<div dir="ltr">If you can't trust your PBX then WHO can you trust? :P ZRTP won't be end to end out of the box unles you have clients that add the zrtp hash to the sdp's in the invite and 200ok coming back from the far end. </div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 10, 2014 at 8:55 AM, Daniel Ivanov <span dir="ltr"><<a href="mailto:sertys@gmail.com" target="_blank">sertys@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">First of all, srtp is not end-to-end, if you are looking for end to end, you should look over the zrtp_* varset.<br>
And also look over whether you clients are configured to use SRTP or ZRTP.</p>
<div class="gmail_quote">10 сент. 2014 г. 15:50 пользователь "Michael Jerris" <<a href="mailto:mike@jerris.com" target="_blank">mike@jerris.com</a>> написал:<div><div class="h5"><br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Does it work on the latest 1.4 release with the config change he mentioned?<div><br><div><div>On Sep 10, 2014, at 1:48 AM, Chandrakant Marathe <<a href="mailto:cwmarathe@gmail.com" target="_blank">cwmarathe@gmail.com</a>> wrote:</div><br><blockquote type="cite"><div dir="ltr"><div>Sorry Brian, I should have told the version. My bad. <br>I am using 1.2 stable release. When I hit "git branch -av", it outputs -<br><br>* v1.2.stable 2b62885 fs_cli: fix compiler error on CentOS 6 caused by recent short uuid logging change<br><br></div><div>And from FreeSwitch console, when I hit "version" command, it shows -<br><br>FreeSWITCH Version 1.2.24+git~20140630T213113Z~2b62885f21~32bit (git 2b62885 2014-06-30 21:31:13Z 32bit)<br><br></div><div>I went through "vars.xml" and found only one config related with "rtp_secure_media" and that to related with zrtp<br><br><X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/><br><br></div><div>Is there any more configuration to do in v1.2 so as to enable end-to-end secure call or shall I move to v1.4 beta?<br></div><div><br></div><div>Thanks.<br></div><div>--<br></div>CWM<br><div><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 9, 2014 at 9:04 PM, Brian West <span dir="ltr"><<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">You didn't mention what rev you're using, If you're in 1.4 then its rtp_secure_media, please see latest configs and extensive docs in vars.xml about srtp and all the nice knobs you can use to tweak it.<div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Tue, Sep 9, 2014 at 12:52 AM, Chandrakant Marathe <span dir="ltr"><<a href="mailto:cwmarathe@gmail.com" target="_blank">cwmarathe@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div><div dir="ltr"><div><div><span style="font-family:trebuchet ms,sans-serif">Hi All,<br>I have setup FreeSwith PBX. I am facing an issue
of not having end to end secure call. Caller sends INVITE request with
SIPS in request URI and RTP/SAVP in SDP. But when FreeSwith forwards the
request to caller, it is not using RTP/SAVP in SDP.<br><br>I have followed the steps mentioned in WIKI (<a href="https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration" target="_blank">https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration</a>) for TLS configuration and marked "exports sip_secure_media" true in "conf/dialplan/default.xml" file (as per <a href="https://wiki.freeswitch.org/wiki/SRTP" target="_blank">https://wiki.freeswitch.org/wiki/SRTP</a>). But still FreeSwitch does not use RTP/SAVP for leg-B.<br><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">Also, I am bit confused with following condition in "default.xml" when wiki page suggests that </span><br><span style="font-family:trebuchet ms,sans-serif">late coded negotiation must NOT to be turned on.<br><br> <!--<br> Since we have inbound-late-negotation on by default now the<br> above behavior isn't the same so you have to do one extra step.<br> --><br><br> <condition field="${endpoint_disposition}" expression="^(DELAYED NEGOTIATION)"/><br> <condition field="${switch_r_sdp}" expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)" break="never"><br> <action application="set" data="sip_secure_media=true"/><br> <!-- Offer SRTP on outbound legs if we have it on inbound. --><br> <action application="export" data="sip_secure_media=true"/><br> </condition><br><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">By commenting/un-commenting "</span><span style="font-family:trebuchet ms,sans-serif"><span style="font-family:trebuchet ms,sans-serif">sip_secure_media=true</span>" above, it did not worked.<br></span></div><div><span style="font-family:trebuchet ms,sans-serif"><br></span></div><div><span style="font-family:trebuchet ms,sans-serif">Any help with this would be greatly appreciated.<br><br>--<br></span></div><span style="font-family:trebuchet ms,sans-serif">Thanks<br></span></div><span style="font-family:trebuchet ms,sans-serif">CWM<br></span></div>
<br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org/" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com/" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p><p><font face="courier new, monospace" size="1"><img src="http://bkw.org/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com/" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com/" target="_blank">http://www.freeswitchcookbook.com</a></font></p><p><font face="courier new, monospace"><b>T:</b><a href="tel:%2B19184209001" value="+19184209001" target="_blank">+19184209001</a> | <b>F:</b><a href="tel:%2B19184209002" value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div>
</div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com/" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org/" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com/" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com/" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org/" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div></div></div>
_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services: <br><a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br><a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br><a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br><br>FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br><a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a></blockquote></div><br></div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://bkw.org/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p>
<p><font face="courier new, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div>
</div>