[Freeswitch-users] Freeswitch failed to initiate outbound call using SIPs + SRTP (SRTP unprotect )

Brian West brian at freeswitch.com
Wed Aug 1 16:16:11 UTC 2018


don't us export, set it inside {}, or on use set on a-leg.

/b


On Tue, Jul 31, 2018 at 9:23 AM, Chhorm Chhatra <ch.chhatra at gmail.com>
wrote:

> Hello,
>
> Currently, I faced a problem regarding SRTP outbound call to user (Leg B).
>
> The scenario is like this,
>
>    - We set up our own root CA to an IP address (e.g 192.168.0.13)
>    - We create a server certificate for freeswitch at 192.168.0.13
>    - Linphone is used as SIP client and is configured to trust our root
>    CA by default.
>    - Linphone A is configured to register to Freeswitch vis TLS + SRTP.
>    (One leg call to server has both SIPs and SRTP – completely secure)
>    - Linphone B is registered to Freeswitch via TLS + SRTP, and waiting
>    for Linphone A to call to.
>
> (One leg call to server, e.g. 9196 (echo test), is completely secure with
> SRTP + SIPs)
>
>    - Unfortunately, if A call to B, only A leg has SIPs + SRTP, but Leg B
>    is not encrypted with SRTP and SIPs at all. This causes *SRTP
>    unprotect failed with code 7 (auth check failed)**.*
>
> + Dialplan Configuration
>
> <action application="set" data="rtp_secure_media=true"/>
>
> <action application="export" data="rtp_secure_media=true"/>
>
> The dial-string is <action application="bridge"
> data="user/${dialed_extension}@${domain_name}"/>
>
> + Directory Configruation:
>
> <param name="dial-string" value="{rtp_secure_media=${reg
> ex(${sofia_contact(${dialed_user}@${dialed_domain})}|
> transport=tls)},presence_id=${dialed_user}@${dialed_domain}}
> ${sofia_contact(${dialed_user}@${dialed_domain})}" />
>
> My question is that, is there any configuration left that I have to set up
> in order to let freeswitch initiate an outbound call to Leg B correctly
> with SRTP and SIPs (tls)?
>
> Any help would be really appreciated.
> Thank you so much.
> Best Regard,
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
>



-- 

Brian West | Co-founder and Developer

Need Commercial support? email sales at freeswitch.com

FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
<https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>

Email: brian at freeswitch.com

Mobile: 918-424-9378

Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>

[image: https://www.facebook.com/signalwireinc?src=email]
<https://www.facebook.com/freeswitch> [image:
https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180801/2fb45186/attachment.html>


More information about the FreeSWITCH-users mailing list