[Freeswitch-users] Freeswitch failed to initiate outbound call using SIPs + SRTP (SRTP unprotect )

Sergey Safarov s.safarov at gmail.com
Sat Sep 29 10:37:39 UTC 2018 

Need to revert back "dial-string" in directory config
Also important "sips" and "sip" uri different. Please make sure you not use
sips uri in client side.

Sergey

сб, 29 сент. 2018 г. в 13:35, Sergey Safarov <s.safarov at gmail.com>:

> As i understand you try overwrite transport to user B registration.
> In many case users is located behind NAT and FS cannot establish TLS
> connections to B-user.
>
> Think in your case need to disable all non TLS sockets and then simple try
> bridge "user/{user}@{domain}"
>
> сб, 29 сент. 2018 г. в 13:20, Chhorm Chhatra <ch.chhatra at gmail.com>:
>
>> Dear Brain West,
>> thank you for your response.
>> I would like to confirm that either using export or set on a leg of
>> "rtp_secure_media=true" with the following dial-string is not working for
>> me. One leg call is fine but it does not work for 2-leg call (I could not
>> hear the sound and the call terminates after
>>   {rtp_secure_media=${regex(${sofia_contact(${dialed_user}@
>> ${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@
>> ${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}"
>>
>> On Wed, 1 Aug 2018 at 23:20, Brian West <brian at freeswitch.com> wrote:
>>
>>> don't us export, set it inside {}, or on use set on a-leg.
>>>
>>> /b
>>>
>>>
>>> On Tue, Jul 31, 2018 at 9:23 AM, Chhorm Chhatra <ch.chhatra at gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> Currently, I faced a problem regarding SRTP outbound call to user (Leg
>>>> B).
>>>>
>>>> The scenario is like this,
>>>>
>>>>    - We set up our own root CA to an IP address (e.g 192.168.0.13)
>>>>    - We create a server certificate for freeswitch at 192.168.0.13
>>>>    - Linphone is used as SIP client and is configured to trust our
>>>>    root CA by default.
>>>>    - Linphone A is configured to register to Freeswitch vis TLS +
>>>>    SRTP. (One leg call to server has both SIPs and SRTP – completely secure)
>>>>    - Linphone B is registered to Freeswitch via TLS + SRTP, and
>>>>    waiting for Linphone A to call to.
>>>>
>>>> (One leg call to server, e.g. 9196 (echo test), is completely secure
>>>> with SRTP + SIPs)
>>>>
>>>>    - Unfortunately, if A call to B, only A leg has SIPs + SRTP, but
>>>>    Leg B is not encrypted with SRTP and SIPs at all. This causes *SRTP
>>>>    unprotect failed with code 7 (auth check failed)**.*
>>>>
>>>> + Dialplan Configuration
>>>>
>>>> <action application="set" data="rtp_secure_media=true"/>
>>>>
>>>> <action application="export" data="rtp_secure_media=true"/>
>>>>
>>>> The dial-string is <action application="bridge"
>>>> data="user/${dialed_extension}@${domain_name}"/>
>>>>
>>>> + Directory Configruation:
>>>>
>>>> <param name="dial-string"
>>>> value="{rtp_secure_media=${regex(${sofia_contact(${dialed_user}@
>>>> ${dialed_domain})}|transport=tls)},presence_id=${dialed_user}@
>>>> ${dialed_domain}}${sofia_contact(${dialed_user}@${dialed_domain})}" />
>>>>
>>>> My question is that, is there any configuration left that I have to set
>>>> up in order to let freeswitch initiate an outbound call to Leg B correctly
>>>> with SRTP and SIPs (tls)?
>>>>
>>>> Any help would be really appreciated.
>>>> Thank you so much.
>>>> Best Regard,
>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Services
>>>> sales at freeswitch.com
>>>> https://freeswitch.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> https://freeswitch.com/oss
>>>> https://freeswitch.org/confluence
>>>> https://cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> https://freeswitch.com
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Brian West | Co-founder and Developer
>>>
>>> Need Commercial support? email sales at freeswitch.com
>>>
>>> FreeSWITCH Solutions | 17345 Civic Drive #2531 Brookfield, WI 53045
>>> <https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g>
>>>
>>> Email: brian at freeswitch.com
>>>
>>> Mobile: 918-424-9378 <(918)%20424-9378>
>>>
>>> Website: https://www.FreeSWITCH.com <https://www.freeswitch.com/>
>>>
>>> [image: https://www.facebook.com/signalwireinc?src=email]
>>> <https://www.facebook.com/freeswitch> [image:
>>> https://twitter.com/freeswitch] <https://twitter.com/freeswitch>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Services
>> sales at freeswitch.com
>> https://freeswitch.com
>>
>> Official FreeSWITCH Sites
>> https://freeswitch.com/oss
>> https://freeswitch.org/confluence
>> https://cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> https://freeswitch.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20180929/38202223/attachment-0001.html>

More information about the FreeSWITCH-users mailing list