[Freeswitch-users] SRTP on outbound leg without TLS

Jurijs Ivolga jurij.ivo at gmail.com
Fri Aug 14 11:08:39 MSD 2015 

Hi,

Somehow clients are not using correct cipher.

so ext 1006 is calling ext 1005.

Here is strange part:

When Freeswitch(10.101.141.197) forward invite to ext 1005 Freeswitch
splits SDP message as you can see below. First part of SDP is sent with
initial Invite request and second part as separate message. Is it correct
behavior or not?

Please help!

I would like to add that I'm using Linphone as SIP client.

T 10.101.141.197:5060 -> 192.168.210.9:2556 [A]
INVITE sip:1005 at 192.168.210.9:2556;transport=tcp SIP/2.0.
Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.
Max-Forwards: 68.
From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
To: <sip:1005 at 192.168.210.9:2556;transport=tcp>.
Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
CSeq: 79431457 INVITE.
Contact: <sip:mod_sofia at 10.101.141.197:5060;transport=tcp>.
User-Agent:
FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER,
REFER, NOTIFY, PUBLISH, SUBSCRIBE.
Supported: timer, path, replaces.
Allow-Events: talk, hold, conference, presence, as-feature-event, dialog,
line-seize, call-info, sla, include-session-description, presence.winfo,
message-summary, refer.
Content-Type: application/sdp.
Content-Disposition: session.
Content-Length: 1133.
X-FS-Support: update_display,send_info.
Remote-Party-ID: "1006" <sip:1006 at 10.101.141.197
>;party=calling;screen=yes;privacy=off.
.
v=0.
o=FreeSWITCH 1439504220 1439504221 IN IP4 10.101.141.197.
s=FreeSWITCH.
c=IN IP4 10.101.141.197.
t=0 0.
m=audio 30822 RTP/SAVP 96 0 8 101 13.
a=rtpmap:96 opus/48000/2.
a=fmtp:96 useinbandfec=1.
a=rtpmap:0 PCMU/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=crypto:1 AEAD_AES_256_GCM_8
inline:S2oBVh65wI8m4kSXtf4XS2ewx5msX9nENt4icZKWbjqJ5whNq4kUiOvCSLU.
a=crypto:2 AEAD_AES_128_GCM_8 inline:IVkLlQ1pqeKyH+MTQRX1iYwR0d5Towuu3z5VRA.
#
T 10.101.141.197:5060 -> 192.168.210.9:2556 [AP]

a=crypto:3 AES_CM_256_HMAC_SHA1_80
inline:Coiz7A87xBG/sUq2tkRgNR7lhqXj867XqVLPY/Se5loalRyxeVST70IlKq6URA.
a=crypto:4 AES_CM_192_HMAC_SHA1_80
inline:fPLYqjsI7EX1oXV6pmuq7hz8AEeY8/+EUcti9clgvhtaK82nIS4.
a=crypto:5 AES_CM_128_HMAC_SHA1_80
inline:KwtgRmTidrZeRtafVkx6CJUhvhq0MdIpeUAw4XW4.
a=crypto:6 AES_CM_256_HMAC_SHA1_32
inline:jHtGPHnXdtr0h+NxllA1aIlKaR2BV6OanWb6vgfZkq12FwPnjKzhIN5RTyJDTg.
a=crypto:7 AES_CM_192_HMAC_SHA1_32
inline:dL0CeU8sTaplV64MUDYr8wsZlJHgeANDgo0DpaTp1LojRY1lsQw.
a=crypto:8 AES_CM_128_HMAC_SHA1_32
inline:8Xy+DGcxx7lBmJsO4hFXwfZvMdtzP8lawGmVYRib.
a=crypto:9 AES_CM_128_NULL_AUTH
inline:0335cUjVFg44BWoI8FmfGNvbFsb4X5c9H86q7t+5.
a=ptime:20.

