[Freeswitch-users] FreeSwith does not setup secure call with leg B.

Chandrakant Marathe cwmarathe at gmail.com
Thu Sep 11 09:20:21 MSD 2014


No, I have not yer check with 1.4. I'll check and let you know.


--
CWM

On Wed, Sep 10, 2014 at 7:52 PM, Brian West <brian at freeswitch.org> wrote:

> If you can't trust your PBX then WHO can you trust? :P  ZRTP won't be end
> to end out of the box unles you have clients that add the zrtp hash to the
> sdp's in the invite and 200ok coming back from the far end.
>
> On Wed, Sep 10, 2014 at 8:55 AM, Daniel Ivanov <sertys at gmail.com> wrote:
>
>> First of all, srtp is not end-to-end, if you are looking for end to end,
>> you should look over the zrtp_* varset.
>> And also look over whether you clients are configured to use SRTP or ZRTP.
>> 10 сент. 2014 г. 15:50 пользователь "Michael Jerris" <mike at jerris.com>
>> написал:
>>
>> Does it work on the latest 1.4 release with the config change he
>>> mentioned?
>>>
>>> On Sep 10, 2014, at 1:48 AM, Chandrakant Marathe <cwmarathe at gmail.com>
>>> wrote:
>>>
>>> Sorry Brian, I should have told the version. My bad.
>>> I am using 1.2 stable release. When I hit "git branch -av", it outputs -
>>>
>>> * v1.2.stable      2b62885 fs_cli: fix compiler error on CentOS 6 caused
>>> by recent short uuid logging change
>>>
>>> And from FreeSwitch console, when I hit "version" command, it shows -
>>>
>>> FreeSWITCH Version 1.2.24+git~20140630T213113Z~2b62885f21~32bit (git
>>> 2b62885 2014-06-30 21:31:13Z 32bit)
>>>
>>> I went through "vars.xml" and found only one config related with
>>> "rtp_secure_media" and that to related with zrtp
>>>
>>> <X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
>>>
>>> Is there any more configuration to do in v1.2 so as to enable end-to-end
>>> secure call or shall I move to v1.4 beta?
>>>
>>> Thanks.
>>> --
>>> CWM
>>>
>>>
>>> On Tue, Sep 9, 2014 at 9:04 PM, Brian West <brian at freeswitch.org> wrote:
>>>
>>>> You didn't mention what rev you're using, If you're in 1.4 then its
>>>> rtp_secure_media, please see latest configs and extensive docs in vars.xml
>>>> about srtp and all the nice knobs you can use to tweak it.
>>>>
>>>>
>>>> On Tue, Sep 9, 2014 at 12:52 AM, Chandrakant Marathe <
>>>> cwmarathe at gmail.com> wrote:
>>>>
>>>>> Hi All,
>>>>> I have setup FreeSwith PBX. I am facing an issue of not having end to
>>>>> end secure call. Caller sends INVITE request with SIPS in request URI and
>>>>> RTP/SAVP in SDP. But when FreeSwith forwards the request to caller, it is
>>>>> not using RTP/SAVP in SDP.
>>>>>
>>>>> I have followed the steps mentioned in WIKI (
>>>>> https://wiki.freeswitch.org/wiki/SIP_TLS#Configuration) for TLS
>>>>> configuration and marked "exports sip_secure_media" true in
>>>>> "conf/dialplan/default.xml" file (as per
>>>>> https://wiki.freeswitch.org/wiki/SRTP). But still FreeSwitch does not
>>>>> use RTP/SAVP for leg-B.
>>>>>
>>>>> Also, I am bit confused with following condition in "default.xml" when
>>>>> wiki page suggests that
>>>>> late coded negotiation must NOT to be turned on.
>>>>>
>>>>>     <!--
>>>>>          Since we have inbound-late-negotation on by default now the
>>>>>          above behavior isn't the same so you have to do one extra
>>>>> step.
>>>>>         -->
>>>>>
>>>>>       <condition field="${endpoint_disposition}" expression="^(DELAYED
>>>>> NEGOTIATION)"/>
>>>>>       <condition field="${switch_r_sdp}"
>>>>> expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)"
>>>>> break="never">
>>>>>         <action application="set" data="sip_secure_media=true"/>
>>>>>         <!-- Offer SRTP on outbound legs if we have it on inbound. -->
>>>>>         <action application="export" data="sip_secure_media=true"/>
>>>>>       </condition>
>>>>>
>>>>> By commenting/un-commenting "sip_secure_media=true" above, it did not
>>>>> worked.
>>>>>
>>>>> Any help with this would be greatly appreciated.
>>>>>
>>>>> --
>>>>> Thanks
>>>>> CWM
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://confluence.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> 
>>>>> 
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Brian West*
>>>> brian at freeswitch.org
>>>>
>>>>
>>>> *Twitter: @FreeSWITCH , @briankwest*
>>>> http://www.freeswitchbook.com
>>>> http://www.freeswitchcookbook.com
>>>>
>>>> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
>>>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> 
>>>> 
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> 
>>> 
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> 
>>> 
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> 
>> 
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
>
> *Twitter: @FreeSWITCH , @briankwest*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> 
> 
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140911/1efc5cbb/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list