[Freeswitch-users] SRTP on outbound leg without TLS
Jurijs Ivolga
jurij.ivo at gmail.com
Fri Aug 14 13:52:20 MSD 2015
Hi,
It looks like that there is issue with Linphone sip client, I tried to use
Blink and call was successful and cipher was chosen correctly on both sides.
With kind regards,
Jurijs
2015-08-14 10:08 GMT+03:00 Jurijs Ivolga <jurij.ivo at gmail.com>:
> Hi,
>
> Somehow clients are not using correct cipher.
>
> so ext 1006 is calling ext 1005.
>
> Here is strange part:
>
> When Freeswitch(10.101.141.197) forward invite to ext 1005 Freeswitch
> splits SDP message as you can see below. First part of SDP is sent with
> initial Invite request and second part as separate message. Is it correct
> behavior or not?
>
> Please help!
>
> I would like to add that I'm using Linphone as SIP client.
>
> T 10.101.141.197:5060 -> 192.168.210.9:2556 [A]
> INVITE sip:1005 at 192.168.210.9:2556;transport=tcp SIP/2.0.
> Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.
> Max-Forwards: 68.
> From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
> To: <sip:1005 at 192.168.210.9:2556;transport=tcp>.
> Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
> CSeq: 79431457 INVITE.
> Contact: <sip:mod_sofia at 10.101.141.197:5060;transport=tcp>.
> User-Agent:
> FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER,
> REFER, NOTIFY, PUBLISH, SUBSCRIBE.
> Supported: timer, path, replaces.
> Allow-Events: talk, hold, conference, presence, as-feature-event, dialog,
> line-seize, call-info, sla, include-session-description, presence.winfo,
> message-summary, refer.
> Content-Type: application/sdp.
> Content-Disposition: session.
> Content-Length: 1133.
> X-FS-Support: update_display,send_info.
> Remote-Party-ID: "1006" <sip:1006 at 10.101.141.197
> >;party=calling;screen=yes;privacy=off.
> .
> v=0.
> o=FreeSWITCH 1439504220 1439504221 IN IP4 10.101.141.197.
> s=FreeSWITCH.
> c=IN IP4 10.101.141.197.
> t=0 0.
> m=audio 30822 RTP/SAVP 96 0 8 101 13.
> a=rtpmap:96 opus/48000/2.
> a=fmtp:96 useinbandfec=1.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:8 PCMA/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=crypto:1 AEAD_AES_256_GCM_8
> inline:S2oBVh65wI8m4kSXtf4XS2ewx5msX9nENt4icZKWbjqJ5whNq4kUiOvCSLU.
> a=crypto:2 AEAD_AES_128_GCM_8
> inline:IVkLlQ1pqeKyH+MTQRX1iYwR0d5Towuu3z5VRA.
> #
> T 10.101.141.197:5060 -> 192.168.210.9:2556 [AP]
>
> a=crypto:3 AES_CM_256_HMAC_SHA1_80
> inline:Coiz7A87xBG/sUq2tkRgNR7lhqXj867XqVLPY/Se5loalRyxeVST70IlKq6URA.
> a=crypto:4 AES_CM_192_HMAC_SHA1_80
> inline:fPLYqjsI7EX1oXV6pmuq7hz8AEeY8/+EUcti9clgvhtaK82nIS4.
> a=crypto:5 AES_CM_128_HMAC_SHA1_80
> inline:KwtgRmTidrZeRtafVkx6CJUhvhq0MdIpeUAw4XW4.
> a=crypto:6 AES_CM_256_HMAC_SHA1_32
> inline:jHtGPHnXdtr0h+NxllA1aIlKaR2BV6OanWb6vgfZkq12FwPnjKzhIN5RTyJDTg.
> a=crypto:7 AES_CM_192_HMAC_SHA1_32
> inline:dL0CeU8sTaplV64MUDYr8wsZlJHgeANDgo0DpaTp1LojRY1lsQw.
> a=crypto:8 AES_CM_128_HMAC_SHA1_32
> inline:8Xy+DGcxx7lBmJsO4hFXwfZvMdtzP8lawGmVYRib.
> a=crypto:9 AES_CM_128_NULL_AUTH
> inline:0335cUjVFg44BWoI8FmfGNvbFsb4X5c9H86q7t+5.
> a=ptime:20.
