[Freeswitch-users] Freeswitch failed to initiate outbound call using SIPs + SRTP (SRTP unprotect )
Chhorm Chhatra
ch.chhatra at gmail.com
Sun Oct 21 03:50:08 UTC 2018
Thank you Safarov for your solution.
I am not quite sure about reverting the dial-string part.
Could you please electorate on how can I revert the dial-string?
Do I need to remove the dial-string from the dialplan or from the user
directory configuration?
Thank you in advance.
On Sat, Sep 29, 2018 at 10:52 PM Sergey Safarov <s.safarov at gmail.com> wrote:
> Need to revert back "dial-string" in directory config
> Also important "sips" and "sip" uri different. Please make sure you not
> use sips uri in client side.
>
> Sergey
>
> сб, 29 сент. 2018 г. в 13:35, Sergey Safarov <s.safarov at gmail.com>:
>
>> As i understand you try overwrite transport to user B registration.
>> In many case users is located behind NAT and FS cannot establish TLS
>> connections to B-user.
>>
>> Think in your case need to disable all non TLS sockets and then simple
>> try bridge "user/{user}@{domain}"
>>
>> сб, 29 сент. 2018 г. в 13:20, Chhorm Chhatra <ch.chhatra at gmail.com>:
>>
>>> Dear Brain West,
>>> thank you for your response.
>>> I would like to confirm that either using export or set on a leg of
>>> "rtp_secure_media=true" with the following dial-string is not working for
>>> me. One leg call is fine but it does not work for 2-leg call (I could not
>>> hear the sound and the call terminates after
>>> {rtp_secure_media=${regex(${sofia_contact(${dialed_user}@
>>> ${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@
>>> ${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}"
>>>
>>> On Wed, 1 Aug 2018 at 23:20, Brian West <brian at freeswitch.com> wrote:
>>>
>>>> don't us export, set it inside {}, or on use set on a-leg.
>>>>
>>>> /b
>>>>
>>>>
>>>> On Tue, Jul 31, 2018 at 9:23 AM, Chhorm Chhatra <ch.chhatra at gmail.com>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> Currently, I faced a problem regarding SRTP outbound call to user (Leg
>>>>> B).
>>>>>
>>>>> The scenario is like this,
>>>>>
>>>>> - We set up our own root CA to an IP address (e.g 192.168.0.13)
>>>>> - We create a server certificate for freeswitch at 192.168.0.13
>>>>> - Linphone is used as SIP client and is configured to trust our
>>>>> root CA by default.
>>>>> - Linphone A is configured to register to Freeswitch vis TLS +
>>>>> SRTP. (One leg call to server has both SIPs and SRTP – completely secure)
>>>>> - Linphone B is registered to Freeswitch via TLS + SRTP, and
>>>>> waiting for Linphone A to call to.
>>>>>
>>>>> (One leg call to server, e.g. 9196 (echo test), is completely secure
>>>>> with SRTP + SIPs)
>>>>>
>>>>> - Unfortunately, if A call to B, only A leg has SIPs + SRTP, but
>>>>> Leg B is not encrypted with SRTP and SIPs at all. This causes *SRTP
>>>>> unprotect failed with code 7 (auth check failed)**.*
>>>>>
>>>>> + Dialplan Configuration
>>>>>
>>>>> <action application="set" data="rtp_secure_media=true"/>
>>>>>
>>>>> <action application="export" data="rtp_secure_media=true"/>
>>>>>
>>>>> The dial-string is <action application="bridge"
>>>>> data="user/${dialed_extension}@${domain_name}"/>
>>>>>
>>>>> + Directory Configruation:
>>>>>
>>>>> <param name="dial-string"
>>>>> value="{rtp_secure_media=${regex(${sofia_contact(${dialed_user}@
>>>>> ${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@
>>>>> ${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}" />
>>>>>
>>>>> My question is that, is there any configuration left that I have to
>>>>> set up in order to let freeswitch initiate an outbound call to Leg B
>>>>> correctly with SRTP and SIPs (tls)?
>>>>>
>>>>> Any help would be really appreciated.
>>>>> Thank you so much.
>>>>> Best Regard,
>>>>>
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Services
>>>>> sales at freeswitch.com
>>>>> https://freeswitch.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> https://freeswitch.com/oss
>>>>> https://freeswitch.org/confluence
>>>>> https://cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> https://freeswitch.com
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Brian West | Co-founder and Developer
>>>>
>>>> Need Commercial support? email sales at freeswitch.com
>>>>
>>>> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
>>>> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>>>
>>>> Email: brian at freeswitch.com
>>>>
>>>> Mobile: 918-424-9378 <(918)%20424-9378>
>>>>
>>>> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>>>
>>>> [image: https://www.facebook.com/signalwireinc?src=email]
>>>> <https://www.facebook.com/freeswitch> [image:
>>>> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Services
>>>> sales at freeswitch.com
>>>> https://freeswitch.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> https://freeswitch.com/oss
>>>> https://freeswitch.org/confluence
>>>> https://cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> https://freeswitch.com
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>
>> _________________________________________________________________________
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20181021/321f9aa6/attachment-0001.html>
More information about the FreeSWITCH-users
mailing list