[Freeswitch-users] TLS/SRTP on selected destinations
Brian West
brian at freeswitch.org
Mon Feb 23 20:14:16 MSK 2015
Thats only used in the vanilla configs to detect the suites in the SDP.
On Mon, Feb 23, 2015 at 11:06 AM, Victor Medina <victor.medina at cibersys.com>
wrote:
> Hi Brian.
>
> Should I remove
>
> <X-PRE-PROCESS cmd="set"
> data="rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8|AES_CM_256_HMAC_SHA1_80|AES_CM_192_HMAC_SHA1_80|AES_CM_128_HMAC_SHA1_80|AES_CM_256_HMAC_SHA1_32|AES_CM_192_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_32|AES_CM_128_NULL_AUTH"/>
>
>
> from vars.xml?
>
> Thanks!
>
> 2015-02-23 11:28 GMT-04:30 Brian West <brian at freeswitch.org>:
>
> Setting
>>
>> rtp_secure_media=optional:AES_CM_128_HMAC_SHA1_32
>>
>> Should be what you want, it will send both the AVP/SAVP profiles. This
>> is what I have mine set to right now and it will prefer srtp but offer both.
>>
>> On Mon, Feb 23, 2015 at 8:20 AM, Victor Medina <
>> victor.medina at cibersys.com> wrote:
>>
>>> Hi guys!
>>>
>>> I have configured my FS server to support TLS/SRTP... but I am facing
>>> the problem of providing the service only to selected destinations. Calls
>>> fails when calling to endpoints with no tls/srtp, for example a ext
>>> registered in the UDP port. Also fails when an outgoing call is routed to
>>> an external provider with no support.
>>>
>>> Using tls ONLY works just fine if connecting to external or udp only
>>> endpoints, it seems like FS is taking care of signalling from endpoint to
>>> the server and from there is goes as needed to the b-legs.
>>>
>>> When using SRTP however it fails.
>>>
>>> Can I configure FS to support TLS/SRTP to the server and from there
>>> using it as needed? For example:
>>>
>>> A_LEG: TLS/SRTP - > B_LEG: EXT with UDP only
>>> A_LEG: TLS/SRTP -> B_LEG: EXT with TLS/SRTP
>>> A_LEG: TLS/SRTP -> B_LEG: external channel, provider with no TLS/SRTP
>>>
>>> Thanks in advance with any help.
>>>
>>> --
>>>
>>> Víctor E. Medina M.
>>> Software
>>> [image: Zoiper Click2Dial]+58424 291 4561[image: ve]
>>> BB #79A8AFA2 /@VMCibersys
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>>
>> *Brian West*
>> brian at freeswitch.org
>>
>>
>> *Twitter: @FreeSWITCH , @briankwest*
>> http://www.freeswitchbook.com
>> http://www.freeswitchcookbook.com
>>
>> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
>
> Víctor E. Medina M.
> Software
> +58424 291 4561
> BB #79A8AFA2 /@VMCibersys
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
*Brian West*
brian at freeswitch.org
*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com
*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150223/747870b9/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list