<div dir="ltr">Try using rtp_secure_media=true instead of sip_secure_media. If you are trying to set it on the b-leg, you probably want to use export instead of set, or use nolocal:rtp_secure_media.<div><br></div><div>Hope that helps.</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Aug 12, 2013 at 10:26 PM, Peter <span dir="ltr"><<a href="mailto:eidevm5@gmail.com" target="_blank">eidevm5@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><div><div><div><div><div><div><div><div><div><div><div><div>In my environment, I have the following (simplified) setup:<br><br></div>FS1 ---- FS SBC --- FS2<br><br></div>Phones registered to FS1 (100x) use TLS/SRTP and phones registered to FS2 (200x) use SIP/RTP <br>
<br></div>FS1 has inbound-bypass-media set to true to allow SRTP peer to peer and direct to the SBC.<br><br></div>If I make an inbound call (eg: 1000 to 2000), SRTP is correctly established between the phone and SBC with RTP on the other side of the SBC to the internal phone.<br>
<br></div>However, when I try it the other way, I can't get SRTP established from the SBC to the external phone.<br><br></div>I've been using <a href="https://wiki.freeswitch.org/wiki/Secure_RTP" target="_blank">https://wiki.freeswitch.org/wiki/Secure_RTP</a> as a guide.<br>
<br></div>I've even tried explicitly setting sip_secure_media to true on the SBC and FS1.<br><br></div>The dialplan on the SBC has:<br><br> <extension name="outgoing"><br> <condition field="destination_number" expression="^(10[0-9][0-9])$"><br>
<action application="set" data="sip_secure_media=true"/><br> <action application="bridge" data="sofia/external/${<a href="mailto:destination_number%7D@10.1.1.204" target="_blank">destination_number}@10.1.1.204</a>"/><br>
</condition><br> </extension><br><br><br></div>And on FS1, the dialplan has:<br><br> <extension name="Local-Numbers"><br> <condition field="destination_number" expression="^(10[01][0-9])$"><br>
<action application="export" data="dialed_extension=$1"/><br> <action application="set" data="sip_secure_media=true"/><br> <action application="bridge" data="user/${dialed_extension}@${domain_name}"/><br>
</condition><br> </extension><br><br><br></div>Note that I've been testing this against two phones with SRTP enabled, but only one that is using TLS. I get the same result calling each phone.<br>
<br></div>On a related point, what it the step required for a TLS connection from the SBC to the phone? I'm assume the phone just needs the CA cert from the SBC. Correct?<br><br></div>Any information as to where I'm going wrong will be gratefully accepted.<br>
<br></div>Thanks<span class="HOEnZb"><font color="#888888"><br><br>Peter<br> <br></font></span></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>