[Freeswitch-users] Freeswitch failed to initiate outbound call using SIPs + SRTP (SRTP unprotect )

Sergey Safarov s.safarov at gmail.com
Sat Sep 29 10:35:02 UTC 2018 

As i understand you try overwrite transport to user B registration.
In many case users is located behind NAT and FS cannot establish TLS
connections to B-user.

Think in your case need to disable all non TLS sockets and then simple try
bridge "user/{user}@{domain}"

сб, 29 сент. 2018 г. в 13:20, Chhorm Chhatra <ch.chhatra at gmail.com>:

> Dear Brain West,
> thank you for your response.
> I would like to confirm that either using export or set on a leg of
> "rtp_secure_media=true" with the following dial-string is not working for
> me. One leg call is fine but it does not work for 2-leg call (I could not
> hear the sound and the call terminates after
>   {rtp_secure_media=${regex(${sofia_contact(${dialed_user}@
> ${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@
> ${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}"
>
> On Wed, 1 Aug 2018 at 23:20, Brian West <brian at freeswitch.com> wrote:
>
>> don't us export, set it inside {}, or on use set on a-leg.
>>
>> /b
>>
>>
>> On Tue, Jul 31, 2018 at 9:23 AM, Chhorm Chhatra <ch.chhatra at gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> Currently, I faced a problem regarding SRTP outbound call to user (Leg
>>> B).
>>>
>>> The scenario is like this,
>>>
>>>    - We set up our own root CA to an IP address (e.g 192.168.0.13)
>>>    - We create a server certificate for freeswitch at 192.168.0.13
>>>    - Linphone is used as SIP client and is configured to trust our root
>>>    CA by default.
>>>    - Linphone A is configured to register to Freeswitch vis TLS + SRTP.
>>>    (One leg call to server has both SIPs and SRTP – completely secure)
>>>    - Linphone B is registered to Freeswitch via TLS + SRTP, and waiting
>>>    for Linphone A to call to.
>>>
>>> (One leg call to server, e.g. 9196 (echo test), is completely secure
>>> with SRTP + SIPs)
>>>
>>>    - Unfortunately, if A call to B, only A leg has SIPs + SRTP, but Leg
>>>    B is not encrypted with SRTP and SIPs at all. This causes *SRTP
>>>    unprotect failed with code 7 (auth check failed)**.*
>>>
>>> + Dialplan Configuration
>>>
>>> <action application="set" data="rtp_secure_media=true"/>
>>>
>>> <action application="export" data="rtp_secure_media=true"/>
>>>
>>> The dial-string is <action application="bridge"
>>> data="user/${dialed_extension}@${domain_name}"/>
>>>
>>> + Directory Configruation:
>>>
>>> <param name="dial-string"
>>> value="{rtp_secure_media=${regex(${sofia_contact(${dialed_user}@
>>> ${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@
>>> ${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}" />
>>>
>>> My question is that, is there any configuration left that I have to set
>>> up in order to let freeswitch initiate an outbound call to Leg B correctly
>>> with SRTP and SIPs (tls)?
>>>
>>> Any help would be really appreciated.
>>> Thank you so much.
>>> Best Regard,
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>>
>>
>>
>>
>> --
>>
>> Brian West | Co-founder and Developer
>>
>> Need Commercial support? email sales at freeswitch.com
>>
>> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
>> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>
>> Email: brian at freeswitch.com
>>
>> Mobile: 918-424-9378 <(918)%20424-9378>
>>
>> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>
>> [image: https://www.facebook.com/signalwireinc?src=email]
>> <https://www.facebook.com/freeswitch> [image:
>> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>> _________________________________________________________________________
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>>
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> https://freeswitch.com
>
> _________________________________________________________________________
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180929/9ae1cf5a/attachment-0001.html>

More information about the FreeSWITCH-users mailing list