[Freeswitch-users] Freeswitch failed to initiate outbound call using SIPs + SRTP (SRTP unprotect )

Mon Oct 22 06:21:07 UTC 2018

example of dialstring
https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse/conf/vanilla/directory/default.xml#24

вс, 21 окт. 2018 г. в 21:12, Chhorm Chhatra <ch.chhatra at gmail.com>:

> Thank you Safarov for your solution.
> I am not quite sure about reverting the dial-string part.
> Could you please electorate on how can I revert the dial-string?
> Do I need to remove the dial-string from the dialplan or from the user
> directory configuration?
> Thank you in advance.
>
> On Sat, Sep 29, 2018 at 10:52 PM Sergey Safarov <s.safarov at gmail.com>
> wrote:
>
>> Need to revert back "dial-string" in directory config
>> Also important "sips" and "sip" uri different. Please make sure you not
>> use sips uri in client side.
>>
>> Sergey
>>
>> сб, 29 сент. 2018 г. в 13:35, Sergey Safarov <s.safarov at gmail.com>:
>>
>>> As i understand you try overwrite transport to user B registration.
>>> In many case users is located behind NAT and FS cannot establish TLS
>>> connections to B-user.
>>>
>>> Think in your case need to disable all non TLS sockets and then simple
>>> try bridge "user/{user}@{domain}"
>>>
>>> сб, 29 сент. 2018 г. в 13:20, Chhorm Chhatra <ch.chhatra at gmail.com>:
>>>
>>>> Dear Brain West,
>>>> thank you for your response.
>>>> I would like to confirm that either using export or set on a leg of
>>>> "rtp_secure_media=true" with the following dial-string is not working for
>>>> me. One leg call is fine but it does not work for 2-leg call (I could not
>>>> hear the sound and the call terminates after
>>>>   {rtp_secure_media=${regex(${sofia_contact(${dialed_user}@
>>>> ${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@
>>>> ${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}"
>>>>
>>>> On Wed, 1 Aug 2018 at 23:20, Brian West <brian at freeswitch.com> wrote:
>>>>
>>>>> don't us export, set it inside {}, or on use set on a-leg.
>>>>>
>>>>> /b
>>>>>
>>>>>
>>>>> On Tue, Jul 31, 2018 at 9:23 AM, Chhorm Chhatra <ch.chhatra at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> Currently, I faced a problem regarding SRTP outbound call to user
>>>>>> (Leg B).
>>>>>>
>>>>>> The scenario is like this,
>>>>>>
>>>>>>    - We set up our own root CA to an IP address (e.g 192.168.0.13)
>>>>>>    - We create a server certificate for freeswitch at 192.168.0.13
>>>>>>    - Linphone is used as SIP client and is configured to trust our
>>>>>>    root CA by default.
>>>>>>    - Linphone A is configured to register to Freeswitch vis TLS +
>>>>>>    SRTP. (One leg call to server has both SIPs and SRTP – completely secure)
>>>>>>    - Linphone B is registered to Freeswitch via TLS + SRTP, and
>>>>>>    waiting for Linphone A to call to.
>>>>>>
>>>>>> (One leg call to server, e.g. 9196 (echo test), is completely secure
>>>>>> with SRTP + SIPs)
>>>>>>
>>>>>>    - Unfortunately, if A call to B, only A leg has SIPs + SRTP, but
>>>>>>    Leg B is not encrypted with SRTP and SIPs at all. This causes *SRTP
>>>>>>    unprotect failed with code 7 (auth check failed)**.*
>>>>>>
>>>>>> + Dialplan Configuration
>>>>>>
>>>>>> <action application="set" data="rtp_secure_media=true"/>
>>>>>>
>>>>>> <action application="export" data="rtp_secure_media=true"/>
>>>>>>
>>>>>> The dial-string is <action application="bridge"
>>>>>> data="user/${dialed_extension}@${domain_name}"/>
>>>>>>
>>>>>> + Directory Configruation:
>>>>>>
>>>>>> <param name="dial-string"
>>>>>> value="{rtp_secure_media=${regex(${sofia_contact(${dialed_user}@
>>>>>> ${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@
>>>>>> ${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}"
>>>>>> />
>>>>>>
>>>>>> My question is that, is there any configuration left that I have to
>>>>>> set up in order to let freeswitch initiate an outbound call to Leg B
>>>>>> correctly with SRTP and SIPs (tls)?
>>>>>>
>>>>>> Any help would be really appreciated.
>>>>>> Thank you so much.
>>>>>> Best Regard,
>>>>>>
>>>>>>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Services
>>>>>> sales at freeswitch.com
>>>>>> https://freeswitch.com
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> https://freeswitch.com/oss
>>>>>> https://freeswitch.org/confluence
>>>>>> https://cluecon.com
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> https://freeswitch.com
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Brian West | Co-founder and Developer
>>>>>
>>>>> Need Commercial support? email sales at freeswitch.com
>>>>>
>>>>> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
>>>>> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>>>>
>>>>> Email: brian at freeswitch.com
>>>>>
>>>>> Mobile: 918-424-9378 <(918)%20424-9378>
>>>>>
>>>>> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>>>>
>>>>> [image: https://www.facebook.com/signalwireinc?src=email]
>>>>> <https://www.facebook.com/freeswitch> [image:
>>>>> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Services
>>>>> sales at freeswitch.com
>>>>> https://freeswitch.com
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> https://freeswitch.com/oss
>>>>> https://freeswitch.org/confluence
>>>>> https://cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> https://freeswitch.com
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Services
>>>> sales at freeswitch.com
>>>> https://freeswitch.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> https://freeswitch.com/oss
>>>> https://freeswitch.org/confluence
>>>> https://cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> https://freeswitch.com
>>>
>>> _________________________________________________________________________
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>>
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> https://freeswitch.com
>
> _________________________________________________________________________
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20181022/08fbb386/attachment-0001.html>