[Freeswitch-users] Audio Issue with FreeSWITCH (TLS + SRTP)
Saurabh Kumar Verma
saurabhkumar.verma at vvdntech.com
Fri Sep 11 18:18:59 MSD 2015
Hi,
So audio is working properly until we don't set these following parameters
(Changes has been done because we don't able to see secure parameter is set
in *channels* table & it's set only for caller's endpoint).
i). Change in default.xml in dialplan:
*<condition field="${rtp_has_crypto}" expression="^($${rtp_sdes_suites})$"
break="never">*
* <action application="set" data="rtp_secure_media=true"/>*
* <!-- Offer SRTP on outbound legs if we have it on inbound. -->*
* <action application="export" data="rtp_secure_media=true"/>*
* </condition>*
* <!--*
* Since we have inbound-late-negotation on by default now the*
* above behavior isn't the same so you have to do one extra step.*
* -->*
* <condition field="${endpoint_disposition}" expression="^(DELAYED
NEGOTIATION)"/>*
* <condition field="${switch_r_sdp}"
expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)"
break="never">*
* <action application="set" data="rtp_secure_media=true"/>*
* <!-- Offer SRTP on outbound legs if we have it on inbound. -->*
* <action application="export" data="rtp_secure_media=true"/>*
* </condition>*
ii). Set inbound-late-megotiation to false in sip_profiles/internal.xml..
*<param name="inbound-late-negotiation" value="false"/>*
On Fri, Sep 11, 2015 at 7:30 AM, Giovanni Maruzzelli <gmaruzz at gmail.com>
wrote:
> I would counseil to start from the dafault config, and change one thing at
> time.
> See at which change it breaks.
>
> sent from my mobile,
> Giovanni Maruzzelli
> cell: +39 347 266 56 18
> On Sep 11, 2015 3:47 AM, "Saurabh Kumar Verma" <
> saurabhkumar.verma at vvdntech.com> wrote:
>
>> Hi,
>>
>> Hope you're doing good.
>>
>> I'm facing an issue with having FreeSWITCH (TLS + SRTP).
>>
>> *Issue:* Audio not coming when I've SRTP(media) enabled on both of the
>> soft-phone endpoints.
>> *Observation: *Audio is coming if we don't use SRTP for media
>> encryption.
>>
>>
>> *Set-up Description:*
>> I'm registered using TLS and able to make call through FreeSWITCH, but
>> call is disconnected after 30 sec because there is not media flow between
>> the endpoints.
>> I have two softphone (we're using Linphone as soft-phone) registered on
>> FS server with extension 1003 & 1010, call flow is like:
>>
>> Call Flow
>> 1003 ------> FS Server -------> 1010
>>
>> x.x.x.x - Server Public IP
>> y.y.y.y - Server Local IP
>> *NOTE:* *For security reasons replaced the actual IPs.*
>>
>> FreeSWITCH Version Information:
>> *freeswitch at internal> version*
>> *FreeSWITCH Version 1.4.21+git~20150901T202622Z~a223dd0236~64bit (git
>> a223dd0 2015-09-01 20:26:22Z 64bit)*
>>
>> I've done some changes in default dialplan/configuration in FreeSWITCH:
>>
>> 1. Force FreeSWICTH to listen on TLS port only (By using this parameter *<param
>> name="tls-only" value="true"/> *in internal as well as external profile).
>>
>> *freeswitch at internal> sofia status*
>> * Name Type
>> Data State*
>>
>> *=================================================================================================*
>> * external profile sip:mod_sofia at x.x.x.x:5081
>> RUNNING (0) (TLS)*
>> * external::example.com <http://example.com> gateway
>> sip:joeuser at example.com <sip%3Ajoeuser at example.com> NOREG*
>> * x.x.x.x alias internal
>> ALIASED*
>> * internal profile sip:mod_sofia at x.x.x.x:5061
>> RUNNING (0) (TLS)*
>>
>> *=================================================================================================*
>> *2 profiles 1 alias*
>>
>> 2. Use the ODBC driver for driver (By uncomment this *<!--<param
>> name="odbc-dsn" value="dsn:user:pass"/>-->* in config files)
>>
>>
>> In Linphone soft-client, these are the changes has been done:
>> 1. *TLS *as Transport.
>> 2. *SRTP* in Media encryption.
