[Freeswitch-users] Freeswitch initiate outbound call using SIPs + SRTP error (SRTP unprotect )

Chhorm Chhatra ch.chhatra at gmail.com
Mon Jul 9 07:20:42 UTC 2018


Hello,

Currently, I faced a problem regarding SRTP outbound call to user (Leg B).

The scenario is like this,

   - We set up our own root CA to an IP address (e.g 192.168.0.13)
   - We create a server certificate for freeswitch at 192.168.0.13
   - Linphone is used as SIP client and is configured to trust our root CA
   by default.
   - Linphone A is configured to register to Freeswitch vis TLS + SRTP.
   (One leg call to server has both SIPs and SRTP – completely secure)
   - Linphone B is registered to Freeswitch via TLS + SRTP, and waiting for
   Linphone A to call to.

(One leg call to server, e.g. 9196 (echo test), is completely secure with
SRTP + SIPs)

   - Unfortunately, if A call to B, only A leg has SIPs + SRTP, but Leg B
   is not encrypted with SRTP and SIPs at all. This causes *SRTP unprotect
   failed with code 7 (auth check failed)**.*

+ Dialplan Configuration

<action application="set" data="rtp_secure_media=true"/>

<action application="export" data="rtp_secure_media=true"/>

The dial-string is <action application="bridge"
data="user/${dialed_extension}@${domain_name}"/>

+ Directory Configruation:

<param name="dial-string"
value="{rtp_secure_media=${regex(${sofia_contact(${dialed_user}@
${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@
${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}" />

My question is that, is there any configuration left that I have to set up
in order to let freeswitch initiate an outbound call to Leg B correctly
with SRTP and SIPs (tls)?

Any help would be really appreciated.
Thank you so much.
Best Regard,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180709/13c7eee3/attachment.html>


More information about the FreeSWITCH-users mailing list