[Freeswitch-users] Issue connecting to FS with SRTP

Michael Jerris mike at jerris.com
Wed Aug 17 21:51:31 MSD 2016 

Thats the old one.  The one to look at that adds these is:

https://tools.ietf.org/html/rfc5764#section-8 <https://tools.ietf.org/html/rfc5764#section-8>

its in master now supporting SAVP as well.


> On Aug 17, 2016, at 1:44 PM, Sergey Safarov <s.safarov at gmail.com> wrote:
> 
> Look at rfc4566, section-5.14 <https://tools.ietf.org/html/rfc4566#section-5.14> 
> 
> ср, 17 авг. 2016 г. в 17:37, Oleg Stolyar <olegstolyar at gmail.com <mailto:olegstolyar at gmail.com>>:
> Is there some RFC or some other authoritative source that would say whether "UDP/TLS/RTP/SAVP" or "RTP/SAVP" is the correct value for DLTS-SRTP for NON-WebRTC connections?  
> 
> If the former, then I'll file a Jira in FS.  If the latter, I'll work with the SDK developers to fix.
> 
> On Wed, Aug 17, 2016 at 7:18 AM, Sergey Safarov <s.safarov at gmail.com <mailto:s.safarov at gmail.com>> wrote:
> Correct way to fix on client side but if it is not possible then SDP rewrite can be made on server side.
> For SRD rewrite on server side i recoment use kamailio proxy server.
> 
> About DTLS. I has found that use DTLS requres modern crypro lib. Try FreeSwitch on fedora server distr or other with modern crypto lib.
> 
> Sergey.
> 
> ср, 17 авг. 2016 г. в 13:23, Oleg Stolyar <olegstolyar at gmail.com <mailto:olegstolyar at gmail.com>>:
> I think you are right Sergey.  Should it be fixed on the FS side or on the client SDK side though?  Which is the right value?
> 
> By the way, the SDK can do either dtls or sdes.  This issue happens with dtls.  Sdes works fine and I can establish a call.
> 
> 
> On Aug 16, 2016 10:14 PM, "Sergey Safarov" <s.safarov at gmail.com <mailto:s.safarov at gmail.com>> wrote:
> Think issue related to "m=audio 61434 UDP/TLS/RTP/SAVP"
> Try "m=audio 61434 RTP/SAVP"
> 
> ср, 17 авг. 2016 г. в 5:35, Oleg Stolyar <olegstolyar at gmail.com <mailto:olegstolyar at gmail.com>>:
> Thanks Gonzalo,
> 
> That setup on the FS side refers to TLS and as I said TLS is working for me, I have it set up.  
> 
> SRTP should work out of the box AFAIK.  I suspect there is something in the SDP I posted that FS considers to be non-compliant with the specs.  Not sure what though and whether it's a bug in FS or in the client SDK I am using.
> 
> On Tue, Aug 16, 2016 at 7:22 PM, Gonzalo Gasca Meza <gascagonzalo at gmail.com <mailto:gascagonzalo at gmail.com>> wrote:
> Did you enable/configure SRTP? This <http://twilio-marketing-prod.elasticbeanstalk.com/resources/images/docs/TwilioSecure-Freeswitch.pdf> is a sample guide I use for Twilio TLS/SRTP which can help
> Can you post all logs?
> 
> 
> On Tue, Aug 16, 2016 at 6:10 PM, Oleg Stolyar <olegstolyar at gmail.com <mailto:olegstolyar at gmail.com>> wrote:
> Hi guys,
> 
> I am trying to connect to FS using the CounterPath SDK for Android.  I use TLS for signalling.  All works well until I try to enable SRTP.  Then FS rejects the call the INCOMPATIBLE_DESTINATION message.  Is there something wrong with the SDP?  Here are the relevant SDPs from the INVITES.
> 
> NON-SRTP (works)
>    v=0
>    o=- 622419737965 1 IN IP4 192.168.1.78
>    s=
>    c=IN IP4 192.168.1.78
>    t=0 0
>    m=audio 57194 RTP/AVP 3 120 123 122 121 9 8 0 84 85 18 101
>    a=rtpmap:120 opus/48000/2
>    a=fmtp:120 useinbandfec=1; usedtx=1; maxaveragebitrate=64000
>    a=rtpmap:123 SILK/24000
>    a=rtpmap:122 SILK/16000
>    a=rtpmap:121 SILK/8000
>    a=rtpmap:84 speex/16000
>    a=rtpmap:85 speex/8000
>    a=rtpmap:18 G729/8000
>    a=fmtp:18 annexb=yes
>    a=rtpmap:101 telephone-event/8000
>    a=fmtp:101 0-15
>    a=sendrecv
> 
> SRTP (does not work)
>    v=0
>    o=- 622187157154 1 IN IP4 192.168.1.78
>    s=
>    c=IN IP4 192.168.1.78
>    t=0 0
>    a=fingerprint:SHA-256 4D:08:D6:49:9E:CA:77:A2:77:74:02:A0:B9:92:32:2F:2D:76:7D:59:7F:A4:CA:85:16:BA:D0:27:0A:74:1C:0F
>    a=setup:actpass
>    m=audio 61434 UDP/TLS/RTP/SAVP 3 120 123 122 121 9 8 0 84 85 18 101
>    a=rtpmap:120 opus/48000/2
>    a=fmtp:120 useinbandfec=1; usedtx=1; maxaveragebitrate=64000
>    a=rtpmap:123 SILK/24000
>    a=rtpmap:122 SILK/16000
>    a=rtpmap:121 SILK/8000
>    a=rtpmap:84 speex/16000
>    a=rtpmap:85 speex/8000
>    a=rtpmap:18 G729/8000
>    a=fmtp:18 annexb=yes
>    a=rtpmap:101 telephone-event/8000
>    a=fmtp:101 0-15
>    a=sendrecv
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160817/111f6b57/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list