<div dir="ltr">Not sure if this is your issue, but depending on what version of FS you are running, sip_secure_media has been replaced with rtp_secure_media.  Try exporting that instead and see if it works.</div><div class="gmail_extra">

<br><br><div class="gmail_quote">On Mon, Jul 1, 2013 at 5:04 AM, Peter Waldheim <span dir="ltr">&lt;<a href="mailto:struwwelp@gmail.com" target="_blank">struwwelp@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div dir="ltr">I&#39;m still struggling with this and cleaned up the whole configuration.<div><br><div>The only SRTP-related setting now is the </div><div>&lt;action application=&#39;export&#39; data=&#39;nolocal:sip_secure_media=true&#39;/&gt;<br>


</div><div>before the bridging.</div><div><br></div><div>The info app seems to reflect that by </div><div><div>2013-07-01 10:40:49.640784 [DEBUG] switch_channel.c:1176 FreeTDM/1:1/21 EXPORTING[export_vars][sip_secure_media]=[true] to event</div>


<div><br></div><div>(Could anybody please confirm if this is the right place to look and this should trigger a secure b-leg?)</div><div><br></div><div>But the &quot;Local SDP&quot; still has no crypto or savp in it - like in the original post. (It should show up here, right?)</div>


<div><br></div><div>And eventually the connection gets denied by the client, which would only allow srtp connections.</div><div><br></div><div>Does anybody have an idea, what could prevent the secure  b-leg (if my assumptions are correct it seems I get a non-secure sdp despite having sip_secure_media set to true)?</div>


<div><br></div><div>Thanks and regards</div><div>Peter</div></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/6/28 Peter Waldheim <span dir="ltr">&lt;<a href="mailto:struwwelp@gmail.com" target="_blank">struwwelp@gmail.com</a>&gt;</span><br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks Daniel but I know and am already doing that. Would the debug output about &quot;EXPORTING[export_vars]... to event&quot; not confirm that working, or am I mistaken?</div>


<div><div><div class="gmail_extra"><br><br>
<div class="gmail_quote">2013/6/28 Daniel Ivanov <span dir="ltr">&lt;<a href="mailto:sertys@gmail.com" target="_blank">sertys@gmail.com</a>&gt;</span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">



<p dir="ltr">Well you have to export the variables instead of setting them to apply to b-leg.<br>
Like<br>
&lt;action application=&#39;export&#39; data=&#39;nolocal:sip_secure_media=true&#39;/&gt;</p>
<div class="gmail_quote"><div><div>On Jun 28, 2013 10:51 AM, &quot;Peter Waldheim&quot; &lt;<a href="mailto:struwwelp@gmail.com" target="_blank">struwwelp@gmail.com</a>&gt; wrote:<br type="attribution"></div></div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>
<div dir="ltr">Hi,<div><br></div><div>I&#39;m trying to secure (SRTP) the b-leg for a call coming in via pstn (pri/freetdm).</div><div>For this I&#39;m setting sip_secure_media and also trying sdp_secure_savp_only, but it seems freeswitch does not offer SAVP to my client (which in turn will refuse). SIP-to-SIP this works fine.</div>





<div><br></div><div>Here the the portion of the log where I would have expected to see SAVP in the sdp:</div><div><br></div><div><div>EXECUTE FreeTDM/1:5/21 bridge(sofia/external5090/21%10.1.1.12)</div>
<div>2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21 EXPORTING[export_vars] [sip_secure_media]=[true] to event</div><div>2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21 EXPORTING[export_vars] [dialed_extension]=[21] to event</div>





<div>2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21 EXPORTING[export_vars] [sip_secure_media]=[true] to event</div><div>2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21 EXPORTING[export_vars] [sdp_secure_savp_only]=[true] to event</div>





<div>2013-06-28 09:20:10.800816 [DEBUG] switch_ivr_originate.c:2050 Parsing global variables</div><div>2013-06-28 09:20:10.800816 [NOTICE] switch_channel.c:1030 New Channel sofia/external5090/21 [2b0bff7e-dfc3-11e2-b111-c96542f7174a]</div>





<div>2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:4420 (sofia/external5090/21) State Change CS_NEW -&gt; CS_INIT</div><div>2013-06-28 09:20:10.800816 [DEBUG] switch_core_session.c:1341 Send signal sofia/external5090/21 [BREAK]</div>





<div>2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:416 (sofia/external5090/21) Running State Change CS_INIT</div><div>2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:455 (sofia/external5090/21) State INIT</div>





<div>2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:87 sofia/external5090/21 SOFIA INIT</div><div>2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1191 sip:21@client.ip.is.secret:49915;rinstance=e177370cb4131e9f;transport=tls Setting proxy route to sofia/external5090/21</div>





<div>2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1220 Local SDP:</div><div>v=0</div><div>o=FreeSWITCH 1372384350 1372384351 IN IP4 my.ip.is.secret</div><div>s=FreeSWITCH</div><div>c=IN IP4 my.ip.is.secret</div><div>t=0 0</div>





<div>m=audio 19660 RTP/AVP 8 3 101 13</div><div>a=rtpmap:101 telephone-event/8000</div><div>a=fmtp:101 0-16</div><div>a=ptime:20</div><div>a=sendrecv</div><div>m=video 20590 RTP/AVP 34 98</div><div>a=rtpmap:34 H263/90000</div>





<div>a=rtpmap:98 H264/90000</div><div><br></div><div>Any help with this would be greatly appreciated.</div><div><br></div><div>Regards</div><div>Peter</div></div></div>
<br></div></div><div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></div></blockquote></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>