>
> You can find below full sip trace:
>
> 10.101.141.197 - Freeswitch, 192.168.210.9:39438 - 1006,
> 192.168.210.9:2556 - 1005
>
> filter: ( port 5060 ) and (ip or ip6)
> #
> T 192.168.210.9:39438 -> 10.101.141.197:5060 [AP]
> INVITE sip:1005 at 10.101.141.197 SIP/2.0.
> Via: SIP/2.0/TCP 192.168.5.81:57209;branch=z9hG4bK.IuzskaFrq;rport.
> From: <sip:1006 at 10.101.141.197>;tag=NtnWG0xlI.
> To: "1005" <sip:1005 at 10.101.141.197>.
> CSeq: 20 INVITE.
> Call-ID: vSsPmy-jNM.
> Max-Forwards: 70.
> Supported: outbound.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> SUBSCRIBE, INFO, UPDATE.
> Content-Type: application/sdp.
> Content-Length: 819.
> Contact: <sip:1006 at 192.168.210.9:39438
> ;transport=tcp>;+sip.instance="<urn:uuid:477d474b-2e13-411a-9bc9-b805b9018b85>".
> User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).
> .
> v=0.
> o=1006 776 2644 IN IP4 192.168.5.81.
> s=Talk.
> c=IN IP4 192.168.5.81.
> b=AS:380.
> t=0 0.
> a=rtcp-xr:rcvr-rtt=all:10000 stat-summary=loss,dup,jitt,TTL voip-metrics.
> m=audio 7076 RTP/SAVP 96 97 98 99 0 8 101 100 102.
> a=rtpmap:96 opus/48000/2.
> a=fmtp:96 useinbandfec=1.
> a=rtpmap:97 SILK/16000.
> a=rtpmap:98 speex/16000.
> a=fmtp:98 vbr=on.
> a=rtpmap:99 speex/8000.
> a=fmtp:99 vbr=on.
> a=rtpmap:101 telephone-event/48000.
> a=rtpmap:100 telephone-event/16000.
> a=rtpmap:102 telephone-event/8000.
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:5CX7J5QFH42SH0PKJ73njNeFmWmsAQzmoxmjGruw.
> a=crypto:2 AES_CM_128_HMAC_SHA1_32
> inline:d1FR1lpf51o7hgxXH29rsp3y5nsP2fWCawwkRHau.
> a=crypto:3 AES_CM_256_HMAC_SHA1_80
> inline:Qgjm+kYdz2Hq7Z9bDoWUEBfS4QxT+IhyeVtsBGj5.
> a=crypto:4 AES_CM_256_HMAC_SHA1_32
> inline:pF5jQEbDyqu4c9pELVoSSz/+T6qM7rkX0c0SeJ8Z.
>
> ##
> T 10.101.141.197:5060 -> 192.168.210.9:39438 [AP]
> SIP/2.0 100 Trying.
> Via: SIP/2.0/TCP 192.168.5.81:57209
> ;branch=z9hG4bK.IuzskaFrq;rport=39438;received=192.168.210.9.
> From: <sip:1006 at 10.101.141.197>;tag=NtnWG0xlI.
> To: "1005" <sip:1005 at 10.101.141.197>.
> Call-ID: vSsPmy-jNM.
> CSeq: 20 INVITE.
> User-Agent:
> FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
> Content-Length: 0.
> .
>
> #
> T 10.101.141.197:5060 -> 192.168.210.9:2556 [A]
> INVITE sip:1005 at 192.168.210.9:2556;transport=tcp SIP/2.0.
> Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.
> Max-Forwards: 68.
> From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
> To: <sip:1005 at 192.168.210.9:2556;transport=tcp>.
> Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
> CSeq: 79431457 INVITE.
> Contact: <sip:mod_sofia at 10.101.141.197:5060;transport=tcp>.
> User-Agent:
> FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER,
> REFER, NOTIFY, PUBLISH, SUBSCRIBE.
> Supported: timer, path, replaces.
> Allow-Events: talk, hold, conference, presence, as-feature-event, dialog,
> line-seize, call-info, sla, include-session-description, presence.winfo,
> message-summary, refer.
> Content-Type: application/sdp.
> Content-Disposition: session.
> Content-Length: 1133.
> X-FS-Support: update_display,send_info.
> Remote-Party-ID: "1006" <sip:1006 at 10.101.141.197
> >;party=calling;screen=yes;privacy=off.
> .
> v=0.
> o=FreeSWITCH 1439504220 1439504221 IN IP4 10.101.141.197.
> s=FreeSWITCH.
> c=IN IP4 10.101.141.197.
> t=0 0.
> m=audio 30822 RTP/SAVP 96 0 8 101 13.
> a=rtpmap:96 opus/48000/2.
> a=fmtp:96 useinbandfec=1.
> a=rtpmap:0 PCMU/8000.
> a=rtpmap:8 PCMA/8000.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=crypto:1 AEAD_AES_256_GCM_8
> inline:S2oBVh65wI8m4kSXtf4XS2ewx5msX9nENt4icZKWbjqJ5whNq4kUiOvCSLU.
> a=crypto:2 AEAD_AES_128_GCM_8
> inline:IVkLlQ1pqeKyH+MTQRX1iYwR0d5Towuu3z5VRA.
> #
> T 10.101.141.197:5060 -> 192.168.210.9:2556 [AP]
>
> a=crypto:3 AES_CM_256_HMAC_SHA1_80
> inline:Coiz7A87xBG/sUq2tkRgNR7lhqXj867XqVLPY/Se5loalRyxeVST70IlKq6URA.
> a=crypto:4 AES_CM_192_HMAC_SHA1_80
> inline:fPLYqjsI7EX1oXV6pmuq7hz8AEeY8/+EUcti9clgvhtaK82nIS4.
> a=crypto:5 AES_CM_128_HMAC_SHA1_80
> inline:KwtgRmTidrZeRtafVkx6CJUhvhq0MdIpeUAw4XW4.
> a=crypto:6 AES_CM_256_HMAC_SHA1_32
> inline:jHtGPHnXdtr0h+NxllA1aIlKaR2BV6OanWb6vgfZkq12FwPnjKzhIN5RTyJDTg.
> a=crypto:7 AES_CM_192_HMAC_SHA1_32
> inline:dL0CeU8sTaplV64MUDYr8wsZlJHgeANDgo0DpaTp1LojRY1lsQw.
> a=crypto:8 AES_CM_128_HMAC_SHA1_32
> inline:8Xy+DGcxx7lBmJsO4hFXwfZvMdtzP8lawGmVYRib.
> a=crypto:9 AES_CM_128_NULL_AUTH
> inline:0335cUjVFg44BWoI8FmfGNvbFsb4X5c9H86q7t+5.
> a=ptime:20.
>
> ###
> T 192.168.210.9:2556 -> 10.101.141.197:5060 [AP]
> SIP/2.0 100 Trying.
> Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.
> From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
> To: <sip:1005 at 192.168.210.9:2556;transport=tcp>.
> Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
> CSeq: 79431457 INVITE.
> Content-Length: 0.
> .
>
> ##
> T 192.168.210.9:2556 -> 10.101.141.197:5060 [AP]
> SIP/2.0 180 Ringing.
> Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.
> From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
> To: <sip:1005 at 192.168.210.9:2556;transport=tcp>;tag=nf9raHG.
> Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
> CSeq: 79431457 INVITE.
> User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).
> Supported: outbound.
> Content-Length: 0.
> .
>
> ##
> T 10.101.141.197:5060 -> 192.168.210.9:39438 [AP]
> SIP/2.0 183 Session Progress.
> Via: SIP/2.0/TCP 192.168.5.81:57209
> ;branch=z9hG4bK.IuzskaFrq;rport=39438;received=192.168.210.9.
> From: <sip:1006 at 10.101.141.197>;tag=NtnWG0xlI.
> To: "1005" <sip:1005 at 10.101.141.197>;tag=g5yUKBQcK71Sc.
> Call-ID: vSsPmy-jNM.
> CSeq: 20 INVITE.
> Contact: <sip:1005 at 10.101.141.197:5060;transport=tcp>.
> User-Agent:
> FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
> Accept: application/sdp.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER,
> REFER, NOTIFY, PUBLISH, SUBSCRIBE.
> Supported: timer, path, replaces.
> Allow-Events: talk, hold, conference, presence, as-feature-event, dialog,
> line-seize, call-info, sla, include-session-description, presence.winfo,
> message-summary, refer.
> Content-Type: application/sdp.
