<div dir="ltr"><div><div><div>Hi,<br><br></div>It looks like that there is issue with Linphone sip client, I tried to use Blink and call was successful and cipher was chosen correctly on both sides.<br><br></div>With kind regards,<br><br></div>Jurijs<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-08-14 10:08 GMT+03:00 Jurijs Ivolga <span dir="ltr"><<a href="mailto:jurij.ivo@gmail.com" target="_blank">jurij.ivo@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi,<br><br></div>Somehow clients are not using correct cipher.<br><br></div><div>so ext 1006 is calling ext 1005.<br></div><div><br></div>Here is strange part:<br><br></div>When Freeswitch(10.101.141.197) forward invite to ext 1005 Freeswitch splits SDP message as you can see below. First part of SDP is sent with initial Invite request and second part as separate message. Is it correct behavior or not?<br><div><div><br></div><div>Please help!<br><br></div><div>I would like to add that I'm using Linphone as SIP client.<br></div><div><br>T <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> -> <a href="http://192.168.210.9:2556" target="_blank">192.168.210.9:2556</a> [A]<br>INVITE sip:1005@192.168.210.9:2556;transport=tcp SIP/2.0.<br>Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.<br>Max-Forwards: 68.<br>From: "1006" <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;tag=HermN67Fggrcr.<br>To: <sip:1005@192.168.210.9:2556;transport=tcp>.<br>Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.<br>CSeq: 79431457 INVITE.<br>Contact: <sip:mod_sofia@10.101.141.197:5060;transport=tcp>.<br>User-Agent: FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.<br>Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE.<br>Supported: timer, path, replaces.<br>Allow-Events:
talk, hold, conference, presence, as-feature-event, dialog, line-seize,
call-info, sla, include-session-description, presence.winfo,
message-summary, refer.<br>Content-Type: application/sdp.<br>Content-Disposition: session.<br>Content-Length: 1133.<br>X-FS-Support: update_display,send_info.<br>Remote-Party-ID: "1006" <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;party=calling;screen=yes;privacy=off.<br>.<br>v=0.<br>o=FreeSWITCH 1439504220 1439504221 IN IP4 10.101.141.197.<br>s=FreeSWITCH.<br>c=IN IP4 10.101.141.197.<br>t=0 0.<br>m=audio 30822 RTP/SAVP 96 0 8 101 13.<br>a=rtpmap:96 opus/48000/2.<br>a=fmtp:96 useinbandfec=1.<br>a=rtpmap:0 PCMU/8000.<br>a=rtpmap:8 PCMA/8000.<br>a=rtpmap:101 telephone-event/8000.<br>a=fmtp:101 0-16.<br>a=crypto:1 AEAD_AES_256_GCM_8 inline:S2oBVh65wI8m4kSXtf4XS2ewx5msX9nENt4icZKWbjqJ5whNq4kUiOvCSLU.<br>a=crypto:2 AEAD_AES_128_GCM_8 inline:IVkLlQ1pqeKyH+MTQRX1iYwR0d5Towuu3z5VRA.<br>#<br>T <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> -> <a href="http://192.168.210.9:2556" target="_blank">192.168.210.9:2556</a> [AP]<br><br>a=crypto:3 AES_CM_256_HMAC_SHA1_80 inline:Coiz7A87xBG/sUq2tkRgNR7lhqXj867XqVLPY/Se5loalRyxeVST70IlKq6URA.<br>a=crypto:4 AES_CM_192_HMAC_SHA1_80 inline:fPLYqjsI7EX1oXV6pmuq7hz8AEeY8/+EUcti9clgvhtaK82nIS4.<br>a=crypto:5 AES_CM_128_HMAC_SHA1_80 inline:KwtgRmTidrZeRtafVkx6CJUhvhq0MdIpeUAw4XW4.<br>a=crypto:6 AES_CM_256_HMAC_SHA1_32 inline:jHtGPHnXdtr0h+NxllA1aIlKaR2BV6OanWb6vgfZkq12FwPnjKzhIN5RTyJDTg.<br>a=crypto:7 AES_CM_192_HMAC_SHA1_32 inline:dL0CeU8sTaplV64MUDYr8wsZlJHgeANDgo0DpaTp1LojRY1lsQw.<br>a=crypto:8 AES_CM_128_HMAC_SHA1_32 inline:8Xy+DGcxx7lBmJsO4hFXwfZvMdtzP8lawGmVYRib.<br>a=crypto:9 AES_CM_128_NULL_AUTH inline:0335cUjVFg44BWoI8FmfGNvbFsb4X5c9H86q7t+5.<br>a=ptime:20.<br><br></div><div>You can find below full sip trace:<br><br></div><div>10.101.141.197 - Freeswitch, <a href="http://192.168.210.9:39438" target="_blank">192.168.210.9:39438</a> - 1006, <a href="http://192.168.210.9:2556" target="_blank">192.168.210.9:2556</a> - 1005<br></div><div><br>filter: ( port 5060 ) and (ip or ip6)<br>#<br>T <a href="http://192.168.210.9:39438" target="_blank">192.168.210.9:39438</a> -> <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> [AP]<br>INVITE <a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a> SIP/2.0.<br>Via: SIP/2.0/TCP 192.168.5.81:57209;branch=z9hG4bK.IuzskaFrq;rport.<br>From: <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;tag=NtnWG0xlI.<br>To: "1005" <<a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a>>.<br>CSeq: 20 INVITE.<br>Call-ID: vSsPmy-jNM.<br>Max-Forwards: 70.<br>Supported: outbound.<br>Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO, UPDATE.<br>Content-Type: application/sdp.<br>Content-Length: 819.<br>Contact: <sip:1006@192.168.210.9:39438;transport=tcp>;+sip.instance="<urn:uuid:477d474b-2e13-411a-9bc9-b805b9018b85>".<br>User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).<br>.<br>v=0.<br>o=1006 776 2644 IN IP4 192.168.5.81.<br>s=Talk.<br>c=IN IP4 192.168.5.81.<br>b=AS:380.<br>t=0 0.<br>a=rtcp-xr:rcvr-rtt=all:10000 stat-summary=loss,dup,jitt,TTL voip-metrics.<br>m=audio 7076 RTP/SAVP 96 97 98 99 0 8 101 100 102.<br>a=rtpmap:96 opus/48000/2.<br>a=fmtp:96 useinbandfec=1.<br>a=rtpmap:97 SILK/16000.<br>a=rtpmap:98 speex/16000.<br>a=fmtp:98 vbr=on.<br>a=rtpmap:99 speex/8000.<br>a=fmtp:99 vbr=on.<br>a=rtpmap:101 telephone-event/48000.<br>a=rtpmap:100 telephone-event/16000.<br>a=rtpmap:102 telephone-event/8000.<br>a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:5CX7J5QFH42SH0PKJ73njNeFmWmsAQzmoxmjGruw.<br>a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:d1FR1lpf51o7hgxXH29rsp3y5nsP2fWCawwkRHau.<br>a=crypto:3 AES_CM_256_HMAC_SHA1_80 inline:Qgjm+kYdz2Hq7Z9bDoWUEBfS4QxT+IhyeVtsBGj5.<br>a=crypto:4 AES_CM_256_HMAC_SHA1_32 inline:pF5jQEbDyqu4c9pELVoSSz/+T6qM7rkX0c0SeJ8Z.<br><br>##<br>T <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> -> <a href="http://192.168.210.9:39438" target="_blank">192.168.210.9:39438</a> [AP]<br>SIP/2.0 100 Trying.<br>Via: SIP/2.0/TCP 192.168.5.81:57209;branch=z9hG4bK.IuzskaFrq;rport=39438;received=192.168.210.9.<br>From: <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;tag=NtnWG0xlI.<br>To: "1005" <<a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a>>.<br>Call-ID: vSsPmy-jNM.<br>CSeq: 20 INVITE.<br>User-Agent: FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.<br>Content-Length: 0.<br>.<br><br>#<br>T <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> -> <a href="http://192.168.210.9:2556" target="_blank">192.168.210.9:2556</a> [A]<br>INVITE sip:1005@192.168.210.9:2556;transport=tcp SIP/2.0.<br>Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.<br>Max-Forwards: 68.<br>From: "1006" <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;tag=HermN67Fggrcr.<br>To: <sip:1005@192.168.210.9:2556;transport=tcp>.<br>Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.<br>CSeq: 79431457 INVITE.<br>Contact: <sip:mod_sofia@10.101.141.197:5060;transport=tcp>.<br>User-Agent: FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.<br>Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE.<br>Supported: timer, path, replaces.<br>Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer.<br>Content-Type: application/sdp.<br>Content-Disposition: session.<br>Content-Length: 1133.<br>X-FS-Support: update_display,send_info.<br>Remote-Party-ID: "1006" <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;party=calling;screen=yes;privacy=off.<br>.<br>v=0.<br>o=FreeSWITCH 1439504220 1439504221 IN IP4 10.101.141.197.<br>s=FreeSWITCH.<br>c=IN IP4 10.101.141.197.<br>t=0 0.<br>m=audio 30822 RTP/SAVP 96 0 8 101 13.<br>a=rtpmap:96 opus/48000/2.<br>a=fmtp:96 useinbandfec=1.<br>a=rtpmap:0 PCMU/8000.<br>a=rtpmap:8 PCMA/8000.<br>a=rtpmap:101 telephone-event/8000.<br>a=fmtp:101 0-16.<br>a=crypto:1 AEAD_AES_256_GCM_8 inline:S2oBVh65wI8m4kSXtf4XS2ewx5msX9nENt4icZKWbjqJ5whNq4kUiOvCSLU.<br>a=crypto:2 AEAD_AES_128_GCM_8 inline:IVkLlQ1pqeKyH+MTQRX1iYwR0d5Towuu3z5VRA.<br>#<br>T <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> -> <a href="http://192.168.210.9:2556" target="_blank">192.168.210.9:2556</a> [AP]<br><br>a=crypto:3 AES_CM_256_HMAC_SHA1_80 inline:Coiz7A87xBG/sUq2tkRgNR7lhqXj867XqVLPY/Se5loalRyxeVST70IlKq6URA.<br>a=crypto:4 AES_CM_192_HMAC_SHA1_80 inline:fPLYqjsI7EX1oXV6pmuq7hz8AEeY8/+EUcti9clgvhtaK82nIS4.<br>a=crypto:5 AES_CM_128_HMAC_SHA1_80 inline:KwtgRmTidrZeRtafVkx6CJUhvhq0MdIpeUAw4XW4.<br>a=crypto:6 AES_CM_256_HMAC_SHA1_32 inline:jHtGPHnXdtr0h+NxllA1aIlKaR2BV6OanWb6vgfZkq12FwPnjKzhIN5RTyJDTg.<br>a=crypto:7 AES_CM_192_HMAC_SHA1_32 inline:dL0CeU8sTaplV64MUDYr8wsZlJHgeANDgo0DpaTp1LojRY1lsQw.<br>a=crypto:8 AES_CM_128_HMAC_SHA1_32 inline:8Xy+DGcxx7lBmJsO4hFXwfZvMdtzP8lawGmVYRib.<br>a=crypto:9 AES_CM_128_NULL_AUTH inline:0335cUjVFg44BWoI8FmfGNvbFsb4X5c9H86q7t+5.<br>a=ptime:20.<br><br>###<br>T <a href="http://192.168.210.9:2556" target="_blank">192.168.210.9:2556</a> -> <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> [AP]<br>SIP/2.0 100 Trying.<br>Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.<br>From: "1006" <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;tag=HermN67Fggrcr.<br>To: <sip:1005@192.168.210.9:2556;transport=tcp>.<br>Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.<br>CSeq: 79431457 INVITE.<br>Content-Length: 0.<br>.<br><br>##<br>T <a href="http://192.168.210.9:2556" target="_blank">192.168.210.9:2556</a> -> <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> [AP]<br>SIP/2.0 180 Ringing.<br>Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.<br>From: "1006" <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;tag=HermN67Fggrcr.<br>To: <sip:1005@192.168.210.9:2556;transport=tcp>;tag=nf9raHG.<br>Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.<br>CSeq: 79431457 INVITE.<br>User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).<br>Supported: outbound.<br>Content-Length: 0.<br>.<br><br>##<br>T <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> -> <a href="http://192.168.210.9:39438" target="_blank">192.168.210.9:39438</a> [AP]<br>SIP/2.0 183 Session Progress.<br>Via: SIP/2.0/TCP 192.168.5.81:57209;branch=z9hG4bK.IuzskaFrq;rport=39438;received=192.168.210.9.<br>From: <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;tag=NtnWG0xlI.<br>To: "1005" <<a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a>>;tag=g5yUKBQcK71Sc.<br>Call-ID: vSsPmy-jNM.<br>CSeq: 20 INVITE.<br>Contact: <sip:1005@10.101.141.197:5060;transport=tcp>.<br>User-Agent: FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.<br>Accept: application/sdp.<br>Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE.<br>Supported: timer, path, replaces.<br>Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer.<br>Content-Type: application/sdp.<br>Content-Disposition: session.<br>Content-Length: 340.<br>Remote-Party-ID: "1005" <<a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a>>;party=calling;privacy=off;screen=no.<br>.<br>v=0.<br>o=FreeSWITCH 1439516478 1439516479 IN IP4 10.101.141.197.<br>s=FreeSWITCH.<br>c=IN IP4 10.101.141.197.<br>t=0 0.<br>m=audio 18564 RTP/SAVP 96 101.<br>a=rtpmap:96 opus/48000/2.<br>a=fmtp:96 useinbandfec=1.<br>a=rtpmap:101 telephone-event/8000.<br>a=fmtp:101 0-16.<br>a=ptime:20.<br>a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:fLtceAsAuJMkYrbQ8TePIBRG0fbgRwkBG/tbgoSm.