[Freeswitch-users] Audio Issue with FreeSWITCH (TLS + SRTP)
Jurijs Ivolga
jurij.ivo at gmail.com
Fri Sep 11 18:29:15 MSD 2015
Hi Saurabh,
I faced same issue with Linphone and it looks like there is bug in
Linphone, so it choose wrong cipher for SRTP. As you can see on both
clients it uses different ciphers: *srtp:sdes:AES_CM_256_HMAC_SHA1_80 & *
*srtp:sdes:AES_CM_128_HMAC_SHA1_80*.To make this work you need same ciphers
on both channels. I tried with Blink and Blink worked for me, using SRTP on
Freeswitch. Try other sip-client instead Linphone, if ti will work, then
probably it will be a Linphone bug.
Nevertheless I tried to configure Freeswitch to force Linphone to use only
one specific cipher, but never succeeded, maybe you can try to do same.
Maybe there is same bug on Linphone which do not allow this... Never had a
time to look on this issue closer...
With kind regards,
Jurijs
2015-09-11 17:18 GMT+03:00 Saurabh Kumar Verma <
saurabhkumar.verma at vvdntech.com>:
> Hi,
>
> So audio is working properly until we don't set these following parameters
> (Changes has been done because we don't able to see secure parameter is set
> in *channels* table & it's set only for caller's endpoint).
>
> i). Change in default.xml in dialplan:
> *<condition field="${rtp_has_crypto}" expression="^($${rtp_sdes_suites})$"
> break="never">*
> * <action application="set" data="rtp_secure_media=true"/>*
> * <!-- Offer SRTP on outbound legs if we have it on inbound. -->*
> * <action application="export" data="rtp_secure_media=true"/>*
> * </condition>*
>
> * <!--*
> * Since we have inbound-late-negotation on by default now the*
> * above behavior isn't the same so you have to do one extra step.*
> * -->*
> * <condition field="${endpoint_disposition}" expression="^(DELAYED
> NEGOTIATION)"/>*
> * <condition field="${switch_r_sdp}"
> expression="(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)"
> break="never">*
> * <action application="set" data="rtp_secure_media=true"/>*
> * <!-- Offer SRTP on outbound legs if we have it on inbound. -->*
> * <action application="export" data="rtp_secure_media=true"/>*
> * </condition>*
>
>
> ii). Set inbound-late-megotiation to false in sip_profiles/internal.xml..
>
> *<param name="inbound-late-negotiation" value="false"/>*
>
> On Fri, Sep 11, 2015 at 7:30 AM, Giovanni Maruzzelli <gmaruzz at gmail.com>
> wrote:
>
>> I would counseil to start from the dafault config, and change one thing
>> at time.
>> See at which change it breaks.
>>
>> sent from my mobile,
>> Giovanni Maruzzelli
>> cell: +39 347 266 56 18
>> On Sep 11, 2015 3:47 AM, "Saurabh Kumar Verma" <
>> saurabhkumar.verma at vvdntech.com> wrote:
>>
>>> Hi,
>>>
>>> Hope you're doing good.
>>>
>>> I'm facing an issue with having FreeSWITCH (TLS + SRTP).
>>>
>>> *Issue:* Audio not coming when I've SRTP(media) enabled on both of the
>>> soft-phone endpoints.
>>> *Observation: *Audio is coming if we don't use SRTP for media
>>> encryption.
>>>
>>>
>>> *Set-up Description:*
>>> I'm registered using TLS and able to make call through FreeSWITCH, but
>>> call is disconnected after 30 sec because there is not media flow between
>>> the endpoints.
