<div dir="ltr">don't us export, set it inside {}, or on use set on a-leg.<div><br></div><div>/b</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 31, 2018 at 9:23 AM, Chhorm Chhatra <span dir="ltr"><<a href="mailto:ch.chhatra@gmail.com" target="_blank">ch.chhatra@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">

<p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>Hello,<span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>Currently, I faced a problem regarding SRTP outbound call to user (Leg B).<span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>The scenario is like this,<span></span></span></p><ul type="disc" style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial;margin-top:0in;margin-bottom:0in"><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>We set up our own root CA to an IP address (e.g 192.168.0.13)<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>We create a server certificate for freeswitch at 192.168.0.13<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Linphone is used as SIP client and is configured to trust our root CA by default.<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Linphone A is configured to register to Freeswitch vis TLS + SRTP. (One leg call to server has both SIPs and SRTP – completely secure)<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Linphone B is registered to Freeswitch via TLS + SRTP, and waiting for Linphone A to call to.<span></span></span></li></ul><p class="m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">(One leg call to server, e.g. 9196 (echo test), is completely secure with SRTP + SIPs)<span></span></p><ul type="disc" style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial;margin-top:0in;margin-bottom:0in"><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Unfortunately, if A call to B, only A leg has SIPs + SRTP, but Leg B is not encrypted with SRTP and SIPs at all. This causes<span> </span></span><b><span style="font-size:10pt;font-family:Verdana,sans-serif;color:black;background:white">SRTP unprotect failed with code 7 (auth check failed)</span></b><b><span>.</span></b><span><span></span></span></li></ul><p class="m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">+ Dialplan Configuration<span></span></p><p class="m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif"><action application="set" data="rtp_secure_media=true"/><span></span></p><p class="m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif"><action application="export" data="rtp_secure_media=true"/><span></span></p><p class="m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">The dial-string is <action application="bridge" data="user/${dialed_extension}<wbr>@${domain_name}"/><span></span></p><p class="m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">+ Directory Configruation:<span></span></p><p class="m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:7.5pt 0in 0.0001pt 0.5in;background:white;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10.5pt;color:rgb(51,51,51)"><param name="dial-string" value="{rtp_secure_media=${reg<wbr>ex(${sofia_contact(${dialed_<wbr>user}@${dialed_domain})}|<wbr>transport=tls)},presence_id=${<wbr>dialed_user}@${dialed_domain}}<wbr>${sofia_contact(${dialed_user}<wbr>@${dialed_domain})}" /><span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>My question is that, is there any configuration left that I have to set up in order to let freeswitch initiate an outbound call to Leg B correctly with SRTP and SIPs (tls)?<span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>Any help would be really appreciated.<span></span></span></p><span style="text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif">Thank you so much.<span> </span></span><span style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"></span><br style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:11pt;font-family:Calibri,sans-serif">Best Regard,</span></div>

<br></div>
<br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/<wbr>confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:12.8px"><font color="#000000"><img src="https://hipchat.freeswitch.org/files/1/9111/w0eGOzyOVyZQdMg/email_logo.png" width="200" height="66"><br></font></div><div style="font-size:12.8px"><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Brian West | Co-founder and Developer</font></span></p><p style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Need Commercial support? email <a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a> </font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">FreeSWITCH Solutions | <a href="https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g" style="color:rgb(17,85,204)" target="_blank">17345 Civic Drive #2531 Brookfield, WI 53045</a></font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><font color="#000000"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Email: </span><span style="color:rgb(17,85,204);font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="mailto:brian@freeswitch.com" target="_blank">brian@freeswitch.com</a></span></font></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Mobile: 918-424-9378</font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><font color="#000000"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Website: </span><a href="https://www.freeswitch.com/" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">https://www.FreeSWITCH.com</span></a></font></p><p dir="ltr" style="font-size:12.8px;line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="background-color:transparent;font-size:9pt;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap"><a href="https://www.facebook.com/freeswitch" target="_blank"><img alt="https://www.facebook.com/signalwireinc?src=email " src="https://lh6.googleusercontent.com/AYfRoSNaDNtMPRMevPn_GqcVEMd5NDRFi0GlluGUWzV6I5TAY_3T2-Tt0IuIXeUtEdYsgNsM8DOYKRKhjmrG_-n2Ga-LCnoNk46sO8VyEma1sBFYdiGJcLRUvkrD1CYHN79qimeg" width="31" height="31" style="border:none"></a> </span><span style="background-color:transparent;font-size:9pt;font-family:Tahoma;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap"><a href="https://twitter.com/freeswitch" target="_blank"><img alt="https://twitter.com/freeswitch" src="https://lh3.googleusercontent.com/W4SqXyybH2qdAozvtoKjcz736qOjk9LHDwldvs1ahc-WVU0putVMSsUH474KDrJ32jsqi6JDjyUWxqeEkN5I1xSlC5ShYrd1b8NIMUkDzDrtbWQfa6A_90UcygqesBtRLgeFirKa" width="31" height="31" style="border:none"></a></span><br></p></div></div></div></div></div></div></div></div></div></div></div>
</div>