Sponsor: VoiceMeUp - Corporate & Wholesale VoIP Services

VoIP Mailing List Archives
Mailing list archives for the VoIP community
 SearchSearch 

[Freeswitch-users] TLS and SRTP between 2 Freeswitch servers


 
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users
View previous topic :: View next topic  
Author Message
Prometheus001 at gmx.net
Guest





PostPosted: Tue Aug 26, 2008 4:54 pm    Post subject: [Freeswitch-users] TLS and SRTP between 2 Freeswitch servers Reply with quote

I have tried to set this up, but I need some help to get TLS to work

What does work:
I setup 2 freeswitch servers with IP xxx.xxx.xxx.55 and xxx.xxx.xxx.56.
They are connected via UDP/Port 5060 (SIP)
I have 2 snom phones connected to the servers via TLS (1002@
xxx.xxx.xxx.55 and 1003@ xxx.xxx.xxx.56)
Server1 registers to Server2 as UA 1007
I can dial "8001" on 1002@server and reach 1003@server2 and make a call

What doesn't work
If I try to change the communication to TLS/SRTP between the 2 servers
it fails (I think due to missing knowledge on my side)

here is my conf:
FS Server 1
dialplan/default.xml: Route 8001 to 2nd freeswitch
<!-- Dial to Freeswitch2 -->
<extension name="Freeswitch2">
<condition field="destination_number" expression="^8001$">
<action application="set" data="effective_caller_id_number=xxxxxxx"/>
<action application="bridge"
data="sofia/gateway/freeswitch2/1003@xxx.xxx.xxx.56"/>
</condition>
</extension>
Gateway:

dialplan/public.xml for inbound
<extension name="freeswitch2"> <!-- your provider or any name you'd like
to call it -->
<condition field="destination_number" expression="xxxxxxxx"> <!-- your
DID for this gateway-->
<action application="transfer" data="$1 XML default"/>
</condition>
</extension>

Register on FS 2 as UA1007
external/example.xml
<gateway name="freeswitch2">
<param name="username" value="1007"/>
<param name="realm" value="xxx.xxx.xxx.56"/>
<param name="password" value="1234"/>
<param name="register" value="true"/>
<param name="register-transport" value="tls"/>
<param name="retry_seconds" value="30"/>
</gateway>

On Server2
dialplan/default.xml
<extension name="8001">
<condition field="destination_number" expression="^8001$">
<action application="set" data="ruri_profile=default"/>
<action application="set" data="ruri_user=2000"/>
<action application="set" data="ruri_contact=1003@$${domain}"/>
<action application="execute_extension" data="ruri"/>
</condition>
</extension>

When I try to connect the call, on server1 I see:
2008-08-27 01:37:28 [DEBUG] switch_core_state_machine.c:140
switch_core_standard_on_execute() sofia/internal/1002@xxx.xxx.xxx.55
Execute bridge(sofia/gateway/freeswitch2/1003@xxx.xxx.xxx.56)
2008-08-27 01:37:28 [ERR] mod_sofia.c:1864 sofia_outgoing_channel()
Invalid Gateway
2008-08-27 01:37:28 [NOTICE] mod_sofia.c:2055 sofia_outgoing_channel()
Close Channel N/A [CS_NEW]
2008-08-27 01:37:28 [ERR] switch_ivr_originate.c:926
switch_ivr_originate() Cannot create outgoing channel of type [sofia]
cause: [INVALID_NUMBER_FORMAT]

The only thing I changed in external/example.xml was setting transport
to TLS
<param name="register-transport" value="tls"/>
I also tried to modify proxy and register proxy (added ;transport=tls)
in the gateway settings but no scuccess.

Is there anything more to do?

Best regards
Peter

Peter P GMX schrieb:
Quote:
Hello,

did anyone manage to get a TLS and SRTP connection working between 2
Freeswitch servers?

For my understanding Freeswitch should just behave like a normal UA. So
TLS and SRTP should also be possible, when routing calls between 2 FS
servers, hein?

Maybe someone may also post a sample configuration?

Thanks for your support.

