[Freeswitch-users] SRTP issue with latest master + (possible) DTMF change

Kristian Kielhofner kris at kriskinc.com
Fri Nov 15 03:50:08 MSK 2013


Change your conditions to rtp_secure_media instead of sip_secure_media.

On Thursday, November 14, 2013, Privus 007 wrote:

> Hi,
>
> I've been using FS successfully for some years now. Recently I decided to
> update from 1.2.12 to latest master via git (running FS on bare metal
> Debian 7.0 64bit)
>
> Obviously I saved my conf directory and tried to apply it to the
> 1.5.7b+git~20131114 version I just installed and have up and running.
>
> I realize that master is not yet stable but I notice that there seems to
> be some incompatibility issues, namely with SRTP.
>
> All my SRTP calls are now failing with "incompatible destination" messages
> in the logs, and looking through them more closely I see this:
>
>
> parsing [features->is_secure] continue=true
> Dialplan: sofia/external/1000 at mydomain Regex (PASS) [is_secure]
> ${sip_via_protocol}(tls) =~ /tls/ break=on-false
> Dialplan: sofia/external/1000 at mydomain Regex (FAIL) [is_secure]
> ${sip_secure_media_confirmed}() =~ /^true$/ break=on-false
> Dialplan: sofia/external/1000 at mydomain ANTI-Action eval(not_secure)
> 2013-11-14 22:02:22.006273 [NOTICE] switch_core_session.c:2940 Execute
> eval(not_secure)
>
>
> Notice the FAIL for sip_secure_media_confirmed. This is very strange since
> I'm sure that SRTP is enabled (both CSipSimple Android client and
> Groundwire iOS client confirm that indeed the signalling is secured via TLS
> and the media via SDES SRTP).
> A few seconds earlier in the logs, FS also sees the crypto taking place
> and there doesn't seem to be any problem
>
> 2013-11-14 22:02:21.986279 [INFO] switch_rtp.c:2830 Activating Audio
> Secure RTP SEND
> 2013-11-14 22:02:21.986279 [DEBUG] switch_core_sqldb.c:2354 Secure Type:
> srtp:sdes:AES_CM_128_HMAC_SHA1_80
>
> So the problem seems to be with the sip_secure_media_confirmed variable.
> This same setup worked fine yesterday with 1.2.12, so I'm at a loss as to
> what changed.
> Any ideas? To further add some confusion, since my clients are configured
> for mandatory SRTP, all calls to them fail, and FS routes to VM. So far,
> pretty normal. Except that the VM message we usually hear sounds super slow
> like the voice is drunk. This is definetely not normal, but I'm not sure if
> it's related to the crypto issue. I don't think it's a flite issue since
> calling into the IVR sounds as normal as ever.
>
> Also, I notice a change in FS handling DTMF. My CSipSimple client which
> worked flawlessly with DTMF before now just doesn't work at all, but my
> Groundwire client continues to send DTMF without a problem.
> Has something changed in the latest master regarding DTMF?
>
> I'd appreciate any help in debugging these issues. Perhaps the new conf in
> latest master has different variables or options and by simply copying my
> old conf directory over the new one wasn't too smart after all.
>
> Thanks
>


-- 
Sent from mobile device
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20131114/1c9381c7/attachment.html 


Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list