<div dir="ltr">As i understand you try overwrite transport to user B registration.<br>In many case users is located behind NAT and FS cannot establish TLS connections to B-user.<br><br>Think in your case need to disable all non TLS sockets and then simple try bridge "user/{user}@{domain}"</div><br><div class="gmail_quote"><div dir="ltr">сб, 29 сент. 2018 г. в 13:20, Chhorm Chhatra <<a href="mailto:ch.chhatra@gmail.com">ch.chhatra@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Dear Brain West,<br>thank you for your response.<div>I would like to confirm that either using export or set on a leg of "rtp_secure_media=true" with the following dial-string is not working for me. One leg call is fine but it does not work for 2-leg call (I could not hear the sound and the call terminates after </div></div><div dir="ltr"><div> <span style="color:rgb(51,51,51);font-family:Calibri,sans-serif;font-size:14px">{rtp_secure_media=${reg</span><span style="color:rgb(51,51,51);font-family:Calibri,sans-serif;font-size:14px">ex(${sofia_contact(${dialed_</span><span style="color:rgb(51,51,51);font-family:Calibri,sans-serif;font-size:14px">user}@${dialed_domain})}|</span><span style="color:rgb(51,51,51);font-family:Calibri,sans-serif;font-size:14px">transport=tls)},presence_id=${</span><span style="color:rgb(51,51,51);font-family:Calibri,sans-serif;font-size:14px">dialed_user}@${dialed_domain}}</span><span style="color:rgb(51,51,51);font-family:Calibri,sans-serif;font-size:14px">${sofia_contact(${dialed_user}</span><span style="color:rgb(51,51,51);font-family:Calibri,sans-serif;font-size:14px">@${dialed_domain})}" </span></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, 1 Aug 2018 at 23:20, Brian West <<a href="mailto:brian@freeswitch.com" target="_blank">brian@freeswitch.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">don't us export, set it inside {}, or on use set on a-leg.<div><br></div><div>/b</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 31, 2018 at 9:23 AM, Chhorm Chhatra <span dir="ltr"><<a href="mailto:ch.chhatra@gmail.com" target="_blank">ch.chhatra@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>Hello,<span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>Currently, I faced a problem regarding SRTP outbound call to user (Leg B).<span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>The scenario is like this,<span></span></span></p><ul type="disc" style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial;margin-top:0in;margin-bottom:0in"><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>We set up our own root CA to an IP address (e.g 192.168.0.13)<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>We create a server certificate for freeswitch at 192.168.0.13<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Linphone is used as SIP client and is configured to trust our root CA by default.<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Linphone A is configured to register to Freeswitch vis TLS + SRTP. (One leg call to server has both SIPs and SRTP – completely secure)<span></span></span></li><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Linphone B is registered to Freeswitch via TLS + SRTP, and waiting for Linphone A to call to.<span></span></span></li></ul><p class="m_7184117947716159701m_8671908678696818418m_2284614180668511866m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">(One leg call to server, e.g. 9196 (echo test), is completely secure with SRTP + SIPs)<span></span></p><ul type="disc" style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial;margin-top:0in;margin-bottom:0in"><li class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span>Unfortunately, if A call to B, only A leg has SIPs + SRTP, but Leg B is not encrypted with SRTP and SIPs at all. This causes<span> </span></span><b><span style="font-size:10pt;font-family:Verdana,sans-serif;color:black;background:white">SRTP unprotect failed with code 7 (auth check failed)</span></b><b><span>.</span></b><span><span></span></span></li></ul><p class="m_7184117947716159701m_8671908678696818418m_2284614180668511866m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">+ Dialplan Configuration<span></span></p><p class="m_7184117947716159701m_8671908678696818418m_2284614180668511866m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif"><action application="set" data="rtp_secure_media=true"/><span></span></p><p class="m_7184117947716159701m_8671908678696818418m_2284614180668511866m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif"><action application="export" data="rtp_secure_media=true"/><span></span></p><p class="m_7184117947716159701m_8671908678696818418m_2284614180668511866m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">The