> Content-Disposition: session.
> Content-Length: 340.
> Remote-Party-ID: "1005" <sip:1005 at 10.101.141.197
> >;party=calling;privacy=off;screen=no.
> .
> v=0.
> o=FreeSWITCH 1439516478 1439516479 IN IP4 10.101.141.197.
> s=FreeSWITCH.
> c=IN IP4 10.101.141.197.
> t=0 0.
> m=audio 18564 RTP/SAVP 96 101.
> a=rtpmap:96 opus/48000/2.
> a=fmtp:96 useinbandfec=1.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=ptime:20.
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:fLtceAsAuJMkYrbQ8TePIBRG0fbgRwkBG/tbgoSm.
>
> ##
> T 192.168.210.9:2556 -> 10.101.141.197:5060 [AP]
> SIP/2.0 200 Ok.
> Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.
> From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
> To: <sip:1005 at 192.168.210.9:2556;transport=tcp>;tag=nf9raHG.
> Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
> CSeq: 79431457 INVITE.
> User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).
> Supported: outbound.
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> SUBSCRIBE, INFO, UPDATE.
> Contact: <sip:1005 at 192.168.210.9:2556
> ;transport=tcp>;+sip.instance="<urn:uuid:0797dc65-a86c-4169-96ff-c5328090f98f>".
> Content-Type: application/sdp.
> Content-Length: 296.
> .
> v=0.
> o=1005 3932 3858 IN IP4 192.168.5.90.
> s=Talk.
> c=IN IP4 192.168.5.90.
> b=AS:380.
> t=0 0.
> m=audio 7076 RTP/SAVP 96 0 8 101.
> a=rtpmap:96 opus/48000/2.
> a=fmtp:96 useinbandfec=1.
> a=rtpmap:101 telephone-event/8000.
> a=crypto:3 AES_CM_256_HMAC_SHA1_80
> inline:5jryAt1Gy/VqFkFRitDzN2Zse62gStxpvSSTkJV/.
>
> ##
> T 10.101.141.197:5060 -> 192.168.210.9:2556 [AP]
> ACK sip:1005 at 192.168.210.9:2556;transport=tcp SIP/2.0.
> Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKyye5pjXjQD16S.
> Max-Forwards: 70.
> From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
> To: <sip:1005 at 192.168.210.9:2556;transport=tcp>;tag=nf9raHG.
> Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
> CSeq: 79431457 ACK.
> Contact: <sip:mod_sofia at 10.101.141.197:5060;transport=tcp>.
> Content-Length: 0.
> .
>
> #
> T 10.101.141.197:5060 -> 192.168.210.9:39438 [AP]
> SIP/2.0 200 OK.
> Via: SIP/2.0/TCP 192.168.5.81:57209
> ;branch=z9hG4bK.IuzskaFrq;rport=39438;received=192.168.210.9.
> From: <sip:1006 at 10.101.141.197>;tag=NtnWG0xlI.
> To: "1005" <sip:1005 at 10.101.141.197>;tag=g5yUKBQcK71Sc.
> Call-ID: vSsPmy-jNM.
> CSeq: 20 INVITE.
> Contact: <sip:1005 at 10.101.141.197:5060;transport=tcp>.
> User-Agent:
> FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER,
> REFER, NOTIFY, PUBLISH, SUBSCRIBE.
> Supported: timer, path, replaces.
> Allow-Events: talk, hold, conference, presence, as-feature-event, dialog,
> line-seize, call-info, sla, include-session-description, presence.winfo,
> message-summary, refer.
> Content-Type: application/sdp.
> Content-Disposition: session.
> Content-Length: 340.
> Remote-Party-ID: "Outbound Call" <sip:1005 at 10.101.141.197
> >;party=calling;privacy=off;screen=no.
> .
> v=0.
> o=FreeSWITCH 1439516478 1439516479 IN IP4 10.101.141.197.
> s=FreeSWITCH.
> c=IN IP4 10.101.141.197.
> t=0 0.
> m=audio 18564 RTP/SAVP 96 101.
> a=rtpmap:96 opus/48000/2.
> a=fmtp:96 useinbandfec=1.
> a=rtpmap:101 telephone-event/8000.
> a=fmtp:101 0-16.
> a=ptime:20.
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:fLtceAsAuJMkYrbQ8TePIBRG0fbgRwkBG/tbgoSm.