>>
>>
>> In FreeSWITCH, these are the registration logs showing I'm softphones are
>> using TLS
>> *freeswitch at internal> sofia status profile internal reg*
>>
>> *Registrations:*
>>
>> *=================================================================================================*
>> *Call-ID: xmuVdotDkb*
>> *User: 1003 at x.x.x.x*
>> *Contact: ""
>> <sip:1003 at 180.151.83.178:63093;app-id=622464153529;pn-type=google;pn-tok=APA91bF-MsdZGvDi951jjCoTDSJc2reyR2JvYHlgtwpeE1vLAlG2zrOIrBmwzx6PPPAHKfcE8aqaOHFtYFoLVztBeqAqz9Cr6D6waN7VCWSIQk7dAdm9HXQ;transport=tls>*
>> *Agent: LinphoneAndroid/2.4.1-28-g98516d9 (belle-sip/1.4.1)*
>> *Status: Registered(TLS)(unknown) EXP(2015-09-09 11:16:30)
>> EXPSECS(3137)*
>> *Ping-Status: Reachable*
>> *Host: ip-y-y-y-y.ec2.internal*
>> *IP: 180.151.83.178*
>> *Port: 63093*
>> *Auth-User: 1003*
>> *Auth-Realm: x.x.x.x*
>> *MWI-Account: 1003 at x.x.x.x*
>>
>> *Call-ID: 6B25YNRXb5*
>> *User: 1010 at x.x.x.x*
>> *Contact: ""
>> <sip:1010 at 180.151.83.178:13916;app-id=622464153529;pn-type=google;pn-tok=APA91bFqivAK_KIDpU_6PM0pf0U8rx9DOKm0vhyNRqjE1Dpq_uPRbTbT-BMwxNP5NmEyCMfnKxa-fjEhI2J-lzLkCcfFphO1hL39cE4VNqAnnfDbVeQbvmQ;transport=tls>*
>> *Agent: LinphoneAndroid/2.4.1-28-g98516d9 (belle-sip/1.4.1)*
>> *Status: Registered(TLS)(unknown) EXP(2015-09-09 11:11:31)
>> EXPSECS(2838)*
>> *Ping-Status: Reachable*
>> *Host: ip-y-y-y-y.ec2.internal*
>> *IP: 180.151.83.178*
>> *Port: 13916*
>> *Auth-User: 1010*
>> *Auth-Realm: x.x.x.x*
>> *MWI-Account: 1010 at x.x.x.x*
>>
>> *Total items returned: 2*
>>
>> *=================================================================================================*
>>
>> For an active call I can see in the channels table, I'm able to see
>> secure parameter is set during the call for both of the call legs.
>>
>> *freeswitch=# select * from channels ;*
>> * uuid | direction | created
>> | created_epoch | name | state
>> | cid_name | cid_num | ip_addr *
>> * | dest | application | application_data | dialplan | context |
>> read_codec | read_rate | read_bit_rate | write_codec | write_rate |
>> write_bit_rate | secure *
>> * | hostname | presence_id | presence_data |
>> callstate | callee_name | callee_num | callee_direction |
>> call_uuid | sent_callee_name | sen*
>> *t_callee_num | initial_cid_name | initial_cid_num | initial_ip_addr |
>> initial_dest | initial_dialplan | initial_context *
>>
>> *--------------------------------------+-----------+---------------------+---------------+------------------------------------------+-------------------+----------------+---------+------------*
>>
>> *----+------+-------------+------------------------+----------+---------+------------+-----------+---------------+-------------+------------+----------------+----------------------------------*
>>
>> *-+------------------------------+-------------------+---------------+-----------+---------------+------------+------------------+--------------------------------------+------------------+----*
>>
>> *-------------+------------------+-----------------+-----------------+--------------+------------------+-----------------*
>> * 485d07d6-56da-11e5-ac1a-a53fe62ce2f9 | outbound | 2015-09-09 10:05:22
>> | 1441793122 | sofia/internal/1010 at 180.151.83.178:13916
>> <http://1010@180.151.83.178:13916> | CS_EXCHANGE_MEDIA | Extension 1003 |
>> 1003 | 180.151.83.*
>> *178 | 1010 | | | XML | default |
>> opus | 48000 | 0 | opus | 48000 | 0
>> | srtp:sdes:AES_CM_256_HMAC_SHA1_80*
>> * | ip-172-31-42-34.ec2.internal | 1010 at x.x.x.x | | ACTIVE
>> | Outbound Call | 1010 | SEND |
>> 47fa445c-56da-11e5-abf5-a53fe62ce2f9 | Extension 1003 | 100*
>> *3 | Extension 1003 | 1003 | 180.151.83.178 |
>> 1010 | XML | default*
>> * 47fa445c-56da-11e5-abf5-a53fe62ce2f9 | inbound | 2015-09-09 10:05:22
>> | 1441793122 | sofia/internal/1003 at x.x.x.x | CS_EXECUTE |
>> 1003 | 1003 | 180.151.83.*
>> *178 | 1010 | bridge | user/1010 at x.x.x.x | XML | default | opus
>> | 48000 | 0 | opus | 48000 | 0
>> | srtp:sdes:AES_CM_128_HMAC_SHA1_80*
>> * | ip-172-31-42-34.ec2.internal | 1003 at x.x.x.x | | ACTIVE
>> | Outbound Call | 1010 | SEND |
>> 47fa445c-56da-11e5-abf5-a53fe62ce2f9 | Outbound Call | 101*
>> *0 | 1003 | 1003 | 180.151.83.178 |
>> 1010 | XML | default*
>> *(2 rows)*
>>
>>
>> Attached herewith the complete FreeSWITCH log. Please let me know if any
>> other information is required.
>>
>> Any help from your side would be really appreciated. Seeking some
>> guidance & help from FreeSWITCH team.
>>
>> --
>>
>> *Thanks:*
>>
>> Saurabh Kumar Verma
>>
>> VVDN Technologies Pvt Ltd
>> *Cell* : +91 7042378747 | *Skype* : saurabh.verma001
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
*Thanks:*
Saurabh Kumar Verma
VVDN Technologies Pvt Ltd
*Cell* : +91 7042378747 | *Skype* : saurabh.verma001
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150911/ef7bbac5/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list