[Freeswitch-users] Freeswitch failed to initiate outbound call using SIPs + SRTP (SRTP unprotect )

Chhorm Chhatra ch.chhatra at gmail.com
Fri Sep 28 21:19:31 UTC 2018 

Dear Brain West,
thank you for your response.
I would like to confirm that either using export or set on a leg of
"rtp_secure_media=true" with the following dial-string is not working for
me. One leg call is fine but it does not work for 2-leg call (I could not
hear the sound and the call terminates after
  {rtp_secure_media=${regex(${sofia_contact(${dialed_user}@
${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@
${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}"

On Wed, 1 Aug 2018 at 23:20, Brian West <brian at freeswitch.com> wrote:

> don't us export, set it inside {}, or on use set on a-leg.
>
> /b
>
>
> On Tue, Jul 31, 2018 at 9:23 AM, Chhorm Chhatra <ch.chhatra at gmail.com>
> wrote:
>
>> Hello,
>>
>> Currently, I faced a problem regarding SRTP outbound call to user (Leg B).
>>
>> The scenario is like this,
>>
>>    - We set up our own root CA to an IP address (e.g 192.168.0.13)
>>    - We create a server certificate for freeswitch at 192.168.0.13
>>    - Linphone is used as SIP client and is configured to trust our root
>>    CA by default.
>>    - Linphone A is configured to register to Freeswitch vis TLS + SRTP.
>>    (One leg call to server has both SIPs and SRTP – completely secure)
>>    - Linphone B is registered to Freeswitch via TLS + SRTP, and waiting
>>    for Linphone A to call to.
>>
>> (One leg call to server, e.g. 9196 (echo test), is completely secure with
>> SRTP + SIPs)
>>
>>    - Unfortunately, if A call to B, only A leg has SIPs + SRTP, but Leg
>>    B is not encrypted with SRTP and SIPs at all. This causes *SRTP
>>    unprotect failed with code 7 (auth check failed)**.*
>>
>> + Dialplan Configuration
>>
>> <action application="set" data="rtp_secure_media=true"/>
>>
>> <action application="export" data="rtp_secure_media=true"/>
>>
>> The dial-string is <action application="bridge"
>> data="user/${dialed_extension}@${domain_name}"/>
>>
>> + Directory Configruation:
>>
>> <param name="dial-string"
>> value="{rtp_secure_media=${regex(${sofia_contact(${dialed_user}@
>> ${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@
>> ${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}" />
>>
>> My question is that, is there any configuration left that I have to set
>> up in order to let freeswitch initiate an outbound call to Leg B correctly
>> with SRTP and SIPs (tls)?
>>
>> Any help would be really appreciated.
>> Thank you so much.
>> Best Regard,
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>>
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> https://freeswitch.com
>>
>
>
>
> --
>
> Brian West | Co-founder and Developer
>
> Need Commercial support? email sales at freeswitch.com
>
> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>
> Email: brian at freeswitch.com
>
> Mobile: 918-424-9378
>
> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>
> [image: https://www.facebook.com/signalwireinc?src=email]
> <https://www.facebook.com/freeswitch> [image:
> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
> _________________________________________________________________________
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180929/93af52c3/attachment-0001.html>

More information about the FreeSWITCH-users mailing list