[Freeswitch-users] TLS stops when a call is enabled

Aina Mestre aina.mestre at airenetworks.es
Tue Sep 27 08:59:57 UTC 2022 

I already checked that and i have TLS on profile:

[cid:image002.png at 01D8D260.471F8110]

And when i initialize the profile I don’t get any error, only when i make a call


De: FreeSWITCH-users <freeswitch-users-bounces at lists.freeswitch.org> En nombre de Piotr Gregor
Enviado el: martes, 27 de septiembre de 2022 10:10
Para: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
CC: Pablo Pizarro <pablo.pizarro at airenetworks.es>
Asunto: Re: [Freeswitch-users] TLS stops when a call is enabled

Este e-mail fue originado fuera de Aire Networks. Ayúdanos a mantener segura nuestra empresa. Por favor, extrema las medidas de seguridad con los adjuntos, los enlaces o las solicitudes que pueda contener.

Hi Aina,

Check if TLS is enabled on your profile with
sofia status profile x
Also, you may find something in log, possibly some errors on profile start.

best,


[https://ci3.googleusercontent.com/mail-sig/AIorK4wE8rSMg277YOGBrgEQayYWXH2G53bMgBu7uf-k-vU6x5SD1T6YWorVfbkDegPbnXcFyHwBODg]

Piotr Gregor
Software Engineer

M: (+44) 07483 866 525     L: (+44) 01256 597 470     www: dataandsignal.com<http://dataandsignal.com>





On Tue, Sep 27, 2022 at 8:01 AM Aina Mestre <aina.mestre at airenetworks.es<mailto:aina.mestre at airenetworks.es>> wrote:
Good morning,

I have just corrected what you comment, but that didn’t solve my problem. My problem is that the SIP protocol is not encrypted so even if the RTP is encrypted, you can see all INVITE information on wireshark. I tryed to solve it adding in the dialplan
<action application="bridge" data="{${t38}}${mydialbridge};transport=tls"/>)

But the result I get is an error that says “TLS not supported by profile”

Thank you in advance

De: FreeSWITCH-users <freeswitch-users-bounces at lists.freeswitch.org<mailto:freeswitch-users-bounces at lists.freeswitch.org>> En nombre de Brian West
Enviado el: lunes, 26 de septiembre de 2022 17:33
Para: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org<mailto:freeswitch-users at lists.freeswitch.org>>
CC: Pablo Pizarro <pablo.pizarro at airenetworks.es<mailto:pablo.pizarro at airenetworks.es>>
Asunto: Re: [Freeswitch-users] TLS stops when a call is enabled

Este e-mail fue originado fuera de Aire Networks. Ayúdanos a mantener segura nuestra empresa. Por favor, extrema las medidas de seguridad con los adjuntos, los enlaces o las solicitudes que pueda contener.

This is a variable:
 <param name='rtp_secure_media' value='mandatory: AES_CM_128_HMAC_SHA1_80'/>

NOT A PARAM.

/b


On Mon, Sep 26, 2022 at 9:09 AM Aina Mestre <aina.mestre at airenetworks.es<mailto:aina.mestre at airenetworks.es>> wrote:
Good morning,

I’m trying to configure SRTP with TLS on Freeswitch. I already have SRTP, and I can establish a conversation with TLS, but when I make a call, it says “encrypted alert” and the TLS conversation stops sending the INVITE in TCP. I have been looking for some solutions and it states that the problema may be that the certificate is not properly configured or that TLS is not properly configured. It is imposible that the certificate has any problems because I currently get TLS untill the call starts.

Here it is the configuration on my profile:


        <param name='rtp_secure_media' value='mandatory: AES_CM_128_HMAC_SHA1_80'/>
        <param name='bind-params" value="tls"/>
        <param name='tls-version' value='tlsv1'/>
        <param name='register-transport' value='tls'/>
        <param name="register" value="false"/>
        <param name="transport" value="tls"/>
        <param name="tls" value="$${internal_ssl_enable}"/>
        <param name="tls-only" value="true"/>
        <param name="tls-bind-params" value="transport=tls"/>
        <param name="tls-sip-port" value="$${internal_tls_port}"/>
        <param name="tls-cert-dir" value="/usr/local/freeswitch/conf"/>
        <param name="tls-verify-date" value="true"/>
        <param name="tls-verify-policy" value="none"/>
        <param name="tls-version" value="$${sip_tls_version}"/>
        <param name="tls-ciphers" value="$${sip_tls_ciphers}"/>
        <param name="contact-params" value="tport=tls"/>
        <param name="ws-binding" value="XX.XX.XX.XX:5061"/>

Also, I would like to make another observation: when I configure the bridge has transport=TLS ( <action application="bridge" data="{${t38}}${mydialbridge};transport=tls"/>) in the dialplan, the debug says “TLS not supported by profile”

Thank you for taking the time to deal with my queries

Kind regards.

_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales at freeswitch.com<mailto:sales at freeswitch.com>
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com


--


Brian West | Co-founder and Developer

Need Commercial support? email sales at freeswitch.com<mailto:sales at freeswitch.com>

FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045<https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>

Email: brian at freeswitch.com<mailto:brian at freeswitch.com>

Mobile: 918-424-9378

Website: https://www.FreeSWITCH.com<https://www.freeswitch.com/>

[https://www.facebook.com/signalwireinc?src=email]<https://www.facebook.com/freeswitch>[https://twitter.com/freeswitch]<https://twitter.com/freeswitch>
_________________________________________________________________________

The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.

Join our online community to chat in real time https://signalwire.community

Professional FreeSWITCH Services
sales at freeswitch.com<mailto:sales at freeswitch.com>
https://freeswitch.com

Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org<mailto:FreeSWITCH-users at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20220927/1e5727ff/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 38142 bytes
Desc: image002.png
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20220927/1e5727ff/attachment-0001.png>

More information about the FreeSWITCH-users mailing list