[Freeswitch-users] SRTP issue with latest master + (possible) DTMF change

Privus 007 privus007 at gmail.com
Fri Nov 15 20:35:12 MSK 2013 

Ah, that did the trick. Finally got it working again.

Are those changes documented anywhere? Also, I see that FS has better ICE
handling, but I can't find any documentation on that either.

Thanks


On Fri, Nov 15, 2013 at 4:08 PM, Anthony Minessale <
anthony.minessale at gmail.com> wrote:

> that var is now split into
>
> rtp_secure_audio_confirmed
> rtp_secure_video_confirmed
>
> so in your case, change media to audio.
>
>
> On Fri, Nov 15, 2013 at 7:44 AM, Privus 007 <privus007 at gmail.com> wrote:
>
>> Ok, so I applied the changes in the dialplan and still there's a crypto
>> problem.
>> I actually decided to put aside my previous diaplan and am testing with
>> the default one provided by master.
>>
>> Now indeed I see that crypto gets properly detected in the default
>> dialplan, and it gets exported to b leg:
>>
>> Dialplan: sofia/external/1010 at mydomain Regex (PASS) [global] ${rtp_has_crypto}(AES_CM_128_HMAC_SHA1_80) =~ /^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$/ break=never
>> Dialplan: sofia/external/1010 at mydomain Action set(rtp_secure_media=true)
>> Dialplan: sofia/external/1010 at mydomain Action export(rtp_secure_media=true)
>>
>>
>> But then I see it still doesn't pass the rtp_secure_media_confirmed check.
>>
>> Dialplan: sofia/external/1010 at mydomain parsing [features->is_secure] continue=true
>>
>>
>> Dialplan: sofia/external/1010 at mydomain Regex (PASS) [is_secure] ${sip_via_protocol}(tls) =~ /tls/ break=on-false
>> Dialplan: sofia/external/1010 at mydomain Regex (FAIL) [is_secure] ${rtp_secure_media_confirmed}() =~ /^true$/ break=on-false
>>
>>
>> Dialplan: sofia/external/1010 at mydomain ANTI-Action eval(not_secure)
>> 2013-11-15 13:33:38.386273 [NOTICE] switch_core_session.c:2940 Execute eval(not_secure)
>> EXECUTE sofia/external/1010 at mydomain eval(not_secure)
>>
>>
>> So what am I doing wrong? Why is it failing rtp_secure_media_confirmed? Should I change it to plain rtp_secure_media and leave out the "confirmed" bit, or do I have to change var names somewhere else besides the default and features dialplan?
>>
>>
>> Thanks
>>
>>
>>
>> On Fri, Nov 15, 2013 at 1:36 AM, Privus 007 <privus007 at gmail.com> wrote:
>>
>>> Ah, I see. Thank you both
>>>
>>>
>>> On Fri, Nov 15, 2013 at 1:02 AM, Anthony Minessale <
>>> anthony.minessale at gmail.com> wrote:
>>>
>>>> The var names are rtp_ for those instead of sip_ now.
>>>> On Nov 14, 2013 4:46 PM, "Privus 007" <privus007 at gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I've been using FS successfully for some years now. Recently I decided
>>>>> to update from 1.2.12 to latest master via git (running FS on bare metal
>>>>> Debian 7.0 64bit)
>>>>>
>>>>> Obviously I saved my conf directory and tried to apply it to the
>>>>> 1.5.7b+git~20131114 version I just installed and have up and running.
>>>>>
>>>>> I realize that master is not yet stable but I notice that there seems
>>>>> to be some incompatibility issues, namely with SRTP.
>>>>>
>>>>> All my SRTP calls are now failing with "incompatible destination"
>>>>> messages in the logs, and looking through them more closely I see this:
>>>>>
>>>>>
>>>>> parsing [features->is_secure] continue=true
>>>>> Dialplan: sofia/external/1000 at mydomain Regex (PASS) [is_secure]
>>>>> ${sip_via_protocol}(tls) =~ /tls/ break=on-false
>>>>> Dialplan: sofia/external/1000 at mydomain Regex (FAIL) [is_secure]
>>>>> ${sip_secure_media_confirmed}() =~ /^true$/ break=on-false
>>>>> Dialplan: sofia/external/1000 at mydomain ANTI-Action eval(not_secure)
>>>>> 2013-11-14 22:02:22.006273 [NOTICE] switch_core_session.c:2940 Execute
>>>>> eval(not_secure)
>>>>>
>>>>>
>>>>> Notice the FAIL for sip_secure_media_confirmed. This is very strange
>>>>> since I'm sure that SRTP is enabled (both CSipSimple Android client and
>>>>> Groundwire iOS client confirm that indeed the signalling is secured via TLS
>>>>> and the media via SDES SRTP).
>>>>> A few seconds earlier in the logs, FS also sees the crypto taking
>>>>> place and there doesn't seem to be any problem
>>>>>
>>>>> 2013-11-14 22:02:21.986279 [INFO] switch_rtp.c:2830 Activating Audio
>>>>> Secure RTP SEND
>>>>> 2013-11-14 22:02:21.986279 [DEBUG] switch_core_sqldb.c:2354 Secure
>>>>> Type: srtp:sdes:AES_CM_128_HMAC_SHA1_80
>>>>>
>>>>> So the problem seems to be with the sip_secure_media_confirmed
>>>>> variable. This same setup worked fine yesterday with 1.2.12, so I'm at a
>>>>> loss as to what changed.
>>>>> Any ideas? To further add some confusion, since my clients are
>>>>> configured for mandatory SRTP, all calls to them fail, and FS routes to VM.
>>>>> So far, pretty normal. Except that the VM message we usually hear sounds
>>>>> super slow like the voice is drunk. This is definetely not normal, but I'm
>>>>> not sure if it's related to the crypto issue. I don't think it's a flite
>>>>> issue since calling into the IVR sounds as normal as ever.
>>>>>
>>>>> Also, I notice a change in FS handling DTMF. My CSipSimple client
>>>>> which worked flawlessly with DTMF before now just doesn't work at all, but
>>>>> my Groundwire client continues to send DTMF without a problem.
>>>>> Has something changed in the latest master regarding DTMF?
>>>>>
>>>>> I'd appreciate any help in debugging these issues. Perhaps the new
>>>>> conf in latest master has different variables or options and by simply
>>>>> copying my old conf directory over the new one wasn't too smart after all.
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> 
>>>>> 
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
>
> --
> Anthony Minessale II
>
> FreeSWITCH http://www.freeswitch.org/
> ClueCon http://www.cluecon.com/
> Twitter: http://twitter.com/FreeSWITCH_wire
>
> AIM: anthm
> MSN:anthony_minessale at hotmail.com
> GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
> IRC: irc.freenode.net #freeswitch
>
> FreeSWITCH Developer Conference
> sip:888 at conference.freeswitch.org
> googletalk:conf+888 at conference.freeswitch.org
> pstn:+19193869900
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20131115/a34022f1/attachment.html

Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users mailing list