[Freeswitch-users] Secure B-Leg from PSTN call - how to?

Carlos Flor jackal at cybershroud.net
Mon Jul 1 19:25:05 MSD 2013 

Not sure if this is your issue, but depending on what version of FS you are
running, sip_secure_media has been replaced with rtp_secure_media.  Try
exporting that instead and see if it works.


On Mon, Jul 1, 2013 at 5:04 AM, Peter Waldheim <struwwelp at gmail.com> wrote:

> I'm still struggling with this and cleaned up the whole configuration.
>
> The only SRTP-related setting now is the
> <action application='export' data='nolocal:sip_secure_media=true'/>
> before the bridging.
>
> The info app seems to reflect that by
> 2013-07-01 10:40:49.640784 [DEBUG] switch_channel.c:1176 FreeTDM/1:1/21
> EXPORTING[export_vars][sip_secure_media]=[true] to event
>
> (Could anybody please confirm if this is the right place to look and this
> should trigger a secure b-leg?)
>
> But the "Local SDP" still has no crypto or savp in it - like in the
> original post. (It should show up here, right?)
>
> And eventually the connection gets denied by the client, which would only
> allow srtp connections.
>
> Does anybody have an idea, what could prevent the secure  b-leg (if my
> assumptions are correct it seems I get a non-secure sdp despite having
> sip_secure_media set to true)?
>
> Thanks and regards
> Peter
>
>
> 2013/6/28 Peter Waldheim <struwwelp at gmail.com>
>
>> Thanks Daniel but I know and am already doing that. Would the debug
>> output about "EXPORTING[export_vars]... to event" not confirm that working,
>> or am I mistaken?
>>
>>
>> 2013/6/28 Daniel Ivanov <sertys at gmail.com>
>>
>>> Well you have to export the variables instead of setting them to apply
>>> to b-leg.
>>> Like
>>> <action application='export' data='nolocal:sip_secure_media=true'/>
>>> On Jun 28, 2013 10:51 AM, "Peter Waldheim" <struwwelp at gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I'm trying to secure (SRTP) the b-leg for a call coming in via pstn
>>>> (pri/freetdm).
>>>> For this I'm setting sip_secure_media and also
>>>> trying sdp_secure_savp_only, but it seems freeswitch does not offer SAVP to
>>>> my client (which in turn will refuse). SIP-to-SIP this works fine.
>>>>
>>>> Here the the portion of the log where I would have expected to see SAVP
>>>> in the sdp:
>>>>
>>>> EXECUTE FreeTDM/1:5/21 bridge(sofia/external5090/21%10.1.1.12)
>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21
>>>> EXPORTING[export_vars] [sip_secure_media]=[true] to event
>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21
>>>> EXPORTING[export_vars] [dialed_extension]=[21] to event
>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21
>>>> EXPORTING[export_vars] [sip_secure_media]=[true] to event
>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_channel.c:1176 FreeTDM/1:5/21
>>>> EXPORTING[export_vars] [sdp_secure_savp_only]=[true] to event
>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_ivr_originate.c:2050 Parsing
>>>> global variables
>>>> 2013-06-28 09:20:10.800816 [NOTICE] switch_channel.c:1030 New Channel
>>>> sofia/external5090/21 [2b0bff7e-dfc3-11e2-b111-c96542f7174a]
>>>> 2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:4420
>>>> (sofia/external5090/21) State Change CS_NEW -> CS_INIT
>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_session.c:1341 Send
>>>> signal sofia/external5090/21 [BREAK]
>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:416
>>>> (sofia/external5090/21) Running State Change CS_INIT
>>>> 2013-06-28 09:20:10.800816 [DEBUG] switch_core_state_machine.c:455
>>>> (sofia/external5090/21) State INIT
>>>> 2013-06-28 09:20:10.800816 [DEBUG] mod_sofia.c:87 sofia/external5090/21
>>>> SOFIA INIT
>>>> 2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1191
>>>> sip:21 at client.ip.is.secret:49915;rinstance=e177370cb4131e9f;transport=tls
>>>> Setting proxy route to sofia/external5090/21
>>>> 2013-06-28 09:20:10.800816 [DEBUG] sofia_glue.c:1220 Local SDP:
>>>> v=0
>>>> o=FreeSWITCH 1372384350 1372384351 IN IP4 my.ip.is.secret
>>>> s=FreeSWITCH
>>>> c=IN IP4 my.ip.is.secret
>>>> t=0 0
>>>> m=audio 19660 RTP/AVP 8 3 101 13
>>>> a=rtpmap:101 telephone-event/8000
>>>> a=fmtp:101 0-16
>>>> a=ptime:20
>>>> a=sendrecv
>>>> m=video 20590 RTP/AVP 34 98
>>>> a=rtpmap:34 H263/90000
>>>> a=rtpmap:98 H264/90000
>>>>
>>>> Any help with this would be greatly appreciated.
>>>>
>>>> Regards
>>>> Peter
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130701/af94c517/attachment-0001.html

Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list