Best regards
Peter






_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
brian at freeswitch.org
Guest





PostPosted: Tue Aug 26, 2008 5:04 pm    Post subject: [Freeswitch-users] TLS and SRTP between 2 Freeswitch servers Reply with quote

You Append ;transport=tls on the sofia string which is much easier.

/b



On Aug 26, 2008, at 4:51 PM, Peter P GMX wrote:

Quote:
I have tried to set this up, but I need some help to get TLS to work

What does work:
I setup 2 freeswitch servers with IP xxx.xxx.xxx.55 and xxx.xxx.xxx.
56.
They are connected via UDP/Port 5060 (SIP)
I have 2 snom phones connected to the servers via TLS (1002@
xxx.xxx.xxx.55 and 1003@ xxx.xxx.xxx.56)
Server1 registers to Server2 as UA 1007
I can dial "8001" on 1002@server and reach 1003@server2 and make a
call


_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Prometheus001 at gmx.net
Guest





PostPosted: Wed Aug 27, 2008 3:26 pm    Post subject: [Freeswitch-users] TLS and SRTP between 2 Freeswitch servers Reply with quote

Hello Brian,

I tried to set ;transport=tls on the sofia string and it showed me an
invalid gateway

So I checked the gateway: server1 is not registered on server2
freeswitch@freeswitch> sofia status gateway freeswitch2
API CALL [sofia(status gateway freeswitch2)] output:
Invalid Gateway!

When I set the register-transport parameter back from tls to udp on
server1 I get
freeswitch@freeswitch> sofia status gateway freeswitch2
API CALL [sofia(status gateway freeswitch2)] output:
=================================================================================================
Name freeswitch2
Scheme Digest
Realm xxx.xxx.xxx.56
Username 1007
Password yes
From <sip:1007@xxx.xxx.xxx.56;transport=udp>
Contact <sip:1007@xxx.xxx.xxx.55;transport=udp>
To sip:1007@xxx.xxx.xxx.56
Proxy sip:xxx.xxx.xxx.56
Context default
Expires 3600
Freq 3600
Ping 0
PingFreq 0
State REGED
Status UP
==============================
I ngrepped the traffic between server1 and server2 and could see that
there was traffic on port 5060.

Switching back to TLS it didn't work again.
<param name="register-transport" value="tls"/>
I ngrepped the traffic between server1 and server2 on all ports and
could see that there was absolutely no traffic between them.

So, as soon as I enter tls instead of upd, the traffic stops.
Any hint?

Best regards
Peter



Brian West schrieb:
Quote:
You Append ;transport=tls on the sofia string which is much easier.

/b



On Aug 26, 2008, at 4:51 PM, Peter P GMX wrote:


Quote:
I have tried to set this up, but I need some help to get TLS to work

What does work:
I setup 2 freeswitch servers with IP xxx.xxx.xxx.55 and xxx.xxx.xxx.
56.
They are connected via UDP/Port 5060 (SIP)
I have 2 snom phones connected to the servers via TLS (1002@
xxx.xxx.xxx.55 and 1003@ xxx.xxx.xxx.56)
Server1 registers to Server2 as UA 1007
I can dial "8001" on 1002@server and reach 1003@server2 and make a
call



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
brian at freeswitch.org
Guest





PostPosted: Wed Aug 27, 2008 3:59 pm    Post subject: [Freeswitch-users] TLS and SRTP between 2 Freeswitch servers Reply with quote

You add it to the bridge line

<action application="bridge" data="sofia/blah/blah@blah;transport=tls"/>


/b


On Wed, Aug 27, 2008 at 3:24 PM, Peter P GMX <Prometheus001@gmx.net (Prometheus001@gmx.net)> wrote:
Quote:
Hello Brian,

I tried to set ;transport=tls on the sofia string and it showed me an
invalid gateway

So I checked the gateway: server1 is not registered on server2
freeswitch@freeswitch> sofia status gateway freeswitch2
API CALL [sofia(status gateway freeswitch2)] output:
Invalid Gateway!