>>> I have two softphone (we're using Linphone as soft-phone) registered on
>>> FS server with extension 1003 & 1010, call flow is like:
>>>
>>> Call Flow
>>> 1003 ------> FS Server -------> 1010
>>>
>>> x.x.x.x - Server Public IP
>>> y.y.y.y - Server Local IP
>>> *NOTE:* *For security reasons replaced the actual IPs.*
>>>
>>> FreeSWITCH Version Information:
>>> *freeswitch at internal> version*
>>> *FreeSWITCH Version 1.4.21+git~20150901T202622Z~a223dd0236~64bit (git
>>> a223dd0 2015-09-01 20:26:22Z 64bit)*
>>>
>>> I've done some changes in default dialplan/configuration in FreeSWITCH:
>>>
>>> 1. Force FreeSWICTH to listen on TLS port only (By using this parameter *<param
>>> name="tls-only" value="true"/> *in internal as well as external
>>> profile).
>>>
>>> *freeswitch at internal> sofia status*
>>> * Name Type
>>> Data State*
>>>
>>> *=================================================================================================*
>>> * external profile sip:mod_sofia at x.x.x.x:5081
>>> RUNNING (0) (TLS)*
>>> * external::example.com <http://example.com> gateway
>>> sip:joeuser at example.com <sip%3Ajoeuser at example.com> NOREG*
>>> * x.x.x.x alias internal
>>> ALIASED*
>>> * internal profile sip:mod_sofia at x.x.x.x:5061
>>> RUNNING (0) (TLS)*
>>>
>>> *=================================================================================================*
>>> *2 profiles 1 alias*
>>>
>>> 2. Use the ODBC driver for driver (By uncomment this *<!--<param
>>> name="odbc-dsn" value="dsn:user:pass"/>-->* in config files)
>>>
>>>
>>> In Linphone soft-client, these are the changes has been done:
>>> 1. *TLS *as Transport.
>>> 2. *SRTP* in Media encryption.
>>>
>>>
>>> In FreeSWITCH, these are the registration logs showing I'm softphones
>>> are using TLS
>>> *freeswitch at internal> sofia status profile internal reg*
>>>
>>> *Registrations:*
>>>
>>> *=================================================================================================*
>>> *Call-ID: xmuVdotDkb*
>>> *User: 1003 at x.x.x.x*
>>> *Contact: ""
>>> <sip:1003 at 180.151.83.178:63093;app-id=622464153529;pn-type=google;pn-tok=APA91bF-MsdZGvDi951jjCoTDSJc2reyR2JvYHlgtwpeE1vLAlG2zrOIrBmwzx6PPPAHKfcE8aqaOHFtYFoLVztBeqAqz9Cr6D6waN7VCWSIQk7dAdm9HXQ;transport=tls>*
>>> *Agent: LinphoneAndroid/2.4.1-28-g98516d9 (belle-sip/1.4.1)*
>>> *Status: Registered(TLS)(unknown) EXP(2015-09-09 11:16:30)
>>> EXPSECS(3137)*
>>> *Ping-Status: Reachable*
>>> *Host: ip-y-y-y-y.ec2.internal*
>>> *IP: 180.151.83.178*
>>> *Port: 63093*
>>> *Auth-User: 1003*
>>> *Auth-Realm: x.x.x.x*
>>> *MWI-Account: 1003 at x.x.x.x*
>>>
>>> *Call-ID: 6B25YNRXb5*
>>> *User: 1010 at x.x.x.x*
>>> *Contact: ""
>>> <sip:1010 at 180.151.83.178:13916;app-id=622464153529;pn-type=google;pn-tok=APA91bFqivAK_KIDpU_6PM0pf0U8rx9DOKm0vhyNRqjE1Dpq_uPRbTbT-BMwxNP5NmEyCMfnKxa-fjEhI2J-lzLkCcfFphO1hL39cE4VNqAnnfDbVeQbvmQ;transport=tls>*
>>> *Agent: LinphoneAndroid/2.4.1-28-g98516d9 (belle-sip/1.4.1)*
>>> *Status: Registered(TLS)(unknown) EXP(2015-09-09 11:11:31)
>>> EXPSECS(2838)*
>>> *Ping-Status: Reachable*
>>> *Host: ip-y-y-y-y.ec2.internal*
>>> *IP: 180.151.83.178*
>>> *Port: 13916*
>>> *Auth-User: 1010*
>>> *Auth-Realm: x.x.x.x*
>>> *MWI-Account: 1010 at x.x.x.x*
>>>
>>> *Total items returned: 2*
>>>
>>> *=================================================================================================*
>>>
>>> For an active call I can see in the channels table, I'm able to see
>>> secure parameter is set during the call for both of the call legs.
