<div dir="ltr">that var is now split into <div><br></div><div>rtp_secure_audio_confirmed<br></div><div>rtp_secure_video_confirmed<br></div><div><br></div><div>so in your case, change media to audio.</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Fri, Nov 15, 2013 at 7:44 AM, Privus 007 <span dir="ltr"><<a href="mailto:privus007@gmail.com" target="_blank">privus007@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Ok, so I applied the changes in the dialplan and still there's a crypto problem.<div>I actually decided to put aside my previous diaplan and am testing with the default one provided by master.</div><div>
<br></div><div>Now indeed I see that crypto gets properly detected in the default dialplan, and it gets exported to b leg:</div><div><br></div><div><pre>Dialplan: sofia/external/1010@mydomain Regex (PASS) [global] ${rtp_has_crypto}(AES_CM_128_HMAC_SHA1_80) =~ /^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$/ break=never
Dialplan: sofia/external/1010@mydomain Action set(rtp_secure_media=true)
Dialplan: sofia/external/1010@mydomain Action export(rtp_secure_media=true) </pre><pre><br></pre><pre>But then I see it still doesn't pass the rtp_secure_media_confirmed check.</pre><pre>Dialplan: sofia/external/<span style="font-family:arial">1010@mydomain</span><span style="font-family:arial"> parsing [features->is_secure] continue=true</span><br>
Dialplan: sofia/external/<span style="font-family:arial">1010@mydomain</span><span style="font-family:arial"> Regex (PASS) [is_secure] ${sip_via_protocol}(tls) =~ /tls/ break=on-false</span><br>Dialplan: sofia/external/<span style="font-family:arial">1010@mydomain</span><span style="font-family:arial"> Regex (FAIL) [is_secure] ${rtp_secure_media_confirmed}() =~ /^true$/ break=on-false</span><br>
Dialplan: sofia/external/<span style="font-family:arial">1010@mydomain</span><span style="font-family:arial"> ANTI-Action eval(not_secure) </span><br>2013-11-15 13:33:38.386273 [NOTICE] switch_core_session.c:2940 Execute eval(not_secure)
EXECUTE sofia/external/<span style="font-family:arial">1010@mydomain</span><span style="font-family:arial"> eval(not_secure)</span><br></pre><pre><br></pre><pre>So what am I doing wrong? Why is it failing <span style="font-family:arial">rtp_secure_media_confirmed? Should I change it to plain rtp_secure_media and leave out the "confirmed" bit, or do I have to change var names somewhere else besides the default and features dialplan?</span></pre>
<pre><span style="font-family:arial"><br></span></pre><pre><span style="font-family:arial">Thanks</span></pre></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Nov 15, 2013 at 1:36 AM, Privus 007 <span dir="ltr"><<a href="mailto:privus007@gmail.com" target="_blank">privus007@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Ah, I see. Thank you both</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Fri, Nov 15, 2013 at 1:02 AM, Anthony Minessale <span dir="ltr"><<a href="mailto:anthony.minessale@gmail.com" target="_blank">anthony.minessale@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">The var names are rtp_ for those instead of sip_ now.</p>
<div class="gmail_quote"><div><div>On Nov 14, 2013 4:46 PM, "Privus 007" <<a href="mailto:privus007@gmail.com" target="_blank">privus007@gmail.com</a>> wrote:<br type="attribution"></div></div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>
<div dir="ltr">Hi,<div><br></div><div>I've been using FS successfully for some years now. Recently I decided to update from 1.2.12 to latest master via git (running FS on bare metal Debian 7.0 64bit)</div><div><br></div>
<div>Obviously I saved my conf directory and tried to apply it to the 1.5.7b+git~20131114 version I just installed and have up and running.</div><div><br></div><div>I realize that master is not yet stable but I notice that there seems to be some incompatibility issues, namely with SRTP.</div>
<div><br></div><div>All my SRTP calls are now failing with "incompatible destination" messages in the logs, and looking through them more closely I see this:</div><div><br></div><div><br></div><div><div>parsing [features->is_secure] continue=true</div>
<div>Dialplan: sofia/external/1000@mydomain Regex (PASS) [is_secure] ${sip_via_protocol}(tls) =~ /tls/ break=on-false</div><div>Dialplan: sofia/external/1000@mydomain Regex (FAIL) [is_secure] ${sip_secure_media_confirmed}() =~ /^true$/ break=on-false</div>
<div>Dialplan: sofia/external/1000@mydomain ANTI-Action eval(not_secure) </div><div>2013-11-14 22:02:22.006273 [NOTICE] switch_core_session.c:2940 Execute eval(not_secure)</div></div><div><br></div><div><br></div><div>Notice the FAIL for sip_secure_media_confirmed. This is very strange since I'm sure that SRTP is enabled (both CSipSimple Android client and Groundwire iOS client confirm that indeed the signalling is secured via TLS and the media via SDES SRTP).</div>
<div>A few seconds earlier in the logs, FS also sees the crypto taking place and there doesn't seem to be any problem</div><div><br></div><div><div>2013-11-14 22:02:21.986279 [INFO] switch_rtp.c:2830 Activating Audio Secure RTP SEND</div>
<div>2013-11-14 22:02:21.986279 [DEBUG] switch_core_sqldb.c:2354 Secure Type: srtp:sdes:AES_CM_128_HMAC_SHA1_80</div></div><div><br></div><div>So the problem seems to be with the sip_secure_media_confirmed variable. This same setup worked fine yesterday with 1.2.12, so I'm at a loss as to what changed.</div>
<div>Any ideas? To further add some confusion, since my clients are configured for mandatory SRTP, all calls to them fail, and FS routes to VM. So far, pretty normal. Except that the VM message we usually hear sounds super slow like the voice is drunk. This is definetely not normal, but I'm not sure if it's related to the crypto issue. I don't think it's a flite issue since calling into the IVR sounds as normal as ever.</div>
<div><br></div><div>Also, I notice a change in FS handling DTMF. My CSipSimple client which worked flawlessly with DTMF before now just doesn't work at all, but my Groundwire client continues to send DTMF without a problem.</div>
<div>Has something changed in the latest master regarding DTMF?</div><div><br></div><div>I'd appreciate any help in debugging these issues. Perhaps the new conf in latest master has different variables or options and by simply copying my old conf directory over the new one wasn't too smart after all.</div>
<div><br></div><div>Thanks</div></div>
<br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Anthony Minessale II<br><br>FreeSWITCH <a href="http://www.freeswitch.org/">http://www.freeswitch.org/</a><br>ClueCon <a href="http://www.cluecon.com/">http://www.cluecon.com/</a><br>
Twitter: <a href="http://twitter.com/FreeSWITCH_wire">http://twitter.com/FreeSWITCH_wire</a><br><br>AIM: anthm<br><a href="mailto:MSN%3Aanthony_minessale@hotmail.com">MSN:anthony_minessale@hotmail.com</a><br>GTALK/JABBER/<a href="mailto:PAYPAL%3Aanthony.minessale@gmail.com">PAYPAL:anthony.minessale@gmail.com</a><br>
IRC: <a href="http://irc.freenode.net">irc.freenode.net</a> #freeswitch<br><br>FreeSWITCH Developer Conference<br><a href="mailto:sip%3A888@conference.freeswitch.org">sip:888@conference.freeswitch.org</a><br><a href="mailto:googletalk%3Aconf%2B888@conference.freeswitch.org">googletalk:conf+888@conference.freeswitch.org</a><br>
pstn:+19193869900
</div>