<p dir="ltr">First of all, srtp is not end-to-end, if you are looking for end to end, you should look over the zrtp_* varset.<br>
And also look over whether you clients are configured to use SRTP or ZRTP.</p>
<div class="gmail_quote">10 сент. 2014 г. 15:50 пользователь "Michael Jerris" <<a href="mailto:mike@jerris.com">mike@jerris.com</a>> написал:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Does it work on the latest 1.4 release with the config change he mentioned?<div><br><div><div>On Sep 10, 2014, at 1:48 AM, Chandrakant Marathe <<a href="mailto:cwmarathe@gmail.com" target="_blank">cwmarathe@gmail.com</a>> wrote:</div><br><blockquote type="cite"><div dir="ltr"><div>Sorry Brian, I should have told the version. My bad. <br>I am using 1.2 stable release. When I hit "git branch -av", it outputs -<br><br>* v1.2.stable 2b62885 fs_cli: fix compiler error on CentOS 6 caused by recent short uuid logging change<br><br></div><div>And from FreeSwitch console, when I hit "version" command, it shows -<br><br>FreeSWITCH Version 1.2.24+git~20140630T213113Z~2b62885f21~32bit (git 2b62885 2014-06-30 21:31:13Z 32bit)<br><br></div><div>I went through "vars.xml" and found only one config related with "rtp_secure_media" and that to related with zrtp<br><br><X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/><br><br></div><div>Is there any more configuration to do in v1.2 so as to enable end-to-end secure call or shall I move to v1.4 beta?<br></div><div><br></div><div>Thanks.<br></div><div>--<br></div>CWM<br><div><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 9, 2014 at 9:04 PM, Brian West <span dir="ltr"><<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">You didn't mention what rev you're using, If you're in 1.4 then its rtp_secure_media, please see latest configs and extensive docs in vars.xml about srtp and all the nice knobs you can use to tweak it.<div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Tue, Sep 9, 2014 at 12:52 AM, Chandrakant Marathe <span dir="ltr"><<a href="mailto:cwmarathe@gmail.com" target="_blank">cwmarathe@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div><div dir="ltr"><div><div><span style="font-family:trebuchet ms,sans-serif">Hi All,<br>I have setup FreeSwith PBX. I am facing an issue
of not having end to end secure call. Caller sends INVITE request with
SIPS in request URI and RTP/SAVP in SDP. But when FreeSwith forwards the
request to caller, it is not using RTP/SAVP in SDP.<br><br>I have followed the steps mentioned in WIKI (<a href="https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration" target="_blank">https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration</a>) for TLS configuration and marked "exports sip_secure_media" true in "conf/dialplan/default.xml" file (as per <a href="https://wiki.freeswitch.org/wiki/SRTP" target="_blank">https://wiki.freeswitch.org/wiki/SRTP</a>). But still FreeSwitch does not use RTP/SAVP for leg-B.<br><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">Also, I am bit confused with following condition in "default.xml" when wiki page suggests that </span><br><span style="font-family:trebuchet ms,sans-serif">late coded negotiation must NOT to be turned on.<br><br> <!--<br> Since we have inbound-late-negotation on by default now the<br> above behavior isn't the same so you have to do one extra step.<br> --><br><br> <condition field="${endpoint_disposition}" expression="^(DELAYED NEGOTIATION)"/><br> <condition field="${switch_r_sdp}" expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)" break="never"><br> <action application="set" data="sip_secure_media=true"/><br> <!-- Offer SRTP on outbound legs if we have it on inbound. --><br> <action application="export" data="sip_secure_media=true"/><br> </condition><br><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">By commenting/un-commenting "</span><span style="font-family:trebuchet ms,sans-serif"><span style="font-family:trebuchet ms,sans-serif">sip_secure_media=true</span>" above, it did not worked.<br></span></div><div><span style="font-family:trebuchet ms,sans-serif"><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">Any help with this would be greatly appreciated.<br><br>--<br></span></div><span style="font-family:trebuchet ms,sans-serif">Thanks<br></span></div><span style="font-family:trebuchet ms,sans-serif">CWM<br></span></div>
<br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org/" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com/" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p><p><font face="courier new, monospace" size="1"><img src="http://bkw.org/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com/" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com/" target="_blank">http://www.freeswitchcookbook.com</a></font></p><p><font face="courier new, monospace"><b>T:</b><a href="tel:%2B19184209001" value="+19184209001" target="_blank">+19184209001</a> | <b>F:</b><a href="tel:%2B19184209002" value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div>
</div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org/" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com/" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div></div></div>
_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services: <br><a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br><a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br><a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br><br>FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br><a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></blockquote></div><br></div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div>