[Freeswitch-users] Linphone + Freeswitch + SRTP

Jurijs Ivolga jurij.ivo at gmail.com
Thu Nov 5 10:49:05 MSK 2015


Hi,

Thank you for your help!

I changed transport to TCP and updated vars.xml with one line:

<X-PRE-PROCESS cmd="set"
data="rtp_secure_media_outbound=mandatory:AES_CM_128_HMAC_SHA1_80"/>

after "<X-PRE-PROCESS cmd="set" data="rtp_sdes_suites=AEAD_AES_256..." line

And call worked.

It is quite strange that if I put just
"rtp_secure_media_outbound=mandatory" Linphone on B leg choose different
cipher from Linphone in A leg an in this case I can hear only silence. Any
hints?

Thank you!

2015-11-04 17:48 GMT+02:00 Ken Rice <krice at freeswitch.org>:

> I’ll bet you are doing SIP over UDP instead of SIP/TLS. This will affect
> you in multiple ways
>
>
>
> 1)      Without SIP/TLS your STRP keys are passed around in the clear so
> you might as well not even be doing SRTP
>
> 2)      Without SIP/TLS (or SIP over TCP atleast) your invites are
> exceeding MTU and being truncated. This is most likely why step 5 is failing
>
>
>
> *From:* freeswitch-users-bounces at lists.freeswitch.org [mailto:
> freeswitch-users-bounces at lists.freeswitch.org] *On Behalf Of *Jurijs
> Ivolga
> *Sent:* Wednesday, November 4, 2015 8:06 AM
> *To:* FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> *Subject:* [Freeswitch-users] Linphone + Freeswitch + SRTP
>
>
>
> Hi,
>
> First of all I'm sorry if this not a really good place to ask, but I
> spotted very strange behavior using Linphone and Freeswitch.
>
> I'm not sure that this is 100% Freeswitch bug, but maybe you point me to
> proper direction.
>
> Test environment:
>
> Linphone =SRTP==> Freeswitch =SRTP==> 2nd Linphone
>
>
>
> Linphone & 2nd Linphone located behind NAT in same private network.
>
>
>
> 1) This invite is sent from Linphone to Freeswitch:
>
> I left only SDP part where all ciphers are listed(same I did for all other
> sip packages)
>
>
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:2QEye591aHIqRwdLODMrr8ieQBBHl5WdIizE0NH2.
> a=crypto:2 AES_CM_128_HMAC_SHA1_32
> inline:d6K8m+tGEMvkEbRm5Zzy6KQkrlwS78l7wGufgx8S.
> a=crypto:3 AES_CM_256_HMAC_SHA1_80
> inline:PMvGinW3fpIejXOWDskUNWUhBX1KRlhrPkbrP0Nv4L/+My1V7w2r/ALSyLhkPg==.
> a=crypto:4 AES_CM_256_HMAC_SHA1_32
> inline:ZsdwMe0D+RauGydaQ90qG7pfOvdW6m9cxjbBhJ5AUaNSTecse9Sk3lRzlgZuSA==.
>
> 2) Trying from Freeswitch
>
>
>
> 3) Freeswitch replies Proxy Authentication Required
>
> 4) ACK from Linphone
>
>
>
> 5) Linphone sends one more invite to Freeswitch:
>
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
> inline:2QEye591aHIqRwdLODMrr8ieQBBHl5WdIizE0NH2.
> a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:d6K8m+tGEMvkEbRm5Zzy6KQkrlwS
>
> *As we can see this is something very strange, cause Linphone first invite
> send 4 ciphers, but now it sends only 2 and it looks like that second one
> is missing something.*
>
> 6) Trying from freeswitch
>
> 7) Invite sent from Freeswitch to 2nd Linphone
>
> a=crypto:1 AEAD_AES_256_GCM_8
> inline:jotCMStRYMvwWT18wMqmgwAu6mVBKaIkENGh8HLF0UYFEcwGnoQpM0m4juU.
> a=crypto:2 AEAD_AES_128_G
>
> And as we can see in Invite from Freeswitch to 2nd Linphone ciphers are
> completely different from what Linphone sent in second Invite. I think this
> is not 100% Linphone bug. What you think?
>
> Full sip trace you can find in attachemnt, additionnally I will rase same
> issue on Linphone side.
>
> With kind regards,
>
> Jurijs
>
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151105/f611d606/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list