[Freeswitch-users] TLS and SRTP between 2 Freeswitch servers

Peter P GMX Prometheus001 at gmx.net
Tue Aug 26 14:51:29 PDT 2008

I have tried to set this up, but I need some help to get TLS to work

What does work:
I setup 2 freeswitch servers with IP xxx.xxx.xxx.55 and xxx.xxx.xxx.56. 
They are connected via UDP/Port 5060 (SIP)
I have 2 snom phones connected to the servers via TLS (1002@ 
xxx.xxx.xxx.55 and 1003@ xxx.xxx.xxx.56)
Server1 registers to Server2 as UA 1007
I can dial "8001" on 1002 at server and reach 1003 at server2 and make a call

What doesn't work
If I try to change the communication to TLS/SRTP between the 2 servers 
it fails (I think due to missing knowledge on my side)

here is my conf:
FS Server 1
dialplan/default.xml: Route 8001 to 2nd freeswitch
<!-- Dial to Freeswitch2 -->
<extension name="Freeswitch2">
<condition field="destination_number" expression="^8001$">
<action application="set" data="effective_caller_id_number=xxxxxxx"/>
<action application="bridge" 
data="sofia/gateway/freeswitch2/1003 at xxx.xxx.xxx.56"/>

dialplan/public.xml for inbound
<extension name="freeswitch2"> <!-- your provider or any name you'd like 
to call it -->
<condition field="destination_number" expression="xxxxxxxx"> <!-- your 
DID for this gateway-->
<action application="transfer" data="$1 XML default"/>

Register on FS 2 as UA1007
<gateway name="freeswitch2">
<param name="username" value="1007"/>
<param name="realm" value="xxx.xxx.xxx.56"/>
<param name="password" value="1234"/>
<param name="register" value="true"/>
<param name="register-transport" value="tls"/>
<param name="retry_seconds" value="30"/>

On Server2
<extension name="8001">
<condition field="destination_number" expression="^8001$">
<action application="set" data="ruri_profile=default"/>
<action application="set" data="ruri_user=2000"/>
<action application="set" data="ruri_contact=1003@$${domain}"/>
<action application="execute_extension" data="ruri"/>

When I try to connect the call, on server1 I see:
2008-08-27 01:37:28 [DEBUG] switch_core_state_machine.c:140 
switch_core_standard_on_execute() sofia/internal/1002 at xxx.xxx.xxx.55 
Execute bridge(sofia/gateway/freeswitch2/1003 at xxx.xxx.xxx.56)
2008-08-27 01:37:28 [ERR] mod_sofia.c:1864 sofia_outgoing_channel() 
Invalid Gateway
2008-08-27 01:37:28 [NOTICE] mod_sofia.c:2055 sofia_outgoing_channel() 
Close Channel N/A [CS_NEW]
2008-08-27 01:37:28 [ERR] switch_ivr_originate.c:926 
switch_ivr_originate() Cannot create outgoing channel of type [sofia] 

The only thing I changed in external/example.xml was setting transport 
to TLS
<param name="register-transport" value="tls"/>
I also tried to modify proxy and register proxy (added ;transport=tls) 
in the gateway settings but no scuccess.

Is there anything more to do?

Best regards

Peter P GMX schrieb:
> Hello,
> did anyone manage to get a TLS and SRTP connection working between 2 
> Freeswitch servers?
> For my understanding Freeswitch should just behave like a normal UA. So 
> TLS and SRTP should also be possible, when routing calls between 2 FS 
> servers, hein?
> Maybe someone may also post a sample configuration?
> Thanks for your support.
> Best regards
> Peter
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

More information about the FreeSWITCH-users mailing list