<div dir="ltr">I did as you said Brian. I think I've given the script plenty of time. When I call 9787 I do get the zrtp is secure message and I see the SAS displayed on my CSipSimple endpoint.<div>However, the detection in the dialplan doesn't seem to work since it always evals as not secure.<br>
<div><br></div><div><div>-- ZRTP Enrollment Agent</div><div>session:setVariable("zrtp_secure_media", "true");</div><div>session:setVariable("zrtp_enrollment", "true");</div><div>session:sleep(600);</div>
<div>session:answer();</div><div>session:streamFile("zrtp/zrtp-status_securing.wav");</div><div>session:sleep(5000);</div><div>-- Give the agent time to bring up ZRTP.</div><div><br><div><br></div><div>Despite the fact that I do see the SAS, I also see this error message in the logs</div>
<div>[ERR] switch_rtp.c:4987 Error: zRTP protection drop with code 9<br></div></div></div></div><div><br></div><div>This seems to be related to this jira bug <a href="http://jira.freeswitch.org/browse/FS-509">http://jira.freeswitch.org/browse/FS-509</a></div>
<div><br></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 9, 2014 at 8:25 PM, Brian West <span dir="ltr"><<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Sleep longer in the lua script<br><br>Sent from my iPhone</div><div><div class="h5"><div><br>On Apr 9, 2014, at 1:48 PM, Peter Villeneuve <<a href="mailto:petervnv1@gmail.com" target="_blank">petervnv1@gmail.com</a>> wrote:<br>
<br></div><blockquote type="cite"><div><div dir="ltr">Thanks guys. It was indeed a silly mistake.<div>Recompiling latest mster from git with the ZRTP flag now works.</div><div><br></div><div>I see ZRTP being established correctly but I still can't get FS to confirm that the call is secure in the dialplan.</div>
<div>I think the issue may lie with the correct wording of the ${zrtp_secure_media_confirmed}</div><div><br></div><div>Here's what the logs show (note that zrtp is indeed active as I can see the SAS in both Jitsi and CSipSimple)</div>
<div><br></div><div><div>parsing [features->is_zrtp_secure] continue=true</div><div>Dialplan: sofia/internal/<a href="mailto:1010@my.domain.com" target="_blank">1010@my.domain.com</a> Regex (FAIL) [is_zrtp_secure] ${zrtp_secure_media_confirmed}() =~ /^true$/ break=on-false</div>
<div>Dialplan: sofia/internal/<a href="mailto:1010@my.domain.com" target="_blank">1010@my.domain.com</a> ANTI-Action eval(not_secure)</div><div>EXECUTE sofia/internal/<a href="mailto:1010@my.domain.com" target="_blank">1010@my.domain.com</a> eval(not_secure)</div>
<div>2014-04-09 18:33:10.872707 [NOTICE] switch_core_session.c:2953 Execute eval(not_secure)</div><div>EXECUTE sofia/internal/<a href="mailto:1010@my.domain.com" target="_blank">1010@my.domain.com</a> eval(not_secure)</div>
</div><div><br>
</div><div><br></div><div>I've tried playing with the wording of the ${zrtp_secure_media_confirmed} since I recall a similar problem with SRTP and some recent code changes in FS (I added audio to the name of the variable)</div>
<div>Unfortunately none of the 2 options I tried made any difference.</div><div><br></div><div><div><extension name="is_zrtp_secure" continue="true"></div><div> <condition field="${zrtp_secure_media_confirmed}" expression="^true$"></div>
<div> <!-- <condition field="${zrtp_secure_media_confirmed_audio}" expression="^true$">--></div><div><span style="white-space:pre-wrap">        </span><action application="sleep" data="1000"/></div>
<div><span style="white-space:pre-wrap">        </span><action application="playback" data="misc/call_secured.wav"/></div><div><span style="white-space:pre-wrap">        </span><anti-action application="eval" data="not_secure"/></div>
<div> </condition></div><div> </extension></div></div><div><br></div><div>Any clues as to what's wrong?</div><div><br></div><div><br></div><div>Thanks,</div><div><br></div><div>Peter</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Tue, Apr 8, 2014 at 2:04 PM, Steven Ayre <span dir="ltr"><<a href="mailto:steveayre@gmail.com" target="_blank">steveayre@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Just rebuild and install as normal, it'll be an upgrade. Your config files should be preserved, but back them up just in case.<div><div><div><br></div><div><br><span></span><div><br>On Tuesday, April 8, 2014, Peter Villeneuve <<a href="mailto:petervnv1@gmail.com" target="_blank">petervnv1@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I can't believe how stupid I am. Now that you mention it I'm no longer sure I did compile it explicitly with the <span style="font-family:arial,sans-serif;font-size:13px">—enable-zrtp flag.</span><div>
<span style="font-family:arial,sans-serif;font-size:13px">I guess that would explain it. Sorry for wasting your time with such a silly mistake.</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div><div><span style="font-family:arial,sans-serif;font-size:13px">Guess I need to start over. Is there a make uninstall or is there a recommended way to remove FS?</span></div></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">On Mon, Apr 7, 2014 at 10:55 PM, Brian West <span dir="ltr"><<a>brian@freeswitch.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
You compiled with —enable-zrtp? And you you see the ZRTP activity in the logs when making calls?<br>
<div>--<br>
Brian West<br>
<a>brian@freeswitch.org</a><br>
FreeSWITCH Solutions, LLC<br>
PO BOX 2531<br>
Brookfield, WI 53008-2531<br>
Twitter: @FreeSWITCH , @briankwest<br>
<a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br>
<a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a><br>
<br>
T: <a href="tel:%2B1.918.420.9001" value="+19184209001" target="_blank">+1.918.420.9001</a> | F: <a href="tel:%2B1.918.420.9002" value="+19184209002" target="_blank">+1.918.420.9002</a> | M: +1.918.424.WEST<br>
iNUM: <a href="tel:%2B883%205100%201420%209001" value="+883510014209001" target="_blank">+883 5100 1420 9001</a><br>
ISN: 410*543<br>
Skype:briankwest<br>
PGP Key: <a href="http://www.bkw.org/key.txt" target="_blank">http://www.bkw.org/key.txt</a> (AB93356707C76CED)<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</div><div><div>On Apr 7, 2014, at 4:49 PM, Peter Villeneuve <<a>petervnv1@gmail.com</a>> wrote:<br>
<br>
> Thanks for helping out Brian.<br>
><br>
> The problem I have is that FS doesn't seem to recognize the client has ZRTP when I dial 9787 (CSipSimple in this case with ZRTP enabled).<br>
> I hear the nice lady tell me that my endpoint doesn't have ZRTP but I see in the FS logs that it correctly sees the ZRTP hash.<br>
><br>
> I've disabled zrtp passthrough in the sip profile and still FS doesn't seem to detect the client has ZRTP and enroll it.<br>
><br>
><br>
<br>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a>consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a>FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>
</blockquote></div></div>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>
</div></blockquote><blockquote type="cite"><div><span>_________________________________________________________________________</span><br><span>Professional FreeSWITCH Consulting Services:</span><br><span><a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a></span><br>
<span><a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a></span><br><span></span><br><span>FreeSWITCH-powered IP PBX: The CudaTel Communication Server</span><br><span><a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a></span><br>
<span></span><br><span>Official FreeSWITCH Sites</span><br><span><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></span><br><span><a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a></span><br>
<span><a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a></span><br><span></span><br><span>FreeSWITCH-users mailing list</span><br><span><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a></span><br>
<span><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br><span>UNSUBSCRIBE:http://<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br>
<span><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></span><br></div></blockquote></div></div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>