[Freeswitch-users] Query related to enabling SRTP in FreeSWITCH-1.0.7

Brian West brian at freeswitch.org
Wed Dec 22 18:13:11 MSK 2010 

Just tested with my snom phone and it works fine.

2010-12-22 09:00:27.304273 [DEBUG] switch_rtp.c:1424 Starting timer [soft] 160 bytes per 20ms
2010-12-22 09:00:27.306260 [DEBUG] sofia_glue.c:3219 Set 2833 dtmf send payload to 101
2010-12-22 09:00:27.306260 [DEBUG] sofia_glue.c:3224 Set 2833 dtmf receive payload to 101
2010-12-22 09:00:27.306260 [INFO] switch_rtp.c:1253 Activating Secure RTP SEND
2010-12-22 09:00:27.306260 [DEBUG] switch_core_sqldb.c:1438 Secure Type: srtp:AES_CM_128_HMAC_SHA1_32
2010-12-22 09:00:27.306260 [INFO] switch_rtp.c:1233 Activating Secure RTP RECV
2010-12-22 09:00:27.306260 [DEBUG] switch_core_sqldb.c:1438 Secure Type: srtp:AES_CM_128_HMAC_SHA1_32
2010-12-22 09:00:27.306260 [DEBUG] mod_sofia.c:683 Local SDP sofia/internal/1000 at 192.168.1.113:5062:
v=0
o=FreeSWITCH 1293010327 1293010328 IN IP4 192.168.1.113
s=FreeSWITCH
c=IN IP4 192.168.1.113
t=0 0
m=audio 19700 RTP/SAVP 0 101
a=rtpmap:0 pcmu/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
a=ptime:20
a=sendrecv
a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:uJA327Ni4Srlz/MPcfvRc0H4gjeP3lpU9KEcPWcm



/b

On Dec 22, 2010, at 4:01 AM, Goutham BG wrote:

