I don't have that set however I'm not trying to use SRTP yet. At the moment I'm just trying to use Secure SIP.<br><br>That section of my dial plan is<br><br> <condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never"><br>
<action application="set" data="sip_secure_media=true"/><br> <!-- Offer SRTP on outbound legs if we have it on inbound. --><br> <!-- <action application="export" data="sip_secure_media=true"/> --><br>
</condition><br><br>The TLS part of my internal.xml is now<br><br> <!-- TLS: disabled by default, set to "true" to enable --><br> <param name="tls" value="true"/><br>
<!-- additional bind parameters for TLS --><br> <param name="tls-bind-params" value=""/><br> <!-- Port to listen on for TLS requests. (5061 will be used if unspecified) --><br>
<param name="tls-sip-port" value="$${internal_tls_port}"/><br> <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) --><br> <param name="tls-cert-dir" value="$${internal_ssl_dir}"/><br>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 --><br> <param name="tls-version" value="$${sip_tls_version}"/><br><br><br>I also tried with <br>
<br> <!-- additional bind parameters for TLS --><br>
<param name="tls-bind-params" value="transport=tls"/><br><br><div class="gmail_quote">On Mon, Dec 1, 2008 at 3:47 PM, Peter P GMX <span dir="ltr"><<a href="mailto:Prometheus001@gmx.net">Prometheus001@gmx.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Did you add<br>
<action application="export" data="sip_secure_media=true"/><br>
into youy dialplan before bridging that call. How is your internal.conf,<br>
is TLS enabled there?<br>
<br>
Best regards<br>
Peter<br>
<br>
matrim schrieb:<br>
<div><div></div><div class="Wj3C7c">> Hi,<br>
><br>
> I'm having problems using TLS to receive calls.<br>
><br>
> I'm using a Nokia N95 to test TLS against freeswitch. I can register my<br>
> client against freeswitch and make outbound calls to the test numbers (e.g.<br>
> 9999).<br>
><br>
> I can also make calls to other users registered over UDP.<br>
><br>
> However if I try to make a call to a user registered over TLS the leg of the<br>
> call to that user always goes via UDP.<br>
><br>
> e.g.<br>
><br>
> 1000 registered via TLS<br>
> 1001 registered via TLS<br>
> 1002 registered via UDP<br>
> 1003 registered via UDP<br>
><br>
> 1000 -> 1002 works ok<br>
> 1003 -> 1002 works ok<br>
><br>
> 1001 -> 1000 Doesn't work. The leg of the call between freeswitch and 1000<br>
> tries to setup via UDP<br>
> 1002 -> 1000 Doesn't work. The leg of the call between freeswitch and 1000<br>
> tries to setup via UDP<br>
><br>
> ===<br>
><br>
><br>
>> >From looking at some of the documentation it seems to me that the issue may<br>
>><br>
> be with the "tls-bind-params" being "transport=tls".<br>
><br>
> The phone I'm using doesn't add the "transport=tls" parameter, and only uses<br>
> "sips:" to specify that the connection is via TLS.<br>
><br>
> I tried setting "tls-bind-params" to a blank string but it didn't change<br>
> anything. Is there any way to receive calls over TLS if you don't specify<br>
> "transport=tls" in your contact string during registration?<br>
><br>
> According to RFC3261 the use of the "transport=tls" parameter isn't<br>
> recommended anymore and is now deprecated.<br>
><br>
><br>
><br>
<br>
</div></div><div><div></div><div class="Wj3C7c">_______________________________________________<br>
Freeswitch-users mailing list<br>
<a href="mailto:Freeswitch-users@lists.freeswitch.org">Freeswitch-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br>