[Freeswitch-users] Query related to enabling SRTP in FreeSWITCH-1.0.7

Brian West brian at freeswitch.org
Tue Dec 21 21:17:31 MSK 2010 

And clearly you overlooked my response... are you setting sip_secure_media=true after the call is answered in your dialplan?\

I need to see the full debug log of a call coming in to FreeSWITCH please on our pastebin.

/b

On Dec 21, 2010, at 12:00 PM, Goutham BG wrote:

> Posting the below query to freeswitch-users list as well. Any hints will be really helpful.
> 
> ---------- Forwarded message ----------
> From: Goutham BG <bggoutham at gmail.com>
> Date: Mon, Dec 20, 2010 at 9:16 PM
> Subject: Query related to enabling SRTP in FreeSWITCH-1.0.7
> To: freeswitch-dev at lists.freeswitch.org
> 
> 
> Hi,
> 
> I have been trying to enable SRTP in FreeSWITCH-1.0.7 and have been facing some issues.
> I have the following entry in my dialplan XML file:
> 
> <extension name="IVR">
>     <condition field="destination_number" expression="^IVR$">
>       <action application="bridge" data="loopback/app=socket:47.152.232.156:8084 async full"/>
>     </condition
> </extension>
> 
> A SIP phone (Avaya 12XX) configured in "SRTP best effort" mode dials into this extension and is connected to the IVR. But the media is established in SRTP in one way and RTP in the other way.
> The phone offers the following SDP in the INVITE message:
> 
> v=0
> o=- 10170 10170 IN IP4 47.152.232.147
> s=Sip Call
> c=IN IP4 47.152.232.147
> t=0 0
> m=audio 5016 RTP/AVP 0 8 18 101 102
> a=rtpmap:0 PCMU/8000
> a=ptime:20
> a=rtpmap:8 PCMA/8000
> a=ptime:20
> a=rtpmap:18 G729/8000
> a=ptime:20
> a=fmtp:18 annexb=no
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-15
> a=rtpmap:102 X-nt-inforeq/8000
> a=sendrecv
> m=audio 5016 RTP/SAVP 0 8 18 101 102
> a=rtpmap:0 PCMU/8000
> a=ptime:20
> a=rtpmap:8 PCMA/8000
> a=ptime:20
> a=rtpmap:18 G729/8000
> a=ptime:20
> a=fmtp:18 annexb=no
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-15
> a=rtpmap:102 X-nt-inforeq/8000
> a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Tjivoci1I/mVkt/Fq/ZsiY+
> +ornJoXjZ5tSadho4
> a=sendrecv
> 
> As we can see, there are two "m=" lines in the SDP of the offer; one for RTP and another for SRTP. FreeSWITCH-1.0.7 answers the call by sending 200OK with the following SDP:
> 
> v=0
> o=FreeSWITCH 1291628984 1291628985 IN IP4 47.152.232.156
> s=FreeSWITCH
> c=IN IP4 47.152.232.156
> t=0 0
> m=audio 11280 RTP/AVP 0 101
> a=rtpmap:0 PCMU/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=silenceSupp:off - - - -
> a=ptime:20
> m=audio 0 RTP/SAVP 19
> 
> As you can see above, FreeSWITCH accepts the RTP stream and rejects the SRTP stream (by sending port as 0) in the SDP. The SIP phone sends the media in RTP(which is expected). But, FreeSWITCH sends the media in SRTP to the SIP phone. I believe this is a bug in FreeSWITCH as it is supposed to send the media in RTP since it accepted RTP in the answer (200OK).
> 
> Query:
> ======
> In order to make FreeSWITCH select SRTP in the SDP of the answer(200OK), I made the following change(i.e, setting sip_secure_media=true) in FS dial plan:
> 
> <extension name="IVR">
>     <condition field="destination_number" expression="^IVR$">
>       <action application="set" data="sip_secure_media=true"/>
>       <action application="bridge" data="loopback/app=socket:47.152.232.156:8084 async full"/>
>     </condition
> </extension>
> 
> In FreeSWITCH-1.0.6(before updating to 1.0.7), this worked and FS accepted the SRTP stream and rejected RTP in the answer(200 OK) as shown below:
> 
> m=audio 0 RTP/AVP 19
> m=audio 12084 RTP/SAVP 0 101
> a=rtpmap:0 PCMU/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=silenceSupp:off - - - -
> a=ptime:20
> a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:hgv7ClqDx1irTRrXq2NEm9Gbouw0969bBU3n+LcM
> 
> But after updating the FreeSWITCH-1.0.6 to 1.0.7, the above mentioned dial plan change (i.e, setting sip_secure_media=true) is not working. It is still behaving in the same way as it did without the XML change.
> 
> Can you please let me know if anything else needs to be added in dialplan XML file for enabling SRTP in this case in FreeSWITCH-1.0.7 or am I missing something here?
> 
> I have referred the following FS wiki pages for making the SRTP changes:
> http://wiki.freeswitch.org/wiki/Secure_RTP
> http://wiki.freeswitch.org/wiki/SRTP
> 
> Note: There is no issue when the SIP phone is configured in "SRTP only" mode where only SRTP stream is offered in the SDP of the INVITE. In this case, SIP phone and FreeSWITCH communicate properly using SRTP. This doesn't require setting "sip_secure_media=true" in the dialplan XML file.
> P.S: I am a newbie to FreeSWITCH. So, please forgive me if I am asking basic questions.
> 
> Thanks
> Goutham B G
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

More information about the FreeSWITCH-users mailing list