http://www.freeswitchcookbook.com
>>>
>>> T: +1.918.420.9001  |  F: +1.918.420.9002  |  M: +1.918.424.WEST
>>> iNUM: +883 5100 1420 9001
>>> ISN: 410*543
>>> Skype:briankwest
>>> PGP Key: http://www.bkw.org/key.txt (AB93356707C76CED)
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Apr 7, 2014, at 4:49 PM, Peter Villeneuve <petervnv1 at gmail.com>
>>> wrote:
>>>
>>> > Thanks for helping out Brian.
>>> >
>>> > The problem I have is that FS doesn't seem to recognize the client has
>>> ZRTP when I dial 9787 (CSipSimple in this case with ZRTP enabled).
>>> > I hear the nice lady tell me that my endpoint doesn't have ZRTP but I
>>> see in the FS logs that it correctly sees the ZRTP hash.
>>> >
>>> > I've disabled zrtp passthrough in the sip profile and still FS doesn't
>>> seem to detect the client has ZRTP and enroll it.
>>> >
>>> >
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140409/4a286714/attachment-0001.html

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list