You can find below full sip trace:

10.101.141.197 - Freeswitch, 192.168.210.9:39438 - 1006, 192.168.210.9:2556
- 1005

filter: ( port 5060 ) and (ip or ip6)
#
T 192.168.210.9:39438 -> 10.101.141.197:5060 [AP]
INVITE sip:1005 at 10.101.141.197 SIP/2.0.
Via: SIP/2.0/TCP 192.168.5.81:57209;branch=z9hG4bK.IuzskaFrq;rport.
From: <sip:1006 at 10.101.141.197>;tag=NtnWG0xlI.
To: "1005" <sip:1005 at 10.101.141.197>.
CSeq: 20 INVITE.
Call-ID: vSsPmy-jNM.
Max-Forwards: 70.
Supported: outbound.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO, UPDATE.
Content-Type: application/sdp.
Content-Length: 819.
Contact: <sip:1006 at 192.168.210.9:39438
;transport=tcp>;+sip.instance="<urn:uuid:477d474b-2e13-411a-9bc9-b805b9018b85>".
User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).
.
v=0.
o=1006 776 2644 IN IP4 192.168.5.81.
s=Talk.
c=IN IP4 192.168.5.81.
b=AS:380.
t=0 0.
a=rtcp-xr:rcvr-rtt=all:10000 stat-summary=loss,dup,jitt,TTL voip-metrics.
m=audio 7076 RTP/SAVP 96 97 98 99 0 8 101 100 102.
a=rtpmap:96 opus/48000/2.
a=fmtp:96 useinbandfec=1.
a=rtpmap:97 SILK/16000.
a=rtpmap:98 speex/16000.
a=fmtp:98 vbr=on.
a=rtpmap:99 speex/8000.
a=fmtp:99 vbr=on.
a=rtpmap:101 telephone-event/48000.
a=rtpmap:100 telephone-event/16000.
a=rtpmap:102 telephone-event/8000.
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:5CX7J5QFH42SH0PKJ73njNeFmWmsAQzmoxmjGruw.
a=crypto:2 AES_CM_128_HMAC_SHA1_32
inline:d1FR1lpf51o7hgxXH29rsp3y5nsP2fWCawwkRHau.
a=crypto:3 AES_CM_256_HMAC_SHA1_80
inline:Qgjm+kYdz2Hq7Z9bDoWUEBfS4QxT+IhyeVtsBGj5.
a=crypto:4 AES_CM_256_HMAC_SHA1_32
inline:pF5jQEbDyqu4c9pELVoSSz/+T6qM7rkX0c0SeJ8Z.

##
T 10.101.141.197:5060 -> 192.168.210.9:39438 [AP]
SIP/2.0 100 Trying.
Via: SIP/2.0/TCP 192.168.5.81:57209
;branch=z9hG4bK.IuzskaFrq;rport=39438;received=192.168.210.9.
From: <sip:1006 at 10.101.141.197>;tag=NtnWG0xlI.
To: "1005" <sip:1005 at 10.101.141.197>.
Call-ID: vSsPmy-jNM.
CSeq: 20 INVITE.
User-Agent:
FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
Content-Length: 0.
.

#
T 10.101.141.197:5060 -> 192.168.210.9:2556 [A]
INVITE sip:1005 at 192.168.210.9:2556;transport=tcp SIP/2.0.
Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.
Max-Forwards: 68.
From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
To: <sip:1005 at 192.168.210.9:2556;transport=tcp>.
Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
CSeq: 79431457 INVITE.
Contact: <sip:mod_sofia at 10.101.141.197:5060;transport=tcp>.
User-Agent:
FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER,
REFER, NOTIFY, PUBLISH, SUBSCRIBE.
Supported: timer, path, replaces.
Allow-Events: talk, hold, conference, presence, as-feature-event, dialog,
line-seize, call-info, sla, include-session-description, presence.winfo,
message-summary, refer.
Content-Type: application/sdp.
Content-Disposition: session.
Content-Length: 1133.
X-FS-Support: update_display,send_info.
Remote-Party-ID: "1006" <sip:1006 at 10.101.141.197
>;party=calling;screen=yes;privacy=off.
.
v=0.
o=FreeSWITCH 1439504220 1439504221 IN IP4 10.101.141.197.
s=FreeSWITCH.
c=IN IP4 10.101.141.197.
t=0 0.
m=audio 30822 RTP/SAVP 96 0 8 101 13.
a=rtpmap:96 opus/48000/2.
a=fmtp:96 useinbandfec=1.
a=rtpmap:0 PCMU/8000.
a=rtpmap:8 PCMA/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=crypto:1 AEAD_AES_256_GCM_8
inline:S2oBVh65wI8m4kSXtf4XS2ewx5msX9nENt4icZKWbjqJ5whNq4kUiOvCSLU.
a=crypto:2 AEAD_AES_128_GCM_8 inline:IVkLlQ1pqeKyH+MTQRX1iYwR0d5Towuu3z5VRA.
#
T 10.101.141.197:5060 -> 192.168.210.9:2556 [AP]

