VoIP Mailing List Archives

[Prometheus001 at gmx.net]

I have tried to set this up, but I need some help to get TLS to work

What does work:
I setup 2 freeswitch servers with IP xxx.xxx.xxx.55 and xxx.xxx.xxx.56.
They are connected via UDP/Port 5060 (SIP)
I have 2 snom phones connected to the servers via TLS (1002@
xxx.xxx.xxx.55 and 1003@ xxx.xxx.xxx.56)
Server1 registers to Server2 as UA 1007
I can dial "8001" on 1002@server and reach 1003@server2 and make a call

What doesn't work
If I try to change the communication to TLS/SRTP between the 2 servers
it fails (I think due to missing knowledge on my side)

here is my conf:
FS Server 1
dialplan/default.xml: Route 8001 to 2nd freeswitch
<!-- Dial to Freeswitch2 -->
<extension name="Freeswitch2">
<condition field="destination_number" expression="^8001$">
<action application="set" data="effective_caller_id_number=xxxxxxx"/>
<action application="bridge"
data="sofia/gateway/freeswitch2/1003@xxx.xxx.xxx.56"/>
</condition>
</extension>
Gateway:

dialplan/public.xml for inbound
<extension name="freeswitch2"> <!-- your provider or any name you'd like
to call it -->
<condition field="destination_number" expression="xxxxxxxx"> <!-- your
DID for this gateway-->
<action application="transfer" data="$1 XML default"/>
</condition>
</extension>

Register on FS 2 as UA1007
external/example.xml
<gateway name="freeswitch2">
<param name="username" value="1007"/>
<param name="realm" value="xxx.xxx.xxx.56"/>
<param name="password" value="1234"/>
<param name="register" value="true"/>
<param name="register-transport" value="tls"/>
<param name="retry_seconds" value="30"/>
</gateway>

On Server2
dialplan/default.xml
<extension name="8001">
<condition field="destination_number" expression="^8001$">
<action application="set" data="ruri_profile=default"/>
<action application="set" data="ruri_user=2000"/>
<action application="set" data="ruri_contact=1003@$${domain}"/>
<action application="execute_extension" data="ruri"/>
</condition>
</extension>

When I try to connect the call, on server1 I see:
2008-08-27 01:37:28 [DEBUG] switch_core_state_machine.c:140
switch_core_standard_on_execute() sofia/internal/1002@xxx.xxx.xxx.55
Execute bridge(sofia/gateway/freeswitch2/1003@xxx.xxx.xxx.56)
2008-08-27 01:37:28 [ERR] mod_sofia.c:1864 sofia_outgoing_channel()
Invalid Gateway
2008-08-27 01:37:28 [NOTICE] mod_sofia.c:2055 sofia_outgoing_channel()
Close Channel N/A [CS_NEW]
2008-08-27 01:37:28 [ERR] switch_ivr_originate.c:926
switch_ivr_originate() Cannot create outgoing channel of type [sofia]
cause: [INVALID_NUMBER_FORMAT]

The only thing I changed in external/example.xml was setting transport
to TLS
<param name="register-transport" value="tls"/>
I also tried to modify proxy and register proxy (added ;transport=tls)
in the gateway settings but no scuccess.

Is there anything more to do?

Best regards
Peter

Peter P GMX schrieb:

[brian at freeswitch.org]

You Append ;transport=tls on the sofia string which is much easier.

/b



On Aug 26, 2008, at 4:51 PM, Peter P GMX wrote:

[Prometheus001 at gmx.net]

Hello Brian,

I tried to set ;transport=tls on the sofia string and it showed me an
invalid gateway

So I checked the gateway: server1 is not registered on server2
freeswitch@freeswitch> sofia status gateway freeswitch2
API CALL [sofia(status gateway freeswitch2)] output:
Invalid Gateway!

When I set the register-transport parameter back from tls to udp on
server1 I get
freeswitch@freeswitch> sofia status gateway freeswitch2
API CALL [sofia(status gateway freeswitch2)] output:
=================================================================================================
Name freeswitch2
Scheme Digest
Realm xxx.xxx.xxx.56
Username 1007
Password yes
From <sip:1007@xxx.xxx.xxx.56;transport=udp>
Contact <sip:1007@xxx.xxx.xxx.55;transport=udp>
To sip:1007@xxx.xxx.xxx.56
Proxy sip:xxx.xxx.xxx.56
Context default
Expires 3600
Freq 3600
Ping 0
PingFreq 0
State REGED
Status UP
==============================
I ngrepped the traffic between server1 and server2 and could see that
there was traffic on port 5060.

Switching back to TLS it didn't work again.
<param name="register-transport" value="tls"/>
I ngrepped the traffic between server1 and server2 on all ports and
could see that there was absolutely no traffic between them.

So, as soon as I enter tls instead of upd, the traffic stops.
Any hint?

Best regards
Peter



Brian West schrieb:

[brian at freeswitch.org]

You add it to the bridge line

<action application="bridge" data="sofia/blah/blah@blah;transport=tls"/>


/b


On Wed, Aug 27, 2008 at 3:24 PM, Peter P GMX <Prometheus001@gmx.net (Prometheus001@gmx.net)> wrote:

[Prometheus001 at gmx.net]

Hello Brian,

any idea, when we can expect a fix for that?

Best regards
Peter

Brian West schrieb:

[brian at freeswitch.org]

Open a Jira on this. SO we can track it at jira.freeswitch.org i'm
not sure what is required but it should work like it is. The
transport=tls won't work on gateways because you set the transport in
the gateway config.

/b

On Aug 29, 2008, at 4:38 PM, Peter P GMX wrote:

[Prometheus001 at gmx.net]

Hello Brian,

did I get it right? There is another way to have TLS and SRTP working
between 2 Freeswitch servers not using a gateway? Is there another way
to forward the call with TLS/SRTP?

Btw. I have opened a jira on this.
http://jira.freeswitch.org/browse/FSCORE-178

Best regards Peter

Brian West schrieb:

[brian at freeswitch.org]

Please try what I put on that jira and let me know if that works....
I'll update the documentation once its verified.

/b

On Aug 29, 2008, at 5:23 PM, Peter P GMX wrote:

[brian at freeswitch.org]

Peter,
Now that you have this working can you work up a page on the wiki
that explains this in detail? Also forward me a copy of your gateway
config so I can update the in tree examples with more detailed
information.

/b

On Aug 29, 2008, at 5:23 PM, Peter P GMX wrote: