<div dir="ltr"><div><div><div>Hi Saurabh,<br><br></div>I faced same issue with Linphone and it looks like there is bug in Linphone, so it choose wrong cipher for SRTP. As you can see on both clients it uses different ciphers: <b><font color="#0b5394"><span style="background-color:rgb(255,255,0)">srtp:sdes:AES_CM_256_HMAC_SHA1_80 & </span></font></b><b><font color="#0b5394"><span style="background-color:rgb(255,255,0)">srtp:sdes:AES_CM_128_HMAC_SHA1_80</span></font></b>.To make this work you need same ciphers on both channels. I tried with Blink and Blink worked for me, using SRTP on Freeswitch. Try other sip-client instead Linphone, if ti will work, then probably it will be a Linphone bug.<br><br></div><div>Nevertheless I tried to configure Freeswitch to force Linphone to use only one specific cipher, but never succeeded, maybe you can try to do same. Maybe there is same bug on Linphone which do not allow this... Never had a time to look on this issue closer...<br></div><div><br></div>With kind regards,<br><br></div>Jurijs<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-09-11 17:18 GMT+03:00 Saurabh Kumar Verma <span dir="ltr"><<a href="mailto:saurabhkumar.verma@vvdntech.com" target="_blank">saurabhkumar.verma@vvdntech.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi,</div><div><br></div><div>So audio is working properly until we don't set these following parameters (Changes has been done because we don't able to see secure parameter is set in <b>channels</b> table & it's set only for caller's endpoint).</div><div><br></div><div>i). Change in default.xml in dialplan:</div><div><div><b><condition field="${rtp_has_crypto}" expression="^($${rtp_sdes_suites})$" break="never"></b></div><div><b> <action application="set" data="rtp_secure_media=true"/></b></div><div><b> <!-- Offer SRTP on outbound legs if we have it on inbound. --></b></div><div><b> <span style="background-color:rgb(255,255,0)"><action application="export" data="rtp_secure_media=true"/></span></b></div><div><b> </condition></b></div><div><b><br></b></div><div><b> <!--</b></div><div><b> Since we have inbound-late-negotation on by default now the</b></div><div><b> above behavior isn't the same so you have to do one extra step.</b></div><div><b> --></b></div><div><b> <condition field="${endpoint_disposition}" expression="^(DELAYED NEGOTIATION)"/></b></div><div><b> <condition field="${switch_r_sdp}" expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)" break="never"></b></div><div><b> <action application="set" data="rtp_secure_media=true"/></b></div><div><b> <!-- Offer SRTP on outbound legs if we have it on inbound. --></b></div><div><b> <span style="background-color:rgb(255,255,0)"><action application="export" data="rtp_secure_media=true"/></span></b></div><div><b> </condition></b></div></div><div><b><br></b></div><div><b><br></b></div><div>ii). Set inbound-late-megotiation to false in sip_profiles/internal.xml..</div><div><br></div><div><b style="background-color:rgb(255,255,0)"><param name="inbound-late-negotiation" value="false"/></b><br></div><div><br></div><div class="gmail_extra"><div class="gmail_quote">On Fri, Sep 11, 2015 at 7:30 AM, Giovanni Maruzzelli <span dir="ltr"><<a href="mailto:gmaruzz@gmail.com" target="_blank">gmaruzz@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><p dir="ltr">I would counseil to start from the dafault config, and change one thing at time.<br>
See at which change it breaks.</p>
<p dir="ltr">sent from my mobile,<br>
Giovanni Maruzzelli<br>
cell: +39 347 266 56 18</p>
<div class="gmail_quote"><div><div>On Sep 11, 2015 3:47 AM, "Saurabh Kumar Verma" <<a href="mailto:saurabhkumar.verma@vvdntech.com" target="_blank">saurabhkumar.verma@vvdntech.com</a>> wrote:<br type="attribution"></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div><div><div dir="ltr"><font color="#0b5394">Hi, </font><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">Hope you're doing good. </font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">I'm facing an issue with having FreeSWITCH (TLS + SRTP). </font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394"><b><u>Issue:</u></b> Audio not coming when I've SRTP(media) enabled on both of the soft-phone endpoints. </font></div><div><font color="#0b5394"><b><u>Observation:</u> </b>Audio is coming if we don't use SRTP for media encryption. </font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394"><br></font></div><div><b><u><font color="#0b5394">Set-up Description:</font></u></b></div><div><font color="#0b5394">I'm registered using TLS and able to make call through FreeSWITCH, but call is disconnected after 30 sec because there is not media flow between the endpoints.</font></div><div><font color="#0b5394">I have two softphone (we're using Linphone as soft-phone) registered on FS server with extension 1003 & 1010, call flow is like:</font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">Call Flow</font></div><div><font color="#0b5394">1003 ------> FS Server -------> 1010</font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">x.x.x.x - Server Public IP<br></font></div><div><font color="#0b5394">y.y.y.y - Server Local IP</font></div><div><font color="#0b5394"><i>NOTE:</i> <i>For security reasons replaced the actual IPs.</i></font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">FreeSWITCH Version Information:</font></div><div><div><b><font color="#0b5394">freeswitch@internal> version</font></b></div><div><b><font color="#0b5394">FreeSWITCH Version 1.4.21+git~20150901T202622Z~a223dd0236~64bit (git a223dd0 2015-09-01 20:26:22Z 64bit)</font></b></div></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">I've done some changes in default dialplan/configuration in FreeSWITCH:</font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">1. Force FreeSWICTH to listen on TLS port only (By using this parameter <b><param name="tls-only" value="true"/> </b>in internal as well as external profile).</font></div><div><font color="#0b5394"><br></font></div><div><div><b><font color="#0b5394">freeswitch@internal> sofia status</font></b></div><div><b><font color="#0b5394"> Name<span style="white-space:pre-wrap">        </span> Type<span style="white-space:pre-wrap">        </span> Data<span style="white-space:pre-wrap">        </span>State</font></b></div><div><b><font color="#0b5394">=================================================================================================</font></b></div><div><b><font color="#0b5394"> external<span style="white-space:pre-wrap">        </span>profile<span style="white-space:pre-wrap">        </span> sip:mod_sofia@x.x.x.x:5081<span style="white-space:pre-wrap">        </span>RUNNING (0) (TLS)</font></b></div><div><b><font color="#0b5394"> external::<a href="http://example.com" target="_blank">example.com</a><span style="white-space:pre-wrap">        </span>gateway<span style="white-space:pre-wrap">        </span> <a href="mailto:sip%3Ajoeuser@example.com" target="_blank">sip:joeuser@example.com</a><span style="white-space:pre-wrap">        </span>NOREG</font></b></div><div><b><font color="#0b5394"> x.x.x.x<span style="white-space:pre-wrap">        </span> alias<span style="white-space:pre-wrap">        </span> internal<span style="white-space:pre-wrap">        </span>ALIASED</font></b></div><div><b><font color="#0b5394"> internal<span style="white-space:pre-wrap">        </span>profile<span style="white-space:pre-wrap">        </span> sip:mod_sofia@x.x.x.x:5061<span style="white-space:pre-wrap">        </span>RUNNING (0) (TLS)</font></b></div><div><b><font color="#0b5394">=================================================================================================</font></b></div><div><b><font color="#0b5394">2 profiles 1 alias</font></b></div></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">2. Use the ODBC driver for driver (By uncomment this <b><!--<param name="odbc-dsn" value="dsn:user:pass"/>--></b> in config files)</font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">In Linphone soft-client, these are the changes has been done:</font></div><div><font color="#0b5394">1. <b>TLS </b>as Transport.</font></div><div><font color="#0b5394">2. <b>SRTP</b> in Media encryption.</font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">In FreeSWITCH, these are the registration logs showing I'm softphones are using TLS</font></div><div><div><b><font color="#0b5394">freeswitch@internal> sofia status profile internal reg</font></b></div><div><b><font color="#0b5394"><br></font></b></div><div><b><font color="#0b5394">Registrations:</font></b></div><div><b><font color="#0b5394">=================================================================================================</font></b></div><div><b><font color="#0b5394">Call-ID: <span style="white-space:pre-wrap">        </span>xmuVdotDkb</font></b></div><div><b><font color="#0b5394">User: <span style="background-color:rgb(255,255,0)"><span style="white-space:pre-wrap">        </span>1003</span>@x.x.x.x</font></b></div><div><b><font color="#0b5394">Contact: <span style="white-space:pre-wrap">        </span>"" <sip:1003@180.151.83.178:63093;app-id=622464153529;pn-type=google;pn-tok=APA91bF-MsdZGvDi951jjCoTDSJc2reyR2JvYHlgtwpeE1vLAlG2zrOIrBmwzx6PPPAHKfcE8aqaOHFtYFoLVztBeqAqz9Cr6D6waN7VCWSIQk7dAdm9HXQ;transport=tls></font></b></div><div><b><font color="#0b5394">Agent: <span style="white-space:pre-wrap">        </span>LinphoneAndroid/2.4.1-28-g98516d9 (belle-sip/1.4.1)</font></b></div><div><b><font color="#0b5394">Status: <span style="background-color:rgb(255,255,0)"> <span style="white-space:pre-wrap">        </span>Registered(TLS)</span>(unknown) EXP(2015-09-09 11:16:30) EXPSECS(3137)</font></b></div><div><b><font color="#0b5394">Ping-Status:<span style="white-space:pre-wrap">        </span>Reachable</font></b></div><div><b><font color="#0b5394">Host: <span style="white-space:pre-wrap">        </span>ip-y-y-y-y.ec2.internal</font></b></div><div><b><font color="#0b5394">IP: <span style="white-space:pre-wrap">        </span>180.151.83.178</font></b></div><div><b><font color="#0b5394">Port: <span style="white-space:pre-wrap">        </span>63093</font></b></div><div><b><font color="#0b5394">Auth-User: <span style="white-space:pre-wrap">        </span>1003</font></b></div><div><b><font color="#0b5394">Auth-Realm: <span style="white-space:pre-wrap">        </span>x.x.x.x</font></b></div><div><b><font color="#0b5394">MWI-Account:<span style="white-space:pre-wrap">        </span>1003@x.x.x.x</font></b></div><div><b><font color="#0b5394"><br></font></b></div><div><b><font color="#0b5394">Call-ID: <span style="white-space:pre-wrap">        </span>6B25YNRXb5</font></b></div><div><b><font color="#0b5394">User: <span style="white-space:pre-wrap">        </span><span style="background-color:rgb(255,255,0)">1010</span>@x.x.x.x</font></b></div><div><b><font color="#0b5394">Contact: <span style="white-space:pre-wrap">        </span>"" <sip:1010@180.151.83.178:13916;app-id=622464153529;pn-type=google;pn-tok=APA91bFqivAK_KIDpU_6PM0pf0U8rx9DOKm0vhyNRqjE1Dpq_uPRbTbT-BMwxNP5NmEyCMfnKxa-fjEhI2J-lzLkCcfFphO1hL39cE4VNqAnnfDbVeQbvmQ;transport=tls></font></b></div><div><b><font color="#0b5394">Agent: <span style="white-space:pre-wrap">        </span>LinphoneAndroid/2.4.1-28-g98516d9 (belle-sip/1.4.1)</font></b></div><div><b><font color="#0b5394">Status: <span style="background-color:rgb(255,255,0)"> <span style="white-space:pre-wrap">        </span>Registered(TLS)</span>(unknown) EXP(2015-09-09 11:11:31) EXPSECS(2838)</font></b></div><div><b><font color="#0b5394">Ping-Status:<span style="white-space:pre-wrap">        </span>Reachable</font></b></div><div><b><font color="#0b5394">Host: <span style="white-space:pre-wrap">        </span>ip-y-y-y-y.ec2.internal</font></b></div><div><b><font color="#0b5394">IP: <span style="white-space:pre-wrap">        </span>180.151.83.178</font></b></div><div><b><font color="#0b5394">Port: <span style="white-space:pre-wrap">        </span>13916</font></b></div><div><b><font color="#0b5394">Auth-User: <span style="white-space:pre-wrap">        </span>1010</font></b></div><div><b><font color="#0b5394">Auth-Realm: <span style="white-space:pre-wrap">        </span>x.x.x.x</font></b></div><div><b><font color="#0b5394">MWI-Account:<span style="white-space:pre-wrap">        </span>1010@x.x.x.x</font></b></div><div><b><font color="#0b5394"><br></font></b></div><div><b><font color="#0b5394">Total items returned: 2</font></b></div><div><b><font color="#0b5394">=================================================================================================</font></b></div></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">For an active call I can see in the channels table, I'm able to see secure parameter is set during the call for both of the call legs.</font></div><div><font color="#0b5394"><br></font></div><div><div><b><font color="#0b5394">freeswitch=# select * from channels ;</font></b></div><div><b><font color="#0b5394"> uuid | direction | created | created_epoch | name | state | cid_name | cid_num | ip_addr </font></b></div><div><b><font color="#0b5394"> | dest | application | application_data | dialplan | context | read_codec | read_rate | read_bit_rate | write_codec | write_rate | write_bit_rate | secure </font></b></div><div><b><font color="#0b5394"> | hostname | presence_id | presence_data | callstate | callee_name | callee_num | callee_direction | call_uuid | sent_callee_name | sen</font></b></div><div><b><font color="#0b5394">t_callee_num | initial_cid_name | initial_cid_num | initial_ip_addr | initial_dest | initial_dialplan | initial_context </font></b></div><div><b><font color="#0b5394">--------------------------------------+-----------+---------------------+---------------+------------------------------------------+-------------------+----------------+---------+------------</font></b></div><div><b><font color="#0b5394">----+------+-------------+------------------------+----------+---------+------------+-----------+---------------+-------------+------------+----------------+----------------------------------</font></b></div><div><b><font color="#0b5394">-+------------------------------+-------------------+---------------+-----------+---------------+------------+------------------+--------------------------------------+------------------+----</font></b></div><div><b><font color="#0b5394">-------------+------------------+-----------------+-----------------+--------------+------------------+-----------------</font></b></div><div><b><font color="#0b5394"> 485d07d6-56da-11e5-ac1a-a53fe62ce2f9 | outbound | 2015-09-09 10:05:22 | 1441793122 | sofia/internal/<a href="http://1010@180.151.83.178:13916" target="_blank">1010@180.151.83.178:13916</a> | CS_EXCHANGE_MEDIA | Extension 1003 | 1003 | 180.151.83.</font></b></div><div><b><font color="#0b5394">178 | 1010 | | | XML | default | opus | 48000 | 0 | opus | 48000 | 0 |<span style="background-color:rgb(255,255,0)"> srtp:sdes:AES_CM_256_HMAC_SHA1_80</span></font></b></div><div><b><font color="#0b5394"> | ip-172-31-42-34.ec2.internal | 1010@x.x.x.x | | ACTIVE | Outbound Call | 1010 | SEND | 47fa445c-56da-11e5-abf5-a53fe62ce2f9 | Extension 1003 | 100</font></b></div><div><b><font color="#0b5394">3 | Extension 1003 | 1003 | 180.151.83.178 | 1010 | XML | default</font></b></div><div><b><font color="#0b5394"> 47fa445c-56da-11e5-abf5-a53fe62ce2f9 | inbound | 2015-09-09 10:05:22 | 1441793122 | sofia/internal/1003@x.x.x.x | CS_EXECUTE | 1003 | 1003 | 180.151.83.</font></b></div><div><b><font color="#0b5394">178 | 1010 | bridge | user/1010@x.x.x.x | XML | default | opus | 48000 | 0 | opus | 48000 | 0 | <span style="background-color:rgb(255,255,0)">srtp:sdes:AES_CM_128_HMAC_SHA1_80</span></font></b></div><div><b><font color="#0b5394"> | ip-172-31-42-34.ec2.internal | 1003@x.x.x.x | | ACTIVE | Outbound Call | 1010 | SEND | 47fa445c-56da-11e5-abf5-a53fe62ce2f9 | Outbound Call | 101</font></b></div><div><b><font color="#0b5394">0 | 1003 | 1003 | 180.151.83.178 | 1010 | XML | default</font></b></div><div><b><font color="#0b5394">(2 rows)</font></b></div></div><div><b><font color="#0b5394"><br></font></b></div><div><font color="#0b5394"> </font></div><div><font color="#0b5394">Attached herewith the complete FreeSWITCH log. Please let me know if any other information is required.<br></font></div><div><font color="#0b5394"><br></font></div><div><font color="#0b5394">Any help from your side would be really appreciated. Seeking some guidance & help from FreeSWITCH team.</font></div><div><br></div><div>-- <br><div><div dir="ltr"><div><div dir="ltr"><p style="color:rgb(7,55,99)"><font face="arial narrow, sans-serif"><b>Thanks:</b><br></font></p><p style="color:rgb(7,55,99)"><font face="arial narrow, sans-serif">Saurabh Kumar Verma<br></font></p><p style="color:rgb(7,55,99)"><font face="arial narrow, sans-serif">VVDN Technologies Pvt Ltd</font></p><font face="arial narrow, sans-serif"><b style="color:rgb(7,55,99)">Cell</b><span style="color:rgb(7,55,99)"> : <a href="tel:%2B91%207042378747" value="+917042378747" target="_blank">+91 7042378747</a> | </span><b style="color:rgb(7,55,99)">Skype</b><span style="color:rgb(7,55,99)"> : saurabh.verma001</span></font><br></div></div></div></div>
</div></div>
<br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><span class="HOEnZb"><font color="#888888"><br></font></span></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr"><div><div dir="ltr"><p style="color:rgb(7,55,99)"><font face="arial narrow, sans-serif"><b>Thanks:</b><br></font></p><p style="color:rgb(7,55,99)"><font face="arial narrow, sans-serif">Saurabh Kumar Verma<br></font></p><p style="color:rgb(7,55,99)"><font face="arial narrow, sans-serif">VVDN Technologies Pvt Ltd</font></p><font face="arial narrow, sans-serif"><b style="color:rgb(7,55,99)">Cell</b><span style="color:rgb(7,55,99)"> : <a href="tel:%2B91%207042378747" value="+917042378747" target="_blank">+91 7042378747</a> | </span><b style="color:rgb(7,55,99)">Skype</b><span style="color:rgb(7,55,99)"> : saurabh.verma001</span></font><br></div></div></div></div>
</font></span></div></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>