<br><br>##<br>T <a href="http://192.168.210.9:2556" target="_blank">192.168.210.9:2556</a> -> <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> [AP]<br>SIP/2.0 200 Ok.<br>Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.<br>From: "1006" <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;tag=HermN67Fggrcr.<br>To: <sip:1005@192.168.210.9:2556;transport=tcp>;tag=nf9raHG.<br>Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.<br>CSeq: 79431457 INVITE.<br>User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).<br>Supported: outbound.<br>Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO, UPDATE.<br>Contact: <sip:1005@192.168.210.9:2556;transport=tcp>;+sip.instance="<urn:uuid:0797dc65-a86c-4169-96ff-c5328090f98f>".<br>Content-Type: application/sdp.<br>Content-Length: 296.<br>.<br>v=0.<br>o=1005 3932 3858 IN IP4 192.168.5.90.<br>s=Talk.<br>c=IN IP4 192.168.5.90.<br>b=AS:380.<br>t=0 0.<br>m=audio 7076 RTP/SAVP 96 0 8 101.<br>a=rtpmap:96 opus/48000/2.<br>a=fmtp:96 useinbandfec=1.<br>a=rtpmap:101 telephone-event/8000.<br>a=crypto:3 AES_CM_256_HMAC_SHA1_80 inline:5jryAt1Gy/VqFkFRitDzN2Zse62gStxpvSSTkJV/.<br><br>##<br>T <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> -> <a href="http://192.168.210.9:2556" target="_blank">192.168.210.9:2556</a> [AP]<br>ACK sip:1005@192.168.210.9:2556;transport=tcp SIP/2.0.<br>Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKyye5pjXjQD16S.<br>Max-Forwards: 70.<br>From: "1006" <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;tag=HermN67Fggrcr.<br>To: <sip:1005@192.168.210.9:2556;transport=tcp>;tag=nf9raHG.<br>Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.<br>CSeq: 79431457 ACK.<br>Contact: <sip:mod_sofia@10.101.141.197:5060;transport=tcp>.<br>Content-Length: 0.<br>.<br><br>#<br>T <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> -> <a href="http://192.168.210.9:39438" target="_blank">192.168.210.9:39438</a> [AP]<br>SIP/2.0 200 OK.<br>Via: SIP/2.0/TCP 192.168.5.81:57209;branch=z9hG4bK.IuzskaFrq;rport=39438;received=192.168.210.9.<br>From: <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;tag=NtnWG0xlI.<br>To: "1005" <<a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a>>;tag=g5yUKBQcK71Sc.<br>Call-ID: vSsPmy-jNM.<br>CSeq: 20 INVITE.<br>Contact: <sip:1005@10.101.141.197:5060;transport=tcp>.<br>User-Agent: FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.<br>Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE.<br>Supported: timer, path, replaces.<br>Allow-Events: talk, hold, conference, presence, as-feature-event, dialog, line-seize, call-info, sla, include-session-description, presence.winfo, message-summary, refer.<br>Content-Type: application/sdp.<br>Content-Disposition: session.<br>Content-Length: 340.<br>Remote-Party-ID: "Outbound Call" <<a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a>>;party=calling;privacy=off;screen=no.<br>.<br>v=0.<br>o=FreeSWITCH 1439516478 1439516479 IN IP4 10.101.141.197.<br>s=FreeSWITCH.<br>c=IN IP4 10.101.141.197.<br>t=0 0.<br>m=audio 18564 RTP/SAVP 96 101.<br>a=rtpmap:96 opus/48000/2.<br>a=fmtp:96 useinbandfec=1.<br>a=rtpmap:101 telephone-event/8000.<br>a=fmtp:101 0-16.<br>a=ptime:20.<br>a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:fLtceAsAuJMkYrbQ8TePIBRG0fbgRwkBG/tbgoSm.<br><br>##<br>T <a href="http://192.168.210.9:39438" target="_blank">192.168.210.9:39438</a> -> <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> [AP]<br>ACK sip:1005@10.101.141.197:5060;transport=tcp SIP/2.0.<br>Via: SIP/2.0/TCP 192.168.5.81:57209;rport;branch=z9hG4bK.Zbalbk-1j.<br>From: <<a href="mailto:sip%3A1006@10.101.141.197" target="_blank">sip:1006@10.101.141.197</a>>;tag=NtnWG0xlI.