a=crypto:3 AES_CM_256_HMAC_SHA1_80
inline:Coiz7A87xBG/sUq2tkRgNR7lhqXj867XqVLPY/Se5loalRyxeVST70IlKq6URA.
a=crypto:4 AES_CM_192_HMAC_SHA1_80
inline:fPLYqjsI7EX1oXV6pmuq7hz8AEeY8/+EUcti9clgvhtaK82nIS4.
a=crypto:5 AES_CM_128_HMAC_SHA1_80
inline:KwtgRmTidrZeRtafVkx6CJUhvhq0MdIpeUAw4XW4.
a=crypto:6 AES_CM_256_HMAC_SHA1_32
inline:jHtGPHnXdtr0h+NxllA1aIlKaR2BV6OanWb6vgfZkq12FwPnjKzhIN5RTyJDTg.
a=crypto:7 AES_CM_192_HMAC_SHA1_32
inline:dL0CeU8sTaplV64MUDYr8wsZlJHgeANDgo0DpaTp1LojRY1lsQw.
a=crypto:8 AES_CM_128_HMAC_SHA1_32
inline:8Xy+DGcxx7lBmJsO4hFXwfZvMdtzP8lawGmVYRib.
a=crypto:9 AES_CM_128_NULL_AUTH
inline:0335cUjVFg44BWoI8FmfGNvbFsb4X5c9H86q7t+5.
a=ptime:20.

###
T 192.168.210.9:2556 -> 10.101.141.197:5060 [AP]
SIP/2.0 100 Trying.
Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.
From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
To: <sip:1005 at 192.168.210.9:2556;transport=tcp>.
Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
CSeq: 79431457 INVITE.
Content-Length: 0.
.

##
T 192.168.210.9:2556 -> 10.101.141.197:5060 [AP]
SIP/2.0 180 Ringing.
Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.
From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
To: <sip:1005 at 192.168.210.9:2556;transport=tcp>;tag=nf9raHG.
Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
CSeq: 79431457 INVITE.
User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).
Supported: outbound.
Content-Length: 0.
.

##
T 10.101.141.197:5060 -> 192.168.210.9:39438 [AP]
SIP/2.0 183 Session Progress.
Via: SIP/2.0/TCP 192.168.5.81:57209
;branch=z9hG4bK.IuzskaFrq;rport=39438;received=192.168.210.9.
From: <sip:1006 at 10.101.141.197>;tag=NtnWG0xlI.
To: "1005" <sip:1005 at 10.101.141.197>;tag=g5yUKBQcK71Sc.
Call-ID: vSsPmy-jNM.
CSeq: 20 INVITE.
Contact: <sip:1005 at 10.101.141.197:5060;transport=tcp>.
User-Agent:
FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
Accept: application/sdp.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER,
REFER, NOTIFY, PUBLISH, SUBSCRIBE.
Supported: timer, path, replaces.
Allow-Events: talk, hold, conference, presence, as-feature-event, dialog,
line-seize, call-info, sla, include-session-description, presence.winfo,
message-summary, refer.
Content-Type: application/sdp.
Content-Disposition: session.
Content-Length: 340.
Remote-Party-ID: "1005" <sip:1005 at 10.101.141.197
>;party=calling;privacy=off;screen=no.
.
v=0.
o=FreeSWITCH 1439516478 1439516479 IN IP4 10.101.141.197.
s=FreeSWITCH.
c=IN IP4 10.101.141.197.
t=0 0.
m=audio 18564 RTP/SAVP 96 101.
a=rtpmap:96 opus/48000/2.
a=fmtp:96 useinbandfec=1.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=ptime:20.
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:fLtceAsAuJMkYrbQ8TePIBRG0fbgRwkBG/tbgoSm.

##
T 192.168.210.9:2556 -> 10.101.141.197:5060 [AP]
SIP/2.0 200 Ok.
Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKXNNcNQcFt4ame.
From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
To: <sip:1005 at 192.168.210.9:2556;transport=tcp>;tag=nf9raHG.
Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
CSeq: 79431457 INVITE.
User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).
Supported: outbound.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
SUBSCRIBE, INFO, UPDATE.
Contact: <sip:1005 at 192.168.210.9:2556
;transport=tcp>;+sip.instance="<urn:uuid:0797dc65-a86c-4169-96ff-c5328090f98f>".
Content-Type: application/sdp.
Content-Length: 296.
.
v=0.
o=1005 3932 3858 IN IP4 192.168.5.90.
s=Talk.
c=IN IP4 192.168.5.90.
b=AS:380.
t=0 0.
m=audio 7076 RTP/SAVP 96 0 8 101.
a=rtpmap:96 opus/48000/2.
a=fmtp:96 useinbandfec=1.
a=rtpmap:101 telephone-event/8000.
a=crypto:3 AES_CM_256_HMAC_SHA1_80
inline:5jryAt1Gy/VqFkFRitDzN2Zse62gStxpvSSTkJV/.

##
T 10.101.141.197:5060 -> 192.168.210.9:2556 [AP]
ACK sip:1005 at 192.168.210.9:2556;transport=tcp SIP/2.0.
Via: SIP/2.0/TCP 10.101.141.197;branch=z9hG4bKyye5pjXjQD16S.
Max-Forwards: 70.
From: "1006" <sip:1006 at 10.101.141.197>;tag=HermN67Fggrcr.
To: <sip:1005 at 192.168.210.9:2556;transport=tcp>;tag=nf9raHG.
Call-ID: 9f4338a6-bcf3-1233-5f90-040163659c01.
CSeq: 79431457 ACK.
Contact: <sip:mod_sofia at 10.101.141.197:5060;transport=tcp>.
Content-Length: 0.
.

#
T 10.101.141.197:5060 -> 192.168.210.9:39438 [AP]
SIP/2.0 200 OK.
Via: SIP/2.0/TCP 192.168.5.81:57209
;branch=z9hG4bK.IuzskaFrq;rport=39438;received=192.168.210.9.
From: <sip:1006 at 10.101.141.197>;tag=NtnWG0xlI.
To: "1005" <sip:1005 at 10.101.141.197>;tag=g5yUKBQcK71Sc.
Call-ID: vSsPmy-jNM.
CSeq: 20 INVITE.
Contact: <sip:1005 at 10.101.141.197:5060;transport=tcp>.
User-Agent:
FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER,
REFER, NOTIFY, PUBLISH, SUBSCRIBE.
Supported: timer, path, replaces.
Allow-Events: talk, hold, conference, presence, as-feature-event, dialog,
line-seize, call-info, sla, include-session-description, presence.winfo,
message-summary, refer.
Content-Type: application/sdp.
Content-Disposition: session.
Content-Length: 340.
Remote-Party-ID: "Outbound Call" <sip:1005 at 10.101.141.197
>;party=calling;privacy=off;screen=no.
.
v=0.
o=FreeSWITCH 1439516478 1439516479 IN IP4 10.101.141.197.
s=FreeSWITCH.
c=IN IP4 10.101.141.197.
t=0 0.
m=audio 18564 RTP/SAVP 96 101.
a=rtpmap:96 opus/48000/2.
a=fmtp:96 useinbandfec=1.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=ptime:20.
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:fLtceAsAuJMkYrbQ8TePIBRG0fbgRwkBG/tbgoSm.