When I set the register-transport parameter back from tls to udp on
server1 I get
freeswitch@freeswitch> sofia status gateway freeswitch2
API CALL [sofia(status gateway freeswitch2)] output:
=================================================================================================
Name freeswitch2
Scheme Digest
Realm xxx.xxx.xxx.56
Username 1007
Password yes
From <sip:1007@xxx.xxx.xxx.56;transport=udp>
Contact <sip:1007@xxx.xxx.xxx.55;transport=udp>
To sip:1007@xxx.xxx.xxx.56
Proxy sip:xxx.xxx.xxx.56
Context default
Expires 3600
Freq 3600
Ping 0
PingFreq 0
State REGED
Status UP
==============================
I ngrepped the traffic between server1 and server2 and could see that
there was traffic on port 5060.

Switching back to TLS it didn't work again.
<param name="register-transport" value="tls"/>

I ngrepped the traffic between server1 and server2 on all ports and
could see that there was absolutely no traffic between them.

So, as soon as I enter tls instead of upd, the traffic stops.
Any hint?

Best regards
Peter



Brian West schrieb:

Quote:
You Append ;transport=tls on the sofia string which is much easier.

/b



On Aug 26, 2008, at 4:51 PM, Peter P GMX wrote:


Quote:
I have tried to set this up, but I need some help to get TLS to work

What does work:
I setup 2 freeswitch servers with IP xxx.xxx.xxx.55 and xxx.xxx.xxx.
56.
They are connected via UDP/Port 5060 (SIP)
I have 2 snom phones connected to the servers via TLS (1002@
xxx.xxx.xxx.55 and 1003@ xxx.xxx.xxx.56)
Server1 registers to Server2 as UA 1007
I can dial "8001" on 1002@server and reach 1003@server2 and make a
call






Quote:
_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org (Freeswitch-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org (Freeswitch-users@lists.freeswitch.org)
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org


Back to top
Prometheus001 at gmx.net
Guest





PostPosted: Fri Aug 29, 2008 4:41 pm    Post subject: [Freeswitch-users] TLS and SRTP between 2 Freeswitch servers Reply with quote

Hello Brian,

any idea, when we can expect a fix for that?

Best regards
Peter

Brian West schrieb:
Quote:
I just realized this is a gateway call... that will have to be fixed.

/b

On Aug 27, 2008, at 3:24 PM, Peter P GMX wrote:

Quote:
Hello Brian,

I tried to set ;transport=tls on the sofia string and it showed me an
invalid gateway

So I checked the gateway: server1 is not registered on server2
freeswitch@freeswitch> sofia status gateway freeswitch2
API CALL [sofia(status gateway freeswitch2)] output:
Invalid Gateway!

When I set the register-transport parameter back from tls to udp on
server1 I get
freeswitch@freeswitch> sofia status gateway freeswitch2
API CALL [sofia(status gateway freeswitch2)] output:
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
======================================================================
Name freeswitch2
Scheme Digest
Realm xxx.xxx.xxx.56
Username 1007
Password yes
From <sip:1007@xxx.xxx.xxx.56;transport=udp>
Contact <sip:1007@xxx.xxx.xxx.55;transport=udp>
To sip:1007@xxx.xxx.xxx.56
Proxy sip:xxx.xxx.xxx.56
Context default
Expires 3600
Freq 3600
Ping 0
PingFreq 0
State REGED
Status UP
==============================
I ngrepped the traffic between server1 and server2 and could see that
there was traffic on port 5060.

Switching back to TLS it didn't work again.
<param name="register-transport" value="tls"/>
I ngrepped the traffic between server1 and server2 on all ports and
could see that there was absolutely no traffic between them.

So, as soon as I enter tls instead of upd, the traffic stops.
Any hint?

Best regards
Peter



Brian West schrieb:
Quote:
You Append ;transport=tls on the sofia string which is much easier.

/b



On Aug 26, 2008, at 4:51 PM, Peter P GMX wrote:


Quote:
I have tried to set this up, but I need some help to get TLS to work

What does work:
I setup 2 freeswitch servers with IP xxx.xxx.xxx.55 and xxx.xxx.xxx.
56.
They are connected via UDP/Port 5060 (SIP)
I have 2 snom phones connected to the servers via TLS (1002@
xxx.xxx.xxx.55 and 1003@ xxx.xxx.xxx.56)
Server1 registers to Server2 as UA 1007
I can dial "8001" on 1002@server and reach 1003@server2 and make a
call



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users

http://www.freeswitch.org



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

Brian West
sip:brian@freeswitch.org




_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
brian at freeswitch.org
Guest





PostPosted: Fri Aug 29, 2008 4:46 pm    Post subject: [Freeswitch-users] TLS and SRTP between 2 Freeswitch servers Reply with quote

Open a Jira on this. SO we can track it at jira.freeswitch.org i'm
not sure what is required but it should work like it is. The
transport=tls won't work on gateways because you set the transport in
the gateway config.

/b

On Aug 29, 2008, at 4:38 PM, Peter P GMX wrote:

Quote:
Hello Brian,

any idea, when we can expect a fix for that?

Best regards
Peter

Brian West
sip:brian@freeswitch.org







_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Prometheus001 at gmx.net
Guest





PostPosted: Fri Aug 29, 2008 5:24 pm    Post subject: [Freeswitch-users] TLS and SRTP between 2 Freeswitch servers Reply with quote

Hello Brian,

did I get it right? There is another way to have TLS and SRTP working
between 2 Freeswitch servers not using a gateway? Is there another way
to forward the call with TLS/SRTP?

Btw. I have opened a jira on this.
http://jira.freeswitch.org/browse/FSCORE-178

Best regards Peter

Brian West schrieb:
Quote:
Open a Jira on this. SO we can track it at jira.freeswitch.org i'm
not sure what is required but it should work like it is. The
transport=tls won't work on gateways because you set the transport in
the gateway config.

/b

On Aug 29, 2008, at 4:38 PM, Peter P GMX wrote:


Quote:
Hello Brian,

any idea, when we can expect a fix for that?

Best regards
Peter


Brian West
sip:brian@freeswitch.org







_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
brian at freeswitch.org
Guest





PostPosted: Fri Aug 29, 2008 5:33 pm    Post subject: [Freeswitch-users] TLS and SRTP between 2 Freeswitch servers Reply with quote

Please try what I put on that jira and let me know if that works....
I'll update the documentation once its verified.

/b

On Aug 29, 2008, at 5:23 PM, Peter P GMX wrote:

Quote:
Hello Brian,

did I get it right? There is another way to have TLS and SRTP working
between 2 Freeswitch servers not using a gateway? Is there another way
to forward the call with TLS/SRTP?

Btw. I have opened a jira on this.
http://jira.freeswitch.org/browse/FSCORE-178

Best regards Peter

Brian West schrieb:
Quote:
Open a Jira on this. SO we can track it at jira.freeswitch.org i'm
not sure what is required but it should work like it is. The
transport=tls won't work on gateways because you set the transport in
the gateway config.

/b

On Aug 29, 2008, at 4:38 PM, Peter P GMX wrote:


Quote:
Hello Brian,

any idea, when we can expect a fix for that?

Best regards
Peter


Brian West
sip:brian@freeswitch.org







_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org



_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

Brian West
sip:brian@freeswitch.org







_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
brian at freeswitch.org
Guest





PostPosted: Tue Sep 02, 2008 2:52 am    Post subject: [Freeswitch-users] TLS and SRTP between 2 Freeswitch servers Reply with quote

Peter,
Now that you have this working can you work up a page on the wiki
that explains this in detail? Also forward me a copy of your gateway
config so I can update the in tree examples with more detailed
information.

/b

On Aug 29, 2008, at 5:23 PM, Peter P GMX wrote:

Quote:
Hello Brian,

did I get it right? There is another way to have TLS and SRTP working
between 2 Freeswitch servers not using a gateway? Is there another way
to forward the call with TLS/SRTP?

Btw. I have opened a jira on this.
http://jira.freeswitch.org/browse/FSCORE-178

Best regards Peter


_______________________________________________
Freeswitch-users mailing list
Freeswitch-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org
Back to top
Display posts from previous:   
Post new topic   Reply to topic    VoIP Mailing List Archives Forum Index -> freeSWITCH Users All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

VoiceMeUp - Corporate & Wholesale VoIP Services