[Freeswitch-users] FreeSwith does not setup secure call with leg B.

Michael Jerris mike at jerris.com
Wed Sep 10 16:47:37 MSD 2014 

Does it work on the latest 1.4 release with the config change he mentioned?

On Sep 10, 2014, at 1:48 AM, Chandrakant Marathe <cwmarathe at gmail.com> wrote:

> Sorry Brian, I should have told the version. My bad. 
> I am using 1.2 stable release. When I hit "git branch -av", it outputs -
> 
> * v1.2.stable      2b62885 fs_cli: fix compiler error on CentOS 6 caused by recent short uuid logging change
> 
> And from FreeSwitch console, when I hit "version" command, it shows -
> 
> FreeSWITCH Version 1.2.24+git~20140630T213113Z~2b62885f21~32bit (git 2b62885 2014-06-30 21:31:13Z 32bit)
> 
> I went through "vars.xml" and found only one config related with "rtp_secure_media" and that to related with zrtp
> 
> <X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
> 
> Is there any more configuration to do in v1.2 so as to enable end-to-end secure call or shall I move to v1.4 beta?
> 
> Thanks.
> --
> CWM
> 
> 
> On Tue, Sep 9, 2014 at 9:04 PM, Brian West <brian at freeswitch.org> wrote:
> You didn't mention what rev you're using, If you're in 1.4 then its rtp_secure_media, please see latest configs and extensive docs in vars.xml about srtp and all the nice knobs you can use to tweak it.
> 
> 
> On Tue, Sep 9, 2014 at 12:52 AM, Chandrakant Marathe <cwmarathe at gmail.com> wrote:
> Hi All,
> I have setup FreeSwith PBX. I am facing an issue of not having end to end secure call. Caller sends INVITE request with SIPS in request URI and RTP/SAVP in SDP. But when FreeSwith forwards the request to caller, it is not using RTP/SAVP in SDP.
> 
> I have followed the steps mentioned in WIKI (https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration) for TLS configuration and marked "exports sip_secure_media" true in "conf/dialplan/default.xml" file (as per https://wiki.freeswitch.org/wiki/SRTP). But still FreeSwitch does not use RTP/SAVP for leg-B.
> 
> Also, I am bit confused with following condition in "default.xml" when wiki page suggests that 
> late coded negotiation must NOT to be turned on.
> 
>     <!--
>          Since we have inbound-late-negotation on by default now the
>          above behavior isn't the same so you have to do one extra step.
>         -->
> 
>       <condition field="${endpoint_disposition}" expression="^(DELAYED NEGOTIATION)"/>
>       <condition field="${switch_r_sdp}" expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)" break="never">
>         <action application="set" data="sip_secure_media=true"/>
>         <!-- Offer SRTP on outbound legs if we have it on inbound. -->
>         <action application="export" data="sip_secure_media=true"/>
>       </condition>
> 
> By commenting/un-commenting "sip_secure_media=true" above, it did not worked.
> 
> Any help with this would be greatly appreciated.
> 
> --
> Thanks
> CWM
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> 
> 
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
> 
> 
> 
> -- 
> Brian West
> brian at freeswitch.org
> 
> 
> 
> Twitter: @FreeSWITCH , @briankwest
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
> 
> T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
> iNUM:+883 5100 1420 9001 | ISN:410*543 | Skype:briankwest
> 
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> 
> 
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
> 
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services: 
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
> 
> 
> 
> 
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140910/9c6d01df/attachment.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list