##
T 192.168.210.9:39438 -> 10.101.141.197:5060 [AP]
ACK sip:1005 at 10.101.141.197:5060;transport=tcp SIP/2.0.
Via: SIP/2.0/TCP 192.168.5.81:57209;rport;branch=z9hG4bK.Zbalbk-1j.
From: <sip:1006 at 10.101.141.197>;tag=NtnWG0xlI.
To: "1005" <sip:1005 at 10.101.141.197>;tag=g5yUKBQcK71Sc.
CSeq: 20 ACK.
Call-ID: vSsPmy-jNM.
Max-Forwards: 70.
Content-Length: 0.
.

###
T 192.168.210.9:2556 -> 10.101.141.197:5060 [AP]
REGISTER sip:10.101.141.197 SIP/2.0.
Via: SIP/2.0/TCP 192.168.5.90:55444;alias;branch=z9hG4bK.JRV4z~eGh;rport.
From: <sip:1005 at 10.101.141.197>;tag=9H~ivVAQ2.
To: sip:1005 at 10.101.141.197.
CSeq: 36 REGISTER.
Call-ID: cuBHcAursf.
Max-Forwards: 70.
Supported: outbound.
Accept: application/sdp, text/plain, application/vnd.gsma.rcs-ft-http+xml.
Contact: <sip:1005 at 192.168.210.9:2556
;transport=tcp>;+sip.instance="<urn:uuid:0797dc65-a86c-4169-96ff-c5328090f98f>".
Expires: 3600.
User-Agent: LinphoneIphone/2.3 (belle-sip/1.4.1).
Content-Length: 0.
Authorization:  Digest realm="10.101.141.197",
nonce="1eb7575e-4250-11e5-b0a5-8334919b28b7", algorithm=MD5,
username="1005",  uri="sip:10.101.141.197",
response="36fbbb1687d97df38dcdeb3699c66ec6", cnonce="45a4d597",
nc=00000006, qop=auth.
.

#
T 10.101.141.197:5060 -> 192.168.210.9:2556 [AP]
SIP/2.0 200 OK.
Via: SIP/2.0/TCP 192.168.5.90:55444
;alias;branch=z9hG4bK.JRV4z~eGh;rport=2556;received=192.168.210.9.
From: <sip:1005 at 10.101.141.197>;tag=9H~ivVAQ2.
To: <sip:1005 at 10.101.141.197>;tag=jQHDQ1rKDSeZK.
Call-ID: cuBHcAursf.
CSeq: 36 REGISTER.
Contact: <sip:1005 at 192.168.210.9:2556;transport=tcp>;expires=3600.
Date: Fri, 14 Aug 2015 06:50:46 GMT.
User-Agent:
FreeSWITCH-mod_sofia/1.4.20+git~20150730T173112Z~367848e07e~64bit.
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER,
REFER, NOTIFY, PUBLISH, SUBSCRIBE.
Supported: timer, path, replaces.
Content-Length: 0.
.

#^Cexit
24 received, 0 dropped

2015-08-13 17:40 GMT+03:00 Jurijs Ivolga <jurij.ivo at gmail.com>:

