[Freeswitch-users] Issue connecting to FS with SRTP

Oleg Stolyar olegstolyar at gmail.com
Thu Aug 18 07:08:54 MSD 2016 

Thanks guys,  the connection happens fine now.  For some strange reason the
client send the BYE signal almost as soon as it gets the OK from FS (which
does not happen with SDES) but I'll work with the SDK developers on that or
just stick with SDES.

On Wed, Aug 17, 2016 at 10:51 AM, Michael Jerris <mike at jerris.com> wrote:

> Thats the old one.  The one to look at that adds these is:
>
> https://tools.ietf.org/html/rfc5764#section-8
>
> its in master now supporting SAVP as well.
>
>
> On Aug 17, 2016, at 1:44 PM, Sergey Safarov <s.safarov at gmail.com> wrote:
>
> Look at rfc4566, section-5.14
> <https://tools.ietf.org/html/rfc4566#section-5.14>
>
> ср, 17 авг. 2016 г. в 17:37, Oleg Stolyar <olegstolyar at gmail.com>:
>
>> Is there some RFC or some other authoritative source that would say
>> whether "UDP/TLS/RTP/SAVP" or "RTP/SAVP" is the correct value for
>> DLTS-SRTP for NON-WebRTC connections?
>>
>> If the former, then I'll file a Jira in FS.  If the latter, I'll work
>> with the SDK developers to fix.
>>
>> On Wed, Aug 17, 2016 at 7:18 AM, Sergey Safarov <s.safarov at gmail.com>
>> wrote:
>>
>>> Correct way to fix on client side but if it is not possible then SDP
>>> rewrite can be made on server side.
>>> For SRD rewrite on server side i recoment use kamailio proxy server.
>>>
>>> About DTLS. I has found that use DTLS requres modern crypro lib. Try
>>> FreeSwitch on fedora server distr or other with modern crypto lib.
>>>
>>> Sergey.
>>>
>>> ср, 17 авг. 2016 г. в 13:23, Oleg Stolyar <olegstolyar at gmail.com>:
>>>
>>>> I think you are right Sergey.  Should it be fixed on the FS side or on
>>>> the client SDK side though?  Which is the right value?
>>>>
>>>> By the way, the SDK can do either dtls or sdes.  This issue happens
>>>> with dtls.  Sdes works fine and I can establish a call.
>>>>
>>>> On Aug 16, 2016 10:14 PM, "Sergey Safarov" <s.safarov at gmail.com> wrote:
>>>>
>>>> Think issue related to "m=audio 61434 UDP/TLS/RTP/SAVP"
>>>> Try "m=audio 61434 RTP/SAVP"
>>>>
>>>> ср, 17 авг. 2016 г. в 5:35, Oleg Stolyar <olegstolyar at gmail.com>:
>>>>
>>>>> Thanks Gonzalo,
>>>>>
>>>>> That setup on the FS side refers to TLS and as I said TLS is working
>>>>> for me, I have it set up.
>>>>>
>>>>> SRTP should work out of the box AFAIK.  I suspect there is something
>>>>> in the SDP I posted that FS considers to be non-compliant with the specs.
>>>>> Not sure what though and whether it's a bug in FS or in the client SDK I am
>>>>> using.
>>>>>
>>>>> On Tue, Aug 16, 2016 at 7:22 PM, Gonzalo Gasca Meza <
>>>>> gascagonzalo at gmail.com> wrote:
>>>>>
>>>>>> Did you enable/configure SRTP? This
>>>>>> <http://twilio-marketing-prod.elasticbeanstalk.com/resources/images/docs/TwilioSecure-Freeswitch.pdf>
>>>>>> is a sample guide I use for Twilio TLS/SRTP which can help
>>>>>> Can you post all logs?
>>>>>>
>>>>>>
>>>>>> On Tue, Aug 16, 2016 at 6:10 PM, Oleg Stolyar <olegstolyar at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi guys,
>>>>>>>
>>>>>>> I am trying to connect to FS using the CounterPath SDK for Android.
>>>>>>> I use TLS for signalling.  All works well until I try to enable SRTP.  Then
>>>>>>> FS rejects the call the INCOMPATIBLE_DESTINATION message.  Is there
>>>>>>> something wrong with the SDP?  Here are the relevant SDPs from the INVITES.
>>>>>>>
>>>>>>> NON-SRTP (works)
>>>>>>>    v=0
>>>>>>>    o=- 622419737965 1 IN IP4 192.168.1.78
>>>>>>>    s=
>>>>>>>    c=IN IP4 192.168.1.78
>>>>>>>    t=0 0
>>>>>>>    m=audio 57194 RTP/AVP 3 120 123 122 121 9 8 0 84 85 18 101
>>>>>>>    a=rtpmap:120 opus/48000/2
>>>>>>>    a=fmtp:120 useinbandfec=1; usedtx=1; maxaveragebitrate=64000
>>>>>>>    a=rtpmap:123 SILK/24000
>>>>>>>    a=rtpmap:122 SILK/16000
>>>>>>>    a=rtpmap:121 SILK/8000
>>>>>>>    a=rtpmap:84 speex/16000
>>>>>>>    a=rtpmap:85 speex/8000
>>>>>>>    a=rtpmap:18 G729/8000
>>>>>>>    a=fmtp:18 annexb=yes
>>>>>>>    a=rtpmap:101 telephone-event/8000
>>>>>>>    a=fmtp:101 0-15
>>>>>>>    a=sendrecv
>>>>>>>
>>>>>>> SRTP (does not work)
>>>>>>>    v=0
>>>>>>>    o=- 622187157154 1 IN IP4 192.168.1.78
>>>>>>>    s=
>>>>>>>    c=IN IP4 192.168.1.78
>>>>>>>    t=0 0
>>>>>>>    a=fingerprint:SHA-256 4D:08:D6:49:9E:CA:77:A2:77:74:
>>>>>>> 02:A0:B9:92:32:2F:2D:76:7D:59:7F:A4:CA:85:16:BA:D0:27:0A:74:1C:0F
>>>>>>>    a=setup:actpass
>>>>>>>    m=audio 61434 UDP/TLS/RTP/SAVP 3 120 123 122 121 9 8 0 84 85 18
>>>>>>> 101
>>>>>>>    a=rtpmap:120 opus/48000/2
>>>>>>>    a=fmtp:120 useinbandfec=1; usedtx=1; maxaveragebitrate=64000
>>>>>>>    a=rtpmap:123 SILK/24000
>>>>>>>    a=rtpmap:122 SILK/16000
>>>>>>>    a=rtpmap:121 SILK/8000
>>>>>>>    a=rtpmap:84 speex/16000
>>>>>>>    a=rtpmap:85 speex/8000
>>>>>>>    a=rtpmap:18 G729/8000
>>>>>>>    a=fmtp:18 annexb=yes
>>>>>>>    a=rtpmap:101 telephone-event/8000
>>>>>>>    a=fmtp:101 0-15
>>>>>>>    a=sendrecv
>>>>>>>
>>>>>>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160817/12ce5416/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list