dial-string is <action application="bridge" data="user/${dialed_extension}@${domain_name}"/><span></span></p><p class="m_7184117947716159701m_8671908678696818418m_2284614180668511866m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:0in 0in 0.0001pt 0.5in;font-size:11pt;font-family:Calibri,sans-serif">+ Directory Configruation:<span></span></p><p class="m_7184117947716159701m_8671908678696818418m_2284614180668511866m_-5664648862353145480gmail-m_-5773767210298921976gmail-MsoListParagraph" style="text-decoration-style:initial;text-decoration-color:initial;margin:7.5pt 0in 0.0001pt 0.5in;background:white;font-size:11pt;font-family:Calibri,sans-serif"><span style="font-size:10.5pt;color:rgb(51,51,51)"><param name="dial-string" value="{rtp_secure_media=${regex(${sofia_contact(${dialed_user}@${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}" /><span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>My question is that, is there any configuration left that I have to set up in order to let freeswitch initiate an outbound call to Leg B correctly with SRTP and SIPs (tls)?<span></span></span></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif"><span>Any help would be really appreciated.<span></span></span></p><span style="text-decoration-style:initial;text-decoration-color:initial;font-size:11pt;font-family:Calibri,sans-serif">Thank you so much.<span> </span></span><span style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"></span><br style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><div style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><span style="font-size:11pt;font-family:Calibri,sans-serif">Best Regard,</span></div>
<br></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_7184117947716159701m_8671908678696818418m_2284614180668511866gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:12.8px"><font color="#000000"><img src="https://hipchat.freeswitch.org/files/1/9111/w0eGOzyOVyZQdMg/email_logo.png" width="200" height="66"><br></font></div><div style="font-size:12.8px"><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Brian West | Co-founder and Developer</font></span></p><p style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Need Commercial support? email <a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a> </font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">FreeSWITCH Solutions | <a href="https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g" style="color:rgb(17,85,204)" target="_blank">17345 Civic Drive #2531 Brookfield, WI 53045</a></font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><font color="#000000"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Email: </span><span style="color:rgb(17,85,204);font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="mailto:brian@freeswitch.com" target="_blank">brian@freeswitch.com</a></span></font></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Mobile: <a href="tel:(918)%20424-9378" value="+19184249378" target="_blank">918-424-9378</a></font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><font color="#000000"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Website: </span><a href="https://www.freeswitch.com/" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">https://www.FreeSWITCH.com</span></a></font></p><p dir="ltr" style="font-size:12.8px;line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="background-color:transparent;font-size:9pt;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap"><a href="https://www.facebook.com/freeswitch" target="_blank"><img alt="https://www.facebook.com/signalwireinc?src=email " src="https://lh6.googleusercontent.com/AYfRoSNaDNtMPRMevPn_GqcVEMd5NDRFi0GlluGUWzV6I5TAY_3T2-Tt0IuIXeUtEdYsgNsM8DOYKRKhjmrG_-n2Ga-LCnoNk46sO8VyEma1sBFYdiGJcLRUvkrD1CYHN79qimeg" width="31" height="31" style="border:none"></a> </span><span style="background-color:transparent;font-size:9pt;font-family:Tahoma;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap"><a href="https://twitter.com/freeswitch" target="_blank"><img alt="https://twitter.com/freeswitch" src="https://lh3.googleusercontent.com/W4SqXyybH2qdAozvtoKjcz736qOjk9LHDwldvs1ahc-WVU0putVMSsUH474KDrJ32jsqi6JDjyUWxqeEkN5I1xSlC5ShYrd1b8NIMUkDzDrtbWQfa6A_90UcygqesBtRLgeFirKa" width="31" height="31" style="border:none"></a></span><br></p></div></div></div></div></div></div></div></div></div></div></div>
</div>
_________________________________________________________________________<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div>
_________________________________________________________________________<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div>