[Freeswitch-users] zrtp endpoints have different sas through fs 1.0.4

Harondel J. Sibble help at pdscc.com
Sun Aug 23 14:37:47 PDT 2009

I've got 1.0.4 running with zrtp on ubuntu 9.0.4. I have 3 zrtp capable 
endpoints: an xp desktop running ekiga with the 0.92 build 218 zfone client, 
2 cell phones running ver 2.0.5 of the Tivi softphone: a nokia e61i (symbian 
s60) and an O2 Xda Flame (windows mobile 5).

All 3 endpoints are registered with FS using the default extensions of 1000-

With global_setvar zrtp_secure_media=true the zrtp negotiation between end 
points happens but the SAS never matches,below is console output for a call 
between 2 of the endpoints 

2009-08-23 14:10:17.643073 [NOTICE] mod_sofia.c:1509 Pre-Answer 
sofia/internal/1003 at!
2009-08-23 14:10:21.257568 [NOTICE] sofia.c:3794 Channel 
[sofia/internal/sip:1000 at] has been answered
2009-08-23 14:10:21.275521 [NOTICE] switch_ivr_originate.c:2015 Channel 
[sofia/internal/1003 at] has been answered
2009-08-23 14:10:22.232053 [WARNING] mod_sofia.c:810 We were told to use 
ptime 20 but what they meant to say was 80
This issue has so far been identified to happen on the following broken 
Linksys/Sipura aka Cisco
We will try to fix it but some of the devices on this list are so broken who 
knows what will happen..
2009-08-23 14:11:34.496118 [NOTICE] sofia.c:322 Hangup 
sofia/internal/sip:1000 at [CS_EXCHANGE_MEDIA] 
2009-08-23 14:11:34.512100 [NOTICE] switch_ivr_bridge.c:1016 Hangup 
sofia/internal/1003 at [CS_EXECUTE] [NORMAL_CLEARING]
2009-08-23 14:11:34.552158 [NOTICE] switch_core_session.c:1086 Session 16 
(sofia/internal/sip:1000 at Ended
2009-08-23 14:11:34.552158 [NOTICE] switch_core_session.c:1088 Close Channel 
sofia/internal/sip:1000 at [CS_DESTROY]
2009-08-23 14:11:34.556441 [NOTICE] switch_core_session.c:1086 Session 15 
(sofia/internal/1003 at Ended
2009-08-23 14:11:34.556441 [NOTICE] switch_core_session.c:1088 Close Channel 
sofia/internal/1003 at [CS_DESTROY]

Of note, with the endpoints registered through the Ekiga sip server, the sas 
DOES match on both ends.

With global_setvar zrtp_secure_media=false, the endpoints can't detect a zrtp 

Reading the list archives hasn't enlightened me.

I see this comment from 2008


    On Jul 17, 2008, at 4:23 PM, Michael Jerris wrote:

    > it should in bypass_media or proxy_media modes.  in the other modes we
    > are in the media path and would not know how to handle the encrypted
    > packets.
    > Mike

Is this still relevant? Or is there some other setting not covered here


to make this work properly? I ask firstly about  this in the context of a 
peer 2 peer zrtp communication between the endpoints, then secondly in the 
case of FS acting as a trusted middleman as in section 2 here


Lastly how does one implement the security enrollment as noted above with FS
Harondel J. Sibble 
Sibble Computer Consulting
Creating Solutions for the small and medium business computer user.
help at pdscc.com (use pgp keyid 0x3AD5C11D) http://www.pdscc.com
(604) 739-3709 (voice)

More information about the FreeSWITCH-users mailing list