<div dir="ltr">You didn't mention what rev you're using, If you're in 1.4 then its rtp_secure_media, please see latest configs and extensive docs in vars.xml about srtp and all the nice knobs you can use to tweak it.<div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 9, 2014 at 12:52 AM, Chandrakant Marathe <span dir="ltr"><<a href="mailto:cwmarathe@gmail.com" target="_blank">cwmarathe@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><span style="font-family:trebuchet ms,sans-serif">Hi All,<br>I have setup FreeSwith PBX. I am facing an issue
of not having end to end secure call. Caller sends INVITE request with
SIPS in request URI and RTP/SAVP in SDP. But when FreeSwith forwards the
request to caller, it is not using RTP/SAVP in SDP.<br><br>I have followed the steps mentioned in WIKI (<a href="https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration" target="_blank">https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration</a>) for TLS configuration and marked "exports sip_secure_media" true in "conf/dialplan/default.xml" file (as per <a href="https://wiki.freeswitch.org/wiki/SRTP" target="_blank">https://wiki.freeswitch.org/wiki/SRTP</a>). But still FreeSwitch does not use RTP/SAVP for leg-B.<br><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">Also, I am bit confused with following condition in "default.xml" when wiki page suggests that </span><br><span style="font-family:trebuchet ms,sans-serif">late coded negotiation must NOT to be turned on.<br><br> <!--<br> Since we have inbound-late-negotation on by default now the<br> above behavior isn't the same so you have to do one extra step.<br> --><br><br> <condition field="${endpoint_disposition}" expression="^(DELAYED NEGOTIATION)"/><br> <condition field="${switch_r_sdp}" expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)" break="never"><br> <action application="set" data="sip_secure_media=true"/><br> <!-- Offer SRTP on outbound legs if we have it on inbound. --><br> <action application="export" data="sip_secure_media=true"/><br> </condition><br><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">By commenting/un-commenting "</span><span style="font-family:trebuchet ms,sans-serif"><span style="font-family:trebuchet ms,sans-serif">sip_secure_media=true</span>" above, it did not worked.<br></span></div><div><span style="font-family:trebuchet ms,sans-serif"><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">Any help with this would be greatly appreciated.<br><br>--<br></span></div><span style="font-family:trebuchet ms,sans-serif">Thanks<br></span></div><span style="font-family:trebuchet ms,sans-serif">CWM<br></span></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://bkw.org/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p>
<p><font face="courier new, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div>
</div>