>
> ##
> T 192.168.210.9:39438 -> 10.101.141.197:5060 [AP]
> ACK sip:1005 at 10.101.141.197:5060;transport=tcp SIP/2.0.
> Via: SIP/2.0/TCP 192.168.5.81:57209;rport;branch=z9hG4bK.Zbalbk-1j.
> From: <sip:1006 at 10.101.141.197>;tag=NtnWG0xlI.
> To: "1005" <sip:1005 at 10.101.141.197>;tag=g5yUKBQcK71Sc.
> CSeq: 20 ACK.
> Call-ID: vSsPmy-jNM.
> Max-Forwards: 70.
> Content-Length: 0.
> .
>
> ###
> T 192.168.210.9:2556 -> 10.101.141.197:5060 [AP]
> REGISTER sip:10.101.141.197 SIP/2.0.
> Via: SIP/2.0/TCP 192.168.5.90:55444;alias;branch=z9hG4bK.JRV4z~eGh;rport.
> From: <sip:1005 at 10.101.141.197>;tag=9H~ivVAQ2.
> To: sip:1005 at 10.101.141.197.
> CSeq: 36 REGISTER.
> Call-ID: cuBHcAursf.
> Max-Forwards: 70.
> Supported: outbound.
> Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml.
> Contact: <sip:1005 at 192.168.210.9:2556
> ;transport=tcp>;+sip.instance="<urn:uuid:0797dc65-a86c-4169-96ff-c5328090f98f>".
> Expires: 3600.
> User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).
> Content-Length: 0.
> Authorization: Digest realm="10.101.141.197",
> nonce="1eb7575e-4250-11e5-b0a5-8334919b28b7", algorithm=MD5,
> username="1005", uri="sip:10.101.141.197",
> response="36fbbb1687d97df38dcdeb3699c66ec6", cnonce="45a4d597",
> nc=00000006, qop=auth.
> .
>
> #
> T 10.101.141.197:5060 -> 192.168.210.9:2556 [AP]
> SIP/2.0 200 OK.
> Via: SIP/2.0/TCP 192.168.5.90:55444
> ;alias;branch=z9hG4bK.JRV4z~eGh;rport=2556;received=192.168.210.9.
> From: <sip:1005 at 10.101.141.197>;tag=9H~ivVAQ2.
> To: <sip:1005 at 10.101.141.197>;tag=jQHDQ1rKDSeZK.
> Call-ID: cuBHcAursf.
> CSeq: 36 REGISTER.
> Contact: <sip:1005 at 192.168.210.9:2556;transport=tcp>;expires=3600.
> Date: Fri, 14 Aug 2015 06:50:46 GMT.
> User-Agent:
> FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
> Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER,
> REFER, NOTIFY, PUBLISH, SUBSCRIBE.
> Supported: timer, path, replaces.
> Content-Length: 0.
> .
>
> #^Cexit
> 24 received, 0 dropped
>
> 2015-08-13 17:40 GMT+03:00 Jurijs Ivolga <jurij.ivo at gmail.com>:
>
>> Hi,
>>
>> Maybe you can let me know how I can turn on SRTP using default config?
>>
>> I have following lines in default conf/dialplan/default.xml:
>>
>> <condition field="${rtp_has_crypto}" expression="^($${rtp_sdes_suites})$"
>> break="never">
>> <action application="set" data="rtp_secure_media=true"/>
>> <!-- Offer SRTP on outbound legs if we have it on inbound. -->
>> <!-- <action application="export" data="rtp_secure_media=true"/>
>> -->
>> </condition>
>>
>> <!--
>> Since we have inbound-late-negotation on by default now the
>> above behavior isn't the same so you have to do one extra step.
>> -->
>> <condition field="${endpoint_disposition}" expression="^(DELAYED
>> NEGOTIATION)"/>
>> <condition field="${switch_r_sdp}"
>> expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)"
>> break="never">
>> <action application="set" data="rtp_secure_media=true"/>
>> <!-- Offer SRTP on outbound legs if we have it on inbound. -->
>> <!-- <action application="export" data="rtp_secure_media=true"/>
>> -->
>> </condition>
>>
>> If I change them to:
>>
>> <condition field="${rtp_has_crypto}" expression="^($${rtp_sdes_suites})$"
>> break="never">
>> <action application="set" data="rtp_secure_media=true"/>
>> <!-- Offer SRTP on outbound legs if we have it on inbound. -->
>> <action application="export" data="rtp_secure_media=true"/>
>> </condition>
>>
>> <!--
>> Since we have inbound-late-negotation on by default now the
>> above behavior isn't the same so you have to do one extra step.
