[Freeswitch-users] Linphone + Freeswitch + SRTP
Ken Rice
krice at freeswitch.org
Wed Nov 4 18:48:26 MSK 2015
I’ll bet you are doing SIP over UDP instead of SIP/TLS. This will affect you in multiple ways
1) Without SIP/TLS your STRP keys are passed around in the clear so you might as well not even be doing SRTP
2) Without SIP/TLS (or SIP over TCP atleast) your invites are exceeding MTU and being truncated. This is most likely why step 5 is failing
From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of Jurijs Ivolga
Sent: Wednesday, November 4, 2015 8:06 AM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: [Freeswitch-users] Linphone + Freeswitch + SRTP
Hi,
First of all I'm sorry if this not a really good place to ask, but I spotted very strange behavior using Linphone and Freeswitch.
I'm not sure that this is 100% Freeswitch bug, but maybe you point me to proper direction.
Test environment:
Linphone =SRTP==> Freeswitch =SRTP==> 2nd Linphone
Linphone & 2nd Linphone located behind NAT in same private network.
1) This invite is sent from Linphone to Freeswitch:
I left only SDP part where all ciphers are listed(same I did for all other sip packages)
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:2QEye591aHIqRwdLODMrr8ieQBBHl5WdIizE0NH2.
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:d6K8m+tGEMvkEbRm5Zzy6KQkrlwS78l7wGufgx8S.
a=crypto:3 AES_CM_256_HMAC_SHA1_80 inline:PMvGinW3fpIejXOWDskUNWUhBX1KRlhrPkbrP0Nv4L/+My1V7w2r/ALSyLhkPg==.
a=crypto:4 AES_CM_256_HMAC_SHA1_32 inline:ZsdwMe0D+RauGydaQ90qG7pfOvdW6m9cxjbBhJ5AUaNSTecse9Sk3lRzlgZuSA==.
2) Trying from Freeswitch
3) Freeswitch replies Proxy Authentication Required
4) ACK from Linphone
5) Linphone sends one more invite to Freeswitch:
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:2QEye591aHIqRwdLODMrr8ieQBBHl5WdIizE0NH2.
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:d6K8m+tGEMvkEbRm5Zzy6KQkrlwS
As we can see this is something very strange, cause Linphone first invite send 4 ciphers, but now it sends only 2 and it looks like that second one is missing something.
6) Trying from freeswitch
7) Invite sent from Freeswitch to 2nd Linphone
a=crypto:1 AEAD_AES_256_GCM_8 inline:jotCMStRYMvwWT18wMqmgwAu6mVBKaIkENGh8HLF0UYFEcwGnoQpM0m4juU.
a=crypto:2 AEAD_AES_128_G
And as we can see in Invite from Freeswitch to 2nd Linphone ciphers are completely different from what Linphone sent in second Invite. I think this is not 100% Linphone bug. What you think?
Full sip trace you can find in attachemnt, additionnally I will rase same issue on Linphone side.
With kind regards,
Jurijs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151104/452c8bb5/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list