> Thanks for the response.
> I have pasted the freeswitch debug log of the call coming in to FreeSWITCH in http://pastebin.freeswitch.org/14852 .
> 
> I think I have set sip_secure_media=true before answering the call in my dialplan. The following is the entry for this extension in my dialplan:
> 
>   <extension name="IVR">
>     <condition field="destination_number" expression="^IVR$">
>       <action application="set" data="sip_secure_media=true"/>
>       <action application="bridge" data="loopback/app=socket:47.152.232.156:8084 async full"/>
>     </condition>
>   </extension>
> 
> Thanks
> Goutham B G
> 
> On Tue, Dec 21, 2010 at 11:47 PM, Brian West <brian at freeswitch.org> wrote:
> And clearly you overlooked my response... are you setting sip_secure_media=true after the call is answered in your dialplan?\
> 
> I need to see the full debug log of a call coming in to FreeSWITCH please on our pastebin.
> 
> /b
> 
> On Dec 21, 2010, at 12:00 PM, Goutham BG wrote:
> 
> > Posting the below query to freeswitch-users list as well. Any hints will be really helpful.
> >
> > ---------- Forwarded message ----------
> > From: Goutham BG <bggoutham at gmail.com>
> > Date: Mon, Dec 20, 2010 at 9:16 PM
> > Subject: Query related to enabling SRTP in FreeSWITCH-1.0.7
> > To: freeswitch-dev at lists.freeswitch.org
> >
> >
> > Hi,
> >
> > I have been trying to enable SRTP in FreeSWITCH-1.0.7 and have been facing some issues.
> > I have the following entry in my dialplan XML file:
> >
> > <extension name="IVR">
> >     <condition field="destination_number" expression="^IVR$">
> >       <action application="bridge" data="loopback/app=socket:47.152.232.156:8084 async full"/>
> >     </condition
> > </extension>
> >
> > A SIP phone (Avaya 12XX) configured in "SRTP best effort" mode dials into this extension and is connected to the IVR. But the media is established in SRTP in one way and RTP in the other way.
> > The phone offers the following SDP in the INVITE message:
> >
> > v=0
> > o=- 10170 10170 IN IP4 47.152.232.147
> > s=Sip Call
> > c=IN IP4 47.152.232.147
> > t=0 0
> > m=audio 5016 RTP/AVP 0 8 18 101 102
> > a=rtpmap:0 PCMU/8000
> > a=ptime:20
> > a=rtpmap:8 PCMA/8000
> > a=ptime:20
> > a=rtpmap:18 G729/8000
> > a=ptime:20
> > a=fmtp:18 annexb=no
> > a=rtpmap:101 telephone-event/8000
> > a=fmtp:101 0-15
> > a=rtpmap:102 X-nt-inforeq/8000
> > a=sendrecv
> > m=audio 5016 RTP/SAVP 0 8 18 101 102
> > a=rtpmap:0 PCMU/8000
> > a=ptime:20
> > a=rtpmap:8 PCMA/8000
> > a=ptime:20
> > a=rtpmap:18 G729/8000
> > a=ptime:20
> > a=fmtp:18 annexb=no
> > a=rtpmap:101 telephone-event/8000
> > a=fmtp:101 0-15
> > a=rtpmap:102 X-nt-inforeq/8000
> > a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Tjivoci1I/mVkt/Fq/ZsiY+
> > +ornJoXjZ5tSadho4
> > a=sendrecv
> >
> > As we can see, there are two "m=" lines in the SDP of the offer; one for RTP and another for SRTP. FreeSWITCH-1.0.7 answers the call by sending 200OK with the following SDP:
> >
> > v=0
> > o=FreeSWITCH 1291628984 1291628985 IN IP4 47.152.232.156
> > s=FreeSWITCH
> > c=IN IP4 47.152.232.156
> > t=0 0
> > m=audio 11280 RTP/AVP 0 101
> > a=rtpmap:0 PCMU/8000
> > a=rtpmap:101 telephone-event/8000
> > a=fmtp:101 0-16
> > a=silenceSupp:off - - - -
> > a=ptime:20
> > m=audio 0 RTP/SAVP 19
> >
> > As you can see above, FreeSWITCH accepts the RTP stream and rejects the SRTP stream (by sending port as 0) in the SDP. The SIP phone sends the media in RTP(which is expected). But, FreeSWITCH sends the media in SRTP to the SIP phone. I believe this is a bug in FreeSWITCH as it is supposed to send the media in RTP since it accepted RTP in the answer (200OK).
> >
> > Query:
> > ======
> > In order to make FreeSWITCH select SRTP in the SDP of the answer(200OK), I made the following change(i.e, setting sip_secure_media=true) in FS dial plan:
> >
> > <extension name="IVR">
> >     <condition field="destination_number" expression="^IVR$">
> >       <action application="set" data="sip_secure_media=true"/>
> >       <action application="bridge" data="loopback/app=socket:47.152.232.156:8084 async full"/>
> >     </condition
> > </extension>
> >
> > In FreeSWITCH-1.0.6(before updating to 1.0.7), this worked and FS accepted the SRTP stream and rejected RTP in the answer(200 OK) as shown below:
> >
> > m=audio 0 RTP/AVP 19
> > m=audio 12084 RTP/SAVP 0 101
> > a=rtpmap:0 PCMU/8000
> > a=rtpmap:101 telephone-event/8000
> > a=fmtp:101 0-16
> > a=silenceSupp:off - - - -
> > a=ptime:20
> > a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:hgv7ClqDx1irTRrXq2NEm9Gbouw0969bBU3n+LcM
> >
> > But after updating the FreeSWITCH-1.0.6 to 1.0.7, the above mentioned dial plan change (i.e, setting sip_secure_media=true) is not working. It is still behaving in the same way as it did without the XML change.
> >
> > Can you please let me know if anything else needs to be added in dialplan XML file for enabling SRTP in this case in FreeSWITCH-1.0.7 or am I missing something here?
> >
> > I have referred the following FS wiki pages for making the SRTP changes:
> > http://wiki.freeswitch.org/wiki/Secure_RTP
> > http://wiki.freeswitch.org/wiki/SRTP
> >
> > Note: There is no issue when the SIP phone is configured in "SRTP only" mode where only SRTP stream is offered in the SDP of the INVITE. In this case, SIP phone and FreeSWITCH communicate properly using SRTP. This doesn't require setting "sip_secure_media=true" in the dialplan XML file.
> > P.S: I am a newbie to FreeSWITCH. So, please forgive me if I am asking basic questions.
> >
> > Thanks
> > Goutham B G
> > _______________________________________________
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
> 
> 
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
> 
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20101222/7640624d/attachment-0001.html

More information about the FreeSWITCH-users mailing list