[Freeswitch-users] Secure B-Leg from PSTN call - how to?

Peter Waldheim struwwelp at gmail.com
Mon Jul 1 13:04:42 MSD 2013


I'm still struggling with this and cleaned up the whole configuration.

The only SRTP-related setting now is the
<action application='export' data='nolocal:sip_secure_media=true'/>
before the bridging.

The info app seems to reflect that by
2013-07-01 10:40:49.640784 [DEBUG] switch_channel.c:1176 FreeTDM/1:1/21
EXPORTING[export_vars][sip_secure_media]=[true] to event

(Could anybody please confirm if this is the right place to look and this
should trigger a secure b-leg?)

But the "Local SDP" still has no crypto or savp in it - like in the
original post. (It should show up here, right?)

And eventually the connection gets denied by the client, which would only
allow srtp connections.

Does anybody have an idea, what could prevent the secure  b-leg (if my
assumptions are correct it seems I get a non-secure sdp despite having
sip_secure_media set to true)?

Thanks and regards
Peter


2013/6/28 Peter Waldheim <struwwelp at gmail.com>

> Thanks Daniel but I know and am already doing that. Would the debug output
> about "EXPORTING[export_vars]... to event" not confirm that working, or am
> I mistaken?
>
>
> 2013/6/28 Daniel Ivanov <sertys at gmail.com>
>
>> Well you have to export the variables instead of setting them to apply to
>> b-leg.
>> Like
>> <action application='export' data='nolocal:sip_secure_media=true'/>
>> On Jun 28, 2013 10:51 AM, "Peter Waldheim" <struwwelp at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I'm trying to secure (SRTP) the b-leg for a call coming in via pstn
>>> (pri/freetdm).
>>> For this I'm setting sip_secure_media and also
>>> trying sdp_secure_savp_only, but it seems freeswitch does not offer SAVP to
>>> my client (which in turn will refuse). SIP-to-SIP this works fine.
>>>
>>> Here the the portion of the log where I would have expected to see SAVP
>>> in the sdp:
>>>
>>> EXECUTE FreeTDM/1:5/21 bridge(sofia/external5090/21%10.1.1.12)
>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21
>>> EXPORTING[export_vars] [sip_secure_media]=[true] to event
>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21
>>> EXPORTING[export_vars] [dialed_extension]=[21] to event
>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21
>>> EXPORTING[export_vars] [sip_secure_media]=[true] to event
>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21
>>> EXPORTING[export_vars] [sdp_secure_savp_only]=[true] to event
>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_ivr_originate.c:2050 Parsing
>>> global variables
>>> 2013-06-28 09:20:10.800816 [NOTICE] switch_channel.c:1030 New Channel
>>> sofia/external5090/21 [2b0bff7e-dfc3-11e2-b111-c96542f7174a]
>>> 2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:4420
>>> (sofia/external5090/21) State Change CS_NEW -> CS_INIT
>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_session.c:1341 Send
>>> signal sofia/external5090/21 [BREAK]
>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:416
>>> (sofia/external5090/21) Running State Change CS_INIT
>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:455
>>> (sofia/external5090/21) State INIT
>>> 2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:87 sofia/external5090/21
>>> SOFIA INIT
>>> 2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1191
>>> sip:21 at client.ip.is.secret:49915;rinstance=e177370cb4131e9f;transport=tls
>>> Setting proxy route to sofia/external5090/21
>>> 2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1220 Local SDP:
>>> v=0
>>> o=FreeSWITCH 1372384350 1372384351 IN IP4 my.ip.is.secret
>>> s=FreeSWITCH
>>> c=IN IP4 my.ip.is.secret
>>> t=0 0
>>> m=audio 19660 RTP/AVP 8 3 101 13
>>> a=rtpmap:101 telephone-event/8000
>>> a=fmtp:101 0-16
>>> a=ptime:20
>>> a=sendrecv
>>> m=video 20590 RTP/AVP 34 98
>>> a=rtpmap:34 H263/90000
>>> a=rtpmap:98 H264/90000
>>>
>>> Any help with this would be greatly appreciated.
>>>
>>> Regards
>>> Peter
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130701/34faafaf/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list