> Hi,
>
> Maybe you can let me know how I can turn on SRTP using default config?
>
> I have following lines in default conf/dialplan/default.xml:
>
> <condition field="${rtp_has_crypto}" expression="^($${rtp_sdes_suites})$"
> break="never">
>         <action application="set" data="rtp_secure_media=true"/>
>         <!-- Offer SRTP on outbound legs if we have it on inbound. -->
>         <!-- <action application="export" data="rtp_secure_media=true"/>
> -->
>       </condition>
>
>       <!--
>          Since we have inbound-late-negotation on by default now the
>          above behavior isn't the same so you have to do one extra step.
>         -->
>       <condition field="${endpoint_disposition}" expression="^(DELAYED
> NEGOTIATION)"/>
>       <condition field="${switch_r_sdp}"
> expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)"
> break="never">
>         <action application="set" data="rtp_secure_media=true"/>
>         <!-- Offer SRTP on outbound legs if we have it on inbound. -->
>         <!-- <action application="export" data="rtp_secure_media=true"/>
> -->
>       </condition>
>
> If I change them to:
>
> <condition field="${rtp_has_crypto}" expression="^($${rtp_sdes_suites})$"
> break="never">
>         <action application="set" data="rtp_secure_media=true"/>
>         <!-- Offer SRTP on outbound legs if we have it on inbound. -->
>         <action application="export" data="rtp_secure_media=true"/>
>       </condition>
>
>       <!--
>          Since we have inbound-late-negotation on by default now the
>          above behavior isn't the same so you have to do one extra step.
>         -->
>       <condition field="${endpoint_disposition}" expression="^(DELAYED
> NEGOTIATION)"/>
>       <condition field="${switch_r_sdp}"
> expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)"
> break="never">
>         <action application="set" data="rtp_secure_media=true"/>
>         <!-- Offer SRTP on outbound legs if we have it on inbound. -->
>         <action application="export" data="rtp_secure_media=true"/>
>       </condition>
>
> Then when I make a call there is issue with cipher:
>
> show channels
>
> uuid,direction,created,created_epoch,name,state,cid_name,cid_num,ip_addr,dest,application,application_data,dialplan,context,read_codec,read_rate,read_bit_rate,write_codec,write_rate,write_bit_rate,secure,hostname,presence_id,presence_data,callstate,callee_name,callee_num,callee_direction,call_uuid,sent_callee_name,sent_callee_num,initial_cid_name,initial_cid_num,initial_ip_addr,initial_dest,initial_dialplan,initial_context
> 81a423fc-41c8-11e5-ac4e-1b8671775759,inbound,2015-08-13
> 10:35:13,1439476513,sofia/internal/1001 at myserverip
> ,CS_EXECUTE,1001,1001,mylocalip,1000,bridge,user/1000 at myserverip
> ,XML,default,opus,48000,0,opus,48000,0,srtp:sdes:*AES_CM_128_HMAC_SHA1_80*
> ,Freeswitch1Dev,1001 at myserverip,,ACTIVE,Outbound
> Call,1000,SEND,81a423fc-41c8-11e5-ac4e-1b8671775759,Outbound
> Call,1000,1001,1001,mylocalip,1000,XML,default
> 81cbe932-41c8-11e5-ac73-1b8671775759,outbound,2015-08-13
> 10:35:13,1439476513,sofia/internal/1000 at mylocalip:39626,CS_EXCHANGE_MEDIA,Extension
> 1001,1001,mylocalip,1000,,,XML,default,opus,48000,0,opus,48000,0,srtp:sdes:
> *AES_CM_256_HMAC_SHA1_80*,Freeswitch1Dev,1000 at myserverip,,ACTIVE,Outbound
> Call,1000,SEND,81a423fc-41c8-11e5-ac4e-1b8671775759,Extension
> 1001,1001,Extension 1001,1001,mylocalip,1000,XML,default
>
>
> As you can see for inbound call is used AES_CM_128_HMAC_SHA1_80 cipher and
> for outbound is used AES_CM_256_HMAC_SHA1_80.
>
> Any ideas?
>
> With kind regards,
>
> Jurijs
>
>
> 2015-08-13 17:26 GMT+03:00 Michael Jerris <mike at jerris.com>:
>
>> You will have to look at the full negotiation of that leg and a debug log
>> to see what's going on.
>>
>> On Thursday, August 13, 2015, Jurijs Ivolga <jurij.ivo at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I'm struggling with quite simple issue. I need to enable SRTP on
>>> outbound leg. Call hits Freeswitch as SRTP but it leaves as regular RTP. I
>>> do not use TLS and I don't need it(yes, I know that SRTP keys are sent as
>>> plain text in this case).
>>>
>>> I tried to add following code to my dialplan, but it do not helps:
>>>
>>> <condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never">
>>>        <action application="set" data="sip_secure_media=true"/>
>>>        <action application="export" data="sip_secure_media=true"/>
>>> </condition>
>>>
>>> I tried to add to vars.xml following line too:
>>>
>>> <X-PRE-PROCESS cmd="set" data="rtp_secure_media_inbound=mandatory"/>
>>>
>>> But still without success.
>>>
>>> Maybe somebody can give me a hint?
>>>
>>> Thank you!
>>>
>>> With kind regards,
>>>
>>> Jurijs
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150814/1da866ff/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list