>> -->
>> <condition field="${endpoint_disposition}" expression="^(DELAYED
>> NEGOTIATION)"/>
>> <condition field="${switch_r_sdp}"
>> expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)"
>> break="never">
>> <action application="set" data="rtp_secure_media=true"/>
>> <!-- Offer SRTP on outbound legs if we have it on inbound. -->
>> <action application="export" data="rtp_secure_media=true"/>
>> </condition>
>>
>> Then when I make a call there is issue with cipher:
>>
>> show channels
>>
>> uuid,direction,created,created_epoch,name,state,cid_name,cid_num,ip_addr,dest,application,application_data,dialplan,context,read_codec,read_rate,read_bit_rate,write_codec,write_rate,write_bit_rate,secure,hostname,presence_id,presence_data,callstate,callee_name,callee_num,callee_direction,call_uuid,sent_callee_name,sent_callee_num,initial_cid_name,initial_cid_num,initial_ip_addr,initial_dest,initial_dialplan,initial_context
>> 81a423fc-41c8-11e5-ac4e-1b8671775759,inbound,2015-08-13
>> 10:35:13,1439476513,sofia/internal/1001 at myserverip
>> ,CS_EXECUTE,1001,1001,mylocalip,1000,bridge,user/1000 at myserverip
>> ,XML,default,opus,48000,0,opus,48000,0,srtp:sdes:
>> *AES_CM_128_HMAC_SHA1_80*,Freeswitch1Dev,1001 at myserverip,,ACTIVE,Outbound
>> Call,1000,SEND,81a423fc-41c8-11e5-ac4e-1b8671775759,Outbound
>> Call,1000,1001,1001,mylocalip,1000,XML,default
>> 81cbe932-41c8-11e5-ac73-1b8671775759,outbound,2015-08-13
>> 10:35:13,1439476513,sofia/internal/1000 at mylocalip:39626,CS_EXCHANGE_MEDIA,Extension
>> 1001,1001,mylocalip,1000,,,XML,default,opus,48000,0,opus,48000,0,srtp:sdes:
>> *AES_CM_256_HMAC_SHA1_80*,Freeswitch1Dev,1000 at myserverip,,ACTIVE,Outbound
>> Call,1000,SEND,81a423fc-41c8-11e5-ac4e-1b8671775759,Extension
>> 1001,1001,Extension 1001,1001,mylocalip,1000,XML,default
>>
>>
>> As you can see for inbound call is used AES_CM_128_HMAC_SHA1_80 cipher
>> and for outbound is used AES_CM_256_HMAC_SHA1_80.
>>
>> Any ideas?
>>
>> With kind regards,
>>
>> Jurijs
>>
>>
>> 2015-08-13 17:26 GMT+03:00 Michael Jerris <mike at jerris.com>:
>>
>>> You will have to look at the full negotiation of that leg and a debug
>>> log to see what's going on.
>>>
>>> On Thursday, August 13, 2015, Jurijs Ivolga <jurij.ivo at gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I'm struggling with quite simple issue. I need to enable SRTP on
>>>> outbound leg. Call hits Freeswitch as SRTP but it leaves as regular RTP. I
>>>> do not use TLS and I don't need it(yes, I know that SRTP keys are sent as
>>>> plain text in this case).
>>>>
>>>> I tried to add following code to my dialplan, but it do not helps:
>>>>
>>>> <condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never">
>>>> <action application="set" data="sip_secure_media=true"/>
>>>> <action application="export" data="sip_secure_media=true"/>
>>>> </condition>
>>>>
>>>> I tried to add to vars.xml following line too:
>>>>
>>>> <X-PRE-PROCESS cmd="set" data="rtp_secure_media_inbound=mandatory"/>
>>>>
>>>> But still without success.
>>>>
>>>> Maybe somebody can give me a hint?
>>>>
>>>> Thank you!
>>>>
>>>> With kind regards,
>>>>
>>>> Jurijs
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150814/355d2ccd/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list