VoIP Mailing List Archives

[aina.mestre at airenet...]

Good morning,

I’m trying to configure SRTP with TLS on Freeswitch. I already have SRTP, and I can establish a conversation with TLS, but when I make a call, it says “encrypted alert” and the TLS conversation stops sending the INVITE in TCP. I have been looking for some solutions and it states that the problema may be that the certificate is not properly configured or that TLS is not properly configured. It is imposible that the certificate has any problems because I currently get TLS untill the call starts.

Here it is the configuration on my profile:


<param name='rtp_secure_media' value='mandatory: AES_CM_128_HMAC_SHA1_80'/>
<param name='bind-params" value="tls"/>
<param name='tls-version' value='tlsv1'/>
<param name='register-transport' value='tls'/>
<param name="register" value="false"/>
<param name="transport" value="tls"/>
<param name="tls" value="$${internal_ssl_enable}"/>
<param name="tls-only" value="true"/>
<param name="tls-bind-params" value="transport=tls"/>
<param name="tls-sip-port" value="$${internal_tls_port}"/>
<param name="tls-cert-dir" value="/usr/local/freeswitch/conf"/>
<param name="tls-verify-date" value="true"/>
<param name="tls-verify-policy" value="none"/>
<param name="tls-version" value="$${sip_tls_version}"/>
<param name="tls-ciphers" value="$${sip_tls_ciphers}"/>
<param name="contact-params" value="tport=tls"/>
<param name="ws-binding" value="XX.XX.XX.XX:5061"/>

Also, I would like to make another observation: when I configure the bridge has transport=TLS ( <action application="bridge" data="{${t38}}${mydialbridge};transport=tls"/>) in the dialplan, the debug says “TLS not supported by profile”

Thank you for taking the time to deal with my queries

Kind regards.

[brian at freeswitch.com]

This is a variable: <param name='rtp_secure_media' value='mandatory: AES_CM_128_HMAC_SHA1_80'/>



NOT A PARAM.


/b




On Mon, Sep 26, 2022 at 9:09 AM Aina Mestre <aina.mestre@airenetworks.es (aina.mestre@airenetworks.es)> wrote:

[aina.mestre at airenet...]

Good morning,

I have just corrected what you comment, but that didn’t solve my problem. My problem is that the SIP protocol is not encrypted so even if the RTP is encrypted, you can see all INVITE information on wireshark. I tryed to solve it adding in the dialplan
<action application="bridge" data="{${t38}}${mydialbridge};transport=tls"/>)

But the result I get is an error that says “TLS not supported by profile”

Thank you in advance

De: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org> En nombre de Brian West
Enviado el: lunes, 26 de septiembre de 2022 17:33
Para: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org>
CC: Pablo Pizarro <pablo.pizarro@airenetworks.es>
Asunto: Re: [Freeswitch-users] TLS stops when a call is enabled



Este e-mail fue originado fuera de Aire Networks. Ayúdanos a mantener segura nuestra empresa. Por favor, extrema las medidas de seguridad con los adjuntos, los enlaces o las solicitudes que pueda contener.


This is a variable:
<param name='rtp_secure_media' value='mandatory: AES_CM_128_HMAC_SHA1_80'/>



NOT A PARAM.



/b





On Mon, Sep 26, 2022 at 9:09 AM Aina Mestre <aina.mestre@airenetworks.es (aina.mestre@airenetworks.es)> wrote:

[piotr at dataandsignal...]

Hi Aina,

Check if TLS is enabled on your profile with sofia status profile x
Also, you may find something in log, possibly some errors on profile start.


best,


[img]https://ci3.googleusercontent.com/mail-sig/AIorK4wE8rSMg277YOGBrgEQayYWXH2G53bMgBu7uf-k-vU6x5SD1T6YWorVfbkDegPbnXcFyHwBODg[/img]



Piotr Gregor
Software Engineer


M: (+44) 07483 866 525     L: (+44) 01256 597 470     www: dataandsignal.com























On Tue, Sep 27, 2022 at 8:01 AM Aina Mestre <aina.mestre@airenetworks.es (aina.mestre@airenetworks.es)> wrote:

[aina.mestre at airenet...]

I already checked that and i have TLS on profile:



And when i initialize the profile I don’t get any error, only when i make a call


De: FreeSWITCH-users <freeswitch-users-bounces@lists.freeswitch.org> En nombre de Piotr Gregor
Enviado el: martes, 27 de septiembre de 2022 10:10
Para: FreeSWITCH Users Help <freeswitch-users@lists.freeswitch.org>
CC: Pablo Pizarro <pablo.pizarro@airenetworks.es>
Asunto: Re: [Freeswitch-users] TLS stops when a call is enabled



Este e-mail fue originado fuera de Aire Networks. Ayúdanos a mantener segura nuestra empresa. Por favor, extrema las medidas de seguridad con los adjuntos, los enlaces o las solicitudes que pueda contener.


Hi Aina,


Check if TLS is enabled on your profile with
sofia status profile x

Also, you may find something in log, possibly some errors on profile start.



best,




[img]https://ci3.googleusercontent.com/mail-sig/AIorK4wE8rSMg277YOGBrgEQayYWXH2G53bMgBu7uf-k-vU6x5SD1T6YWorVfbkDegPbnXcFyHwBODg[/img]



Piotr Gregor

Software Engineer



M: (+44) 07483 866 525 L: (+44) 01256 597 470 www: dataandsignal.com
























On Tue, Sep 27, 2022 at 8:01 AM Aina Mestre <aina.mestre@airenetworks.es (aina.mestre@airenetworks.es)> wrote: