[Freeswitch-users] TLS/SRTP on selected destinations
Victor Medina
victor.medina at cibersys.com
Mon Feb 23 21:46:49 MSK 2015
OK. Ill be testing this. Thank you Brian.
2015-02-23 12:44 GMT-04:30 Brian West <brian at freeswitch.org>:
> Thats only used in the vanilla configs to detect the suites in the SDP.
>
> On Mon, Feb 23, 2015 at 11:06 AM, Victor Medina <
> victor.medina at cibersys.com> wrote:
>
>> Hi Brian.
>>
>> Should I remove
>>
>> <X-PRE-PROCESS cmd="set"
>> data="rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8|AES_CM_256_HMAC_SHA1_80|AES_CM_192_HMAC_SHA1_80|AES_CM_128_HMAC_SHA1_80|AES_CM_256_HMAC_SHA1_32|AES_CM_192_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_32|AES_CM_128_NULL_AUTH"/>
>>
>>
>> from vars.xml?
>>
>> Thanks!
>>
>> 2015-02-23 11:28 GMT-04:30 Brian West <brian at freeswitch.org>:
>>
>> Setting
>>>
>>> rtp_secure_media=optional:AES_CM_128_HMAC_SHA1_32
>>>
>>> Should be what you want, it will send both the AVP/SAVP profiles. This
>>> is what I have mine set to right now and it will prefer srtp but offer both.
>>>
>>> On Mon, Feb 23, 2015 at 8:20 AM, Victor Medina <
>>> victor.medina at cibersys.com> wrote:
>>>
>>>> Hi guys!
>>>>
>>>> I have configured my FS server to support TLS/SRTP... but I am facing
>>>> the problem of providing the service only to selected destinations. Calls
>>>> fails when calling to endpoints with no tls/srtp, for example a ext
>>>> registered in the UDP port. Also fails when an outgoing call is routed to
>>>> an external provider with no support.
>>>>
>>>> Using tls ONLY works just fine if connecting to external or udp only
>>>> endpoints, it seems like FS is taking care of signalling from endpoint to
>>>> the server and from there is goes as needed to the b-legs.
>>>>
>>>> When using SRTP however it fails.
>>>>
>>>> Can I configure FS to support TLS/SRTP to the server and from there
>>>> using it as needed? For example:
>>>>
>>>> A_LEG: TLS/SRTP - > B_LEG: EXT with UDP only
>>>> A_LEG: TLS/SRTP -> B_LEG: EXT with TLS/SRTP
>>>> A_LEG: TLS/SRTP -> B_LEG: external channel, provider with no TLS/SRTP
>>>>
>>>> Thanks in advance with any help.
>>>>
>>>> --
>>>>
>>>> Víctor E. Medina M.
>>>> Software
>>>> [image: Zoiper Click2Dial]+58424 291 4561[image: ve]
>>>> BB #79A8AFA2 /@VMCibersys
>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> *Brian West*
>>> brian at freeswitch.org
>>>
>>>
>>> *Twitter: @FreeSWITCH , @briankwest*
>>> http://www.freeswitchbook.com
>>> http://www.freeswitchcookbook.com
>>>
>>> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
>>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>>
>> Víctor E. Medina M.
>> Software
>> +58424 291 4561
>> BB #79A8AFA2 /@VMCibersys
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
>
> *Twitter: @FreeSWITCH , @briankwest*
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
Víctor E. Medina M.
Software
+58424 291 4561
BB #79A8AFA2 /@VMCibersys
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150223/3da08cfa/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list