[Freeswitch-users] TLS stops when a call is enabled
Piotr Gregor
piotr at dataandsignal.com
Tue Sep 27 08:09:56 UTC 2022
Hi Aina,
Check if TLS is enabled on your profile with
sofia status profile x
Also, you may find something in log, possibly some errors on profile start.
best,
Piotr Gregor
Software Engineer
M: (+44) 07483 866 525 L: (+44) 01256 597 470 www: dataandsignal.com
On Tue, Sep 27, 2022 at 8:01 AM Aina Mestre <aina.mestre at airenetworks.es>
wrote:
> Good morning,
>
>
>
> I have just corrected what you comment, but that didn’t solve my problem.
> My problem is that the SIP protocol is not encrypted so even if the RTP is
> encrypted, you can see all INVITE information on wireshark. I tryed to
> solve it adding in the dialplan
>
> <action application="bridge"
> data="{${t38}}${mydialbridge};transport=tls"/>)
>
>
>
> But the result I get is an error that says “TLS not supported by profile”
>
>
>
> Thank you in advance
>
>
>
> *De:* FreeSWITCH-users <freeswitch-users-bounces at lists.freeswitch.org> *En
> nombre de *Brian West
> *Enviado el:* lunes, 26 de septiembre de 2022 17:33
> *Para:* FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
> *CC:* Pablo Pizarro <pablo.pizarro at airenetworks.es>
> *Asunto:* Re: [Freeswitch-users] TLS stops when a call is enabled
>
>
>
> Este e-mail fue originado fuera de Aire Networks. Ayúdanos a mantener
> segura nuestra empresa. Por favor, extrema las medidas de seguridad con los
> adjuntos, los enlaces o las solicitudes que pueda contener.
>
>
>
> This is a variable:
>
> <param name='rtp_secure_media' value='mandatory:
> AES_CM_128_HMAC_SHA1_80'/>
>
>
>
> NOT A PARAM.
>
>
>
> /b
>
>
>
>
>
> On Mon, Sep 26, 2022 at 9:09 AM Aina Mestre <aina.mestre at airenetworks.es>
> wrote:
>
> Good morning,
>
>
>
> I’m trying to configure SRTP with TLS on Freeswitch. I already have SRTP,
> and I can establish a conversation with TLS, but when I make a call, it
> says “encrypted alert” and the TLS conversation stops sending the INVITE in
> TCP. I have been looking for some solutions and it states that the problema
> may be that the certificate is not properly configured or that TLS is not
> properly configured. It is imposible that the certificate has any problems
> because I currently get TLS untill the call starts.
>
>
>
> Here it is the configuration on my profile:
>
>
>
>
>
> <param name='rtp_secure_media' value='mandatory:
> AES_CM_128_HMAC_SHA1_80'/>
>
> <param name='bind-params" value="tls"/>
>
> <param name='tls-version' value='tlsv1'/>
>
> <param name='register-transport' value='tls'/>
>
> <param name="register" value="false"/>
>
> <param name="transport" value="tls"/>
>
> <param name="tls" value="$${internal_ssl_enable}"/>
>
> <param name="tls-only" value="true"/>
>
> <param name="tls-bind-params" value="transport=tls"/>
>
> <param name="tls-sip-port" value="$${internal_tls_port}"/>
>
> <param name="tls-cert-dir" value="/usr/local/freeswitch/conf"/>
>
> <param name="tls-verify-date" value="true"/>
>
> <param name="tls-verify-policy" value="none"/>
>
> <param name="tls-version" value="$${sip_tls_version}"/>
>
> <param name="tls-ciphers" value="$${sip_tls_ciphers}"/>
>
> <param name="contact-params" value="tport=tls"/>
>
> <param name="ws-binding" value="XX.XX.XX.XX:5061"/>
>
>
>
> Also, I would like to make another observation: when I configure the
> bridge has transport=TLS ( <action application="bridge"
> data="{${t38}}${mydialbridge};transport=tls"/>) in the dialplan, the debug
> says “TLS not supported by profile”
>
>
>
> Thank you for taking the time to deal with my queries
>
>
>
> Kind regards.
>
>
>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
>
>
>
>
> --
>
>
>
> Brian West | Co-founder and Developer
>
> Need Commercial support? email sales at freeswitch.com
>
> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>
> Email: brian at freeswitch.com
>
> Mobile: 918-424-9378
>
> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>
> [image: https://www.facebook.com/signalwireinc?src=email]
> <https://www.facebook.com/freeswitch>[image:
> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN
> services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time
> https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20220927/f967da85/attachment.html>
More information about the FreeSWITCH-users
mailing list