<div dir="ltr">

<p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>Hello,<span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>Currently, I faced a problem regarding SRTP outbound call to user (Leg B).<span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>The scenario is like this,<span></span></span></p><ul type="disc" style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial;margin-top:0in;margin-bottom:0in"><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>We set up our own root CA to an IP address (e.g 192.168.0.13)<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>We create a server certificate for freeswitch at 192.168.0.13<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Linphone is used as SIP client and is configured to trust our root CA by default.<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Linphone A is configured to register to Freeswitch vis TLS + SRTP. (One leg call to server has both SIPs and SRTP – completely secure)<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Linphone B is registered to Freeswitch via TLS + SRTP, and waiting for Linphone A to call to.<span></span></span></li></ul><p class="gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">(One leg call to server, e.g. 9196 (echo test), is completely secure with SRTP + SIPs)<span></span></p><ul type="disc" style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial;margin-top:0in;margin-bottom:0in"><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Unfortunately, if A call to B, only A leg has SIPs + SRTP, but Leg B is not encrypted with SRTP and SIPs at all. This causes<span> </span></span><b><span style="font-size:10pt;font-family:Verdana,sans-serif;color:black;background:white">SRTP unprotect failed with code 7 (auth check failed)</span></b><b><span>.</span></b><span><span></span></span></li></ul><p class="gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">+ Dialplan Configuration<span></span></p><p class="gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif"><action application="set" data="rtp_secure_media=true"/><span></span></p><p class="gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif"><action application="export" data="rtp_secure_media=true"/><span></span></p><p class="gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">The dial-string is <action application="bridge" data="user/${dialed_extension}<wbr>@${domain_name}"/><span></span></p><p class="gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">+ Directory Configruation:<span></span></p><p class="gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:7.5pt 0in 0.0001pt 0.5in;background:white;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10.5pt;color:rgb(51,51,51)"><param name="dial-string" value="{rtp_secure_media=${<wbr>regex(${sofia_contact(${<wbr>dialed_user}@${dialed_domain})<wbr>}|transport=tls)},presence_id=<wbr>${dialed_user}@${dialed_<wbr>domain}}${sofia_contact(${<wbr>dialed_user}@${dialed_domain})<wbr>}" /><span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>My question is that, is there any configuration left that I have to set up in order to let freeswitch initiate an outbound call to Leg B correctly with SRTP and SIPs (tls)?<span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>Any help would be really appreciated.<span></span></span></p><span style="text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif">Thank you so much.<span> </span></span><span style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"></span><br style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:11pt;font-family:Calibri,sans-serif">Best Regard,</span></div>

<br></div>