>>>
>>> *freeswitch=# select * from channels ;*
>>> * uuid | direction | created
>>> | created_epoch | name | state
>>> | cid_name | cid_num | ip_addr *
>>> * | dest | application | application_data | dialplan | context
>>> | read_codec | read_rate | read_bit_rate | write_codec | write_rate |
>>> write_bit_rate | secure *
>>> * | hostname | presence_id | presence_data |
>>> callstate | callee_name | callee_num | callee_direction |
>>> call_uuid | sent_callee_name | sen*
>>> *t_callee_num | initial_cid_name | initial_cid_num | initial_ip_addr |
>>> initial_dest | initial_dialplan | initial_context *
>>>
>>> *--------------------------------------+-----------+---------------------+---------------+------------------------------------------+-------------------+----------------+---------+------------*
>>>
>>> *----+------+-------------+------------------------+----------+---------+------------+-----------+---------------+-------------+------------+----------------+----------------------------------*
>>>
>>> *-+------------------------------+-------------------+---------------+-----------+---------------+------------+------------------+--------------------------------------+------------------+----*
>>>
>>> *-------------+------------------+-----------------+-----------------+--------------+------------------+-----------------*
>>> * 485d07d6-56da-11e5-ac1a-a53fe62ce2f9 | outbound | 2015-09-09 10:05:22
>>> | 1441793122 | sofia/internal/1010 at 180.151.83.178:13916
>>> <http://1010@180.151.83.178:13916> | CS_EXCHANGE_MEDIA | Extension 1003 |
>>> 1003 | 180.151.83.*
>>> *178 | 1010 | | | XML | default
>>> | opus | 48000 | 0 | opus | 48000 | 0
>>> | srtp:sdes:AES_CM_256_HMAC_SHA1_80*
>>> * | ip-172-31-42-34.ec2.internal | 1010 at x.x.x.x | | ACTIVE
>>> | Outbound Call | 1010 | SEND |
>>> 47fa445c-56da-11e5-abf5-a53fe62ce2f9 | Extension 1003 | 100*
>>> *3 | Extension 1003 | 1003 | 180.151.83.178 |
>>> 1010 | XML | default*
>>> * 47fa445c-56da-11e5-abf5-a53fe62ce2f9 | inbound | 2015-09-09 10:05:22
>>> | 1441793122 | sofia/internal/1003 at x.x.x.x | CS_EXECUTE |
>>> 1003 | 1003 | 180.151.83.*
>>> *178 | 1010 | bridge | user/1010 at x.x.x.x | XML | default |
>>> opus | 48000 | 0 | opus | 48000 | 0
>>> | srtp:sdes:AES_CM_128_HMAC_SHA1_80*
>>> * | ip-172-31-42-34.ec2.internal | 1003 at x.x.x.x | | ACTIVE
>>> | Outbound Call | 1010 | SEND |
>>> 47fa445c-56da-11e5-abf5-a53fe62ce2f9 | Outbound Call | 101*
>>> *0 | 1003 | 1003 | 180.151.83.178 |
>>> 1010 | XML | default*
>>> *(2 rows)*
>>>
>>>
>>> Attached herewith the complete FreeSWITCH log. Please let me know if any
>>> other information is required.
>>>
>>> Any help from your side would be really appreciated. Seeking some
>>> guidance & help from FreeSWITCH team.
>>>
>>> --
>>>
>>> *Thanks:*
>>>
>>> Saurabh Kumar Verma
>>>
>>> VVDN Technologies Pvt Ltd
>>> *Cell* : +91 7042378747 | *Skype* : saurabh.verma001
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
>
> *Thanks:*
>
> Saurabh Kumar Verma
>
> VVDN Technologies Pvt Ltd
> *Cell* : +91 7042378747 | *Skype* : saurabh.verma001
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150911/b07f247b/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list