[Freeswitch-users] FreeSwith does not setup secure call with leg B.

Brian West brian at freeswitch.org
Wed Sep 10 18:22:37 MSD 2014


If you can't trust your PBX then WHO can you trust? :P  ZRTP won't be end
to end out of the box unles you have clients that add the zrtp hash to the
sdp's in the invite and 200ok coming back from the far end.

On Wed, Sep 10, 2014 at 8:55 AM, Daniel Ivanov <sertys at gmail.com> wrote:

> First of all, srtp is not end-to-end, if you are looking for end to end,
> you should look over the zrtp_* varset.
> And also look over whether you clients are configured to use SRTP or ZRTP.
> 10 сент. 2014 г. 15:50 пользователь "Michael Jerris" <mike at jerris.com>
> написал:
>
> Does it work on the latest 1.4 release with the config change he mentioned?
>>
>> On Sep 10, 2014, at 1:48 AM, Chandrakant Marathe <cwmarathe at gmail.com>
>> wrote:
>>
>> Sorry Brian, I should have told the version. My bad.
>> I am using 1.2 stable release. When I hit "git branch -av", it outputs -
>>
>> * v1.2.stable      2b62885 fs_cli: fix compiler error on CentOS 6 caused
>> by recent short uuid logging change
>>
>> And from FreeSwitch console, when I hit "version" command, it shows -
>>
>> FreeSWITCH Version 1.2.24+git~20140630T213113Z~2b62885f21~32bit (git
>> 2b62885 2014-06-30 21:31:13Z 32bit)
>>
>> I went through "vars.xml" and found only one config related with
>> "rtp_secure_media" and that to related with zrtp
>>
>> <X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
>>
>> Is there any more configuration to do in v1.2 so as to enable end-to-end
>> secure call or shall I move to v1.4 beta?
>>
>> Thanks.
>> --
>> CWM
>>
>>
>> On Tue, Sep 9, 2014 at 9:04 PM, Brian West <brian at freeswitch.org> wrote:
>>
>>> You didn't mention what rev you're using, If you're in 1.4 then its
>>> rtp_secure_media, please see latest configs and extensive docs in vars.xml
>>> about srtp and all the nice knobs you can use to tweak it.
>>>
>>>
>>> On Tue, Sep 9, 2014 at 12:52 AM, Chandrakant Marathe <
>>> cwmarathe at gmail.com> wrote:
>>>
>>>> Hi All,
>>>> I have setup FreeSwith PBX. I am facing an issue of not having end to
>>>> end secure call. Caller sends INVITE request with SIPS in request URI and
>>>> RTP/SAVP in SDP. But when FreeSwith forwards the request to caller, it is
>>>> not using RTP/SAVP in SDP.
>>>>
>>>> I have followed the steps mentioned in WIKI (
>>>> https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration) for TLS
>>>> configuration and marked "exports sip_secure_media" true in
>>>> "conf/dialplan/default.xml" file (as per
>>>> https://wiki.freeswitch.org/wiki/SRTP). But still FreeSwitch does not
>>>> use RTP/SAVP for leg-B.
>>>>
>>>> Also, I am bit confused with following condition in "default.xml" when
>>>> wiki page suggests that
>>>> late coded negotiation must NOT to be turned on.
>>>>
>>>>     <!--
>>>>          Since we have inbound-late-negotation on by default now the
>>>>          above behavior isn't the same so you have to do one extra step.
>>>>         -->
>>>>
>>>>       <condition field="${endpoint_disposition}" expression="^(DELAYED
>>>> NEGOTIATION)"/>
>>>>       <condition field="${switch_r_sdp}"
>>>> expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)"
>>>> break="never">
>>>>         <action application="set" data="sip_secure_media=true"/>
>>>>         <!-- Offer SRTP on outbound legs if we have it on inbound. -->
>>>>         <action application="export" data="sip_secure_media=true"/>
>>>>       </condition>
>>>>
>>>> By commenting/un-commenting "sip_secure_media=true" above, it did not
>>>> worked.
>>>>
>>>> Any help with this would be greatly appreciated.
>>>>
>>>> --
>>>> Thanks
>>>> CWM
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> 
>>>> 
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> *Brian West*
>>> brian at freeswitch.org
>>>
>>>
>>> *Twitter: @FreeSWITCH , @briankwest*
>>> http://www.freeswitchbook.com
>>> http://www.freeswitchcookbook.com
>>>
>>> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
>>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> 
>>> 
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> 
>> 
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> 
>> 
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> 
> 
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 

*Brian West*
brian at freeswitch.org


*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140910/ca6a664c/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list