<br>To: "1005" <<a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a>>;tag=g5yUKBQcK71Sc.<br>CSeq: 20 ACK.<br>Call-ID: vSsPmy-jNM.<br>Max-Forwards: 70.<br>Content-Length: 0.<br>.<br><br>###<br>T <a href="http://192.168.210.9:2556" target="_blank">192.168.210.9:2556</a> -> <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> [AP]<br>REGISTER sip:10.101.141.197 SIP/2.0.<br>Via: SIP/2.0/TCP 192.168.5.90:55444;alias;branch=z9hG4bK.JRV4z~eGh;rport.<br>From: <<a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a>>;tag=9H~ivVAQ2.<br>To: <a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a>.<br>CSeq: 36 REGISTER.<br>Call-ID: cuBHcAursf.<br>Max-Forwards: 70.<br>Supported: outbound.<br>Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml.<br>Contact: <sip:1005@192.168.210.9:2556;transport=tcp>;+sip.instance="<urn:uuid:0797dc65-a86c-4169-96ff-c5328090f98f>".<br>Expires: 3600.<br>User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).<br>Content-Length: 0.<br>Authorization: Digest realm="10.101.141.197", nonce="1eb7575e-4250-11e5-b0a5-8334919b28b7", algorithm=MD5, username="1005", uri="sip:10.101.141.197", response="36fbbb1687d97df38dcdeb3699c66ec6", cnonce="45a4d597", nc=00000006, qop=auth.<br>.<br><br>#<br>T <a href="http://10.101.141.197:5060" target="_blank">10.101.141.197:5060</a> -> <a href="http://192.168.210.9:2556" target="_blank">192.168.210.9:2556</a> [AP]<br>SIP/2.0 200 OK.<br>Via: SIP/2.0/TCP 192.168.5.90:55444;alias;branch=z9hG4bK.JRV4z~eGh;rport=2556;received=192.168.210.9.<br>From: <<a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a>>;tag=9H~ivVAQ2.<br>To: <<a href="mailto:sip%3A1005@10.101.141.197" target="_blank">sip:1005@10.101.141.197</a>>;tag=jQHDQ1rKDSeZK.<br>Call-ID: cuBHcAursf.<br>CSeq: 36 REGISTER.<br>Contact: <sip:1005@192.168.210.9:2556;transport=tcp>;expires=3600.<br>Date: Fri, 14 Aug 2015 06:50:46 GMT.<br>User-Agent: FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.<br>Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE.<br>Supported: timer, path, replaces.<br>Content-Length: 0.<br>.<br><br>#^Cexit<br>24 received, 0 dropped<br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-08-13 17:40 GMT+03:00 Jurijs Ivolga <span dir="ltr"><<a href="mailto:jurij.ivo@gmail.com" target="_blank">jurij.ivo@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div><div>Hi,<br><br></div>Maybe you can let me know how I can turn on SRTP using default config?<br><br></div>I have following lines in default conf/dialplan/default.xml:<br><br><condition field="${rtp_has_crypto}" expression="^($${rtp_sdes_suites})$" break="never"><br> <action application="set" data="rtp_secure_media=true"/><br> <!-- Offer SRTP on outbound legs if we have it on inbound. --><br> <!-- <action application="export" data="rtp_secure_media=true"/> --><br> </condition><br><br> <!--<br> Since we have inbound-late-negotation on by default now the<br> above behavior isn't the same so you have to do one extra step.<br> --><br> <condition field="${endpoint_disposition}" expression="^(DELAYED NEGOTIATION)"/><br> <condition field="${switch_r_sdp}" expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)" break="never"><br> <action application="set" data="rtp_secure_media=true"/><br> <!-- Offer SRTP on outbound legs if we have it on inbound. --><br> <!-- <action application="export" data="rtp_secure_media=true"/> --><br> </condition><br><br></div>If I change them to:<br><br><condition field="${rtp_has_crypto}" expression="^($${rtp_sdes_suites})$" break="never"><br> <action application="set" data="rtp_secure_media=true"/><br> <!-- Offer SRTP on outbound legs if we have it on inbound. --><br> <action application="export" data="rtp_secure_media=true"/><br> </condition><br><br> <!--<br> Since we have inbound-late-negotation on by default now the<br> above behavior isn't the same so you have to do one extra step.<br> --><br> <condition field="${endpoint_disposition}" expression="^(DELAYED NEGOTIATION)"/><br> <condition field="${switch_r_sdp}" expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)" break="never"><br> <action application="set" data="rtp_secure_media=true"/><br> <!-- Offer SRTP on outbound legs if we have it on inbound. --><br> <action application="export" data="rtp_secure_media=true"/><br> </condition><br><br></div>Then when I make a call there is issue with cipher:<br><br>show channels<br>uuid,direction,created,created_epoch,name,state,cid_name,cid_num,ip_addr,dest,application,application_data,dialplan,context,read_codec,read_rate,read_bit_rate,write_codec,write_rate,write_bit_rate,secure,hostname,presence_id,presence_data,callstate,callee_name,callee_num,callee_direction,call_uuid,sent_callee_name,sent_callee_num,initial_cid_name,initial_cid_num,initial_ip_addr,initial_dest,initial_dialplan,initial_context<br>81a423fc-41c8-11e5-ac4e-1b8671775759,inbound,2015-08-13 10:35:13,1439476513,sofia/internal/1001@myserverip,CS_EXECUTE,1001,1001,mylocalip,1000,bridge,user/1000@myserverip,XML,default,opus,48000,0,opus,48000,0,srtp:sdes:<b>AES_CM_128_HMAC_SHA1_80</b>,Freeswitch1Dev,1001@myserverip,,ACTIVE,Outbound Call,1000,SEND,81a423fc-41c8-11e5-ac4e-1b8671775759,Outbound Call,1000,1001,1001,mylocalip,1000,XML,default<br>81cbe932-41c8-11e5-ac73-1b8671775759,outbound,2015-08-13 10:35:13,1439476513,sofia/internal/1000@mylocalip:39626,CS_EXCHANGE_MEDIA,Extension 1001,1001,mylocalip,1000,,,XML,default,opus,48000,0,opus,48000,0,srtp:sdes:<b>AES_CM_256_HMAC_SHA1_80</b>,Freeswitch1Dev,1000@myserverip,,ACTIVE,Outbound Call,1000,SEND,81a423fc-41c8-11e5-ac4e-1b8671775759,Extension 1001,1001,Extension 1001,1001,mylocalip,1000,XML,default<br><br><br></div>As you can see for inbound call is used AES_CM_128_HMAC_SHA1_80 cipher and for outbound is used AES_CM_256_HMAC_SHA1_80.<br><br></div>Any ideas?<br><br></div>With kind regards,<br><br></div>Jurijs<br><div><div><div><div><div><div><div><div><div><div><br></div></div></div></div></div></div></div></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-08-13 17:26 GMT+03:00 Michael Jerris <span dir="ltr"><<a href="mailto:mike@jerris.com" target="_blank">mike@jerris.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You will have to look at the full negotiation of that leg and a debug log to see what's going on.<span></span><br><br>On Thursday, August 13, 2015, Jurijs Ivolga <<a href="mailto:jurij.ivo@gmail.com" target="_blank">jurij.ivo@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div>Hi,<br><br></div>I'm struggling with quite simple issue. I need to enable SRTP on outbound leg. Call hits Freeswitch as SRTP but it leaves as regular RTP. I do not use TLS and I don't need it(yes, I know that SRTP keys are sent as plain text in this case).<br><br></div>I tried to add following code to my dialplan, but it do not helps:<br><br><pre><condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never">
<action application="set" data="sip_secure_media=true"/>
<action application="export" data="sip_secure_media=true"/>
</condition></pre>I tried to add to vars.xml following line too:<br><br><X-PRE-PROCESS cmd="set" data="rtp_secure_media_inbound=mandatory"/><br><br></div>But still without success.<br><br></div>Maybe somebody can give me a hint?<br><br></div>Thank you!<br><br></div>With kind regards,<br><br></div>Jurijs<br></div>
</blockquote>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>
</blockquote></div><br></div>
</blockquote></div><br></div>