[Freeswitch-users] SRTP issue with latest master + (possible) DTMF change

Fri Nov 15 01:43:22 MSK 2013

Hi,

I've been using FS successfully for some years now. Recently I decided to
update from 1.2.12 to latest master via git (running FS on bare metal
Debian 7.0 64bit)

Obviously I saved my conf directory and tried to apply it to the
1.5.7b+git~20131114 version I just installed and have up and running.

I realize that master is not yet stable but I notice that there seems to be
some incompatibility issues, namely with SRTP.

All my SRTP calls are now failing with "incompatible destination" messages
in the logs, and looking through them more closely I see this:

parsing [features->is_secure] continue=true
Dialplan: sofia/external/1000 at mydomain Regex (PASS) [is_secure]
${sip_via_protocol}(tls) =~ /tls/ break=on-false
Dialplan: sofia/external/1000 at mydomain Regex (FAIL) [is_secure]
${sip_secure_media_confirmed}() =~ /^true$/ break=on-false
Dialplan: sofia/external/1000 at mydomain ANTI-Action eval(not_secure)
2013-11-14 22:02:22.006273 [NOTICE] switch_core_session.c:2940 Execute
eval(not_secure)

Notice the FAIL for sip_secure_media_confirmed. This is very strange since
I'm sure that SRTP is enabled (both CSipSimple Android client and
Groundwire iOS client confirm that indeed the signalling is secured via TLS
and the media via SDES SRTP).
A few seconds earlier in the logs, FS also sees the crypto taking place and
there doesn't seem to be any problem

2013-11-14 22:02:21.986279 [INFO] switch_rtp.c:2830 Activating Audio Secure
RTP SEND
2013-11-14 22:02:21.986279 [DEBUG] switch_core_sqldb.c:2354 Secure Type:
srtp:sdes:AES_CM_128_HMAC_SHA1_80

So the problem seems to be with the sip_secure_media_confirmed variable.
This same setup worked fine yesterday with 1.2.12, so I'm at a loss as to
what changed.
Any ideas? To further add some confusion, since my clients are configured
for mandatory SRTP, all calls to them fail, and FS routes to VM. So far,
pretty normal. Except that the VM message we usually hear sounds super slow
like the voice is drunk. This is definetely not normal, but I'm not sure if
it's related to the crypto issue. I don't think it's a flite issue since
calling into the IVR sounds as normal as ever.

Also, I notice a change in FS handling DTMF. My CSipSimple client which
worked flawlessly with DTMF before now just doesn't work at all, but my
Groundwire client continues to send DTMF without a problem.
Has something changed in the latest master regarding DTMF?

I'd appreciate any help in debugging these issues. Perhaps the new conf in
latest master has different variables or options and by simply copying my
old conf directory over the new one wasn't too smart after all.

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20131114/8238351c/attachment-0001.html 