Yep this client is broken. You should NEVER offer crypto in the RTP/AVP. There are two ways to do this... Only offer RTP/SAVP or offer two m= lines. one with RTP/ AVP and one with RTP/SAVP. m=audio 0 RTP/AVP 19 indicates the stack rejected the offer because its invalid.
RFC 3711 clearly states that SRTP is RTP/SAVP. If you have a contact at the company that makes the client maybe we can get them to fix it? The Polycom is the only phone that does this little tid bit correctly. Let me outline what it should look like and this is one people will argue about till the cows come home... On but optional/preferred: v=0 o=root 1130561626 1130561626 IN IP4 10.0.1.241 s=call c=IN IP4 10.0.1.241 t=0 0 m=audio 52970 RTP/SAVP 9 0 8 2 3 18 4 101 a=rtpmap:9 g722/8000 a=rtpmap:0 pcmu/8000 a=rtpmap:8 pcma/8000 a=rtpmap:2 g726-32/8000 a=rtpmap:3 gsm/8000 a=rtpmap:18 g729/8000 a=rtpmap:4 g723/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:WvPreyjK82pM0I5vtUY2zkpIKPbRVSKH1QcPrsWP a=ptime:60 m=audio 52970 RTP/AVP 9 0 8 2 3 18 4 101 a=rtpmap:9 g722/8000 a=rtpmap:0 pcmu/8000 a=rtpmap:8 pcma/8000 a=rtpmap:2 g726-32/8000 a=rtpmap:3 gsm/8000 a=rtpmap:18 g729/8000 a=rtpmap:4 g723/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=ptime:60 On Manditory: v=0 o=root 1130561626 1130561626 IN IP4 10.0.1.241 s=call c=IN IP4 10.0.1.241 t=0 0 m=audio 52970 RTP/SAVP 9 0 8 2 3 18 4 101 a=rtpmap:9 g722/8000 a=rtpmap:0 pcmu/8000 a=rtpmap:8 pcma/8000 a=rtpmap:2 g726-32/8000 a=rtpmap:3 gsm/8000 a=rtpmap:18 g729/8000 a=rtpmap:4 g723/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:WvPreyjK82pM0I5vtUY2zkpIKPbRVSKH1QcPrsWP a=ptime:60 Off not offered/Not Supported: v=0 o=root 1130561626 1130561626 IN IP4 10.0.1.241 s=call c=IN IP4 10.0.1.241 t=0 0 m=audio 52970 RTP/AVP 9 0 8 2 3 18 4 101 a=rtpmap:9 g722/8000 a=rtpmap:0 pcmu/8000 a=rtpmap:8 pcma/8000 a=rtpmap:2 g726-32/8000 a=rtpmap:3 gsm/8000 a=rtpmap:18 g729/8000 a=rtpmap:4 g723/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=ptime:60 /b On Apr 23, 2008, at 3:21 PM, Krzysiek wrote: > Sorry for such a long post here :). I was using wireshark and it > looks like this (the 4 most important messages) : > ============================================== > Initiator (192.168.1.5) -> Freeswitch( 192.168.1.3): > ---------------------------------------------- > INVITE sip:[EMAIL PROTECTED] SIP/2.0 > Via: SIP/2.0/UDP > 192.168.1.5:5060;branch=z9hG4bK001834b8b20fdd11b704000fb0e3cf84;rport > From: "Tosh" <sip:[EMAIL PROTECTED]>;tag=370855464 > To: <sip:[EMAIL PROTECTED]> > Call-ID: [EMAIL PROTECTED] > CSeq: 98361155 INVITE > Contact: <sip:[EMAIL PROTECTED]:5060> > Proxy-Authorization: (...) > Content-Type: application/sdp > Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE, > UPDATE > Max-Forwards: 70 > Supported: 100rel, replaces > User-Agent: SIPPER for PhonerLite > Content-Length: 446 > > v=0 > o=- 1232061542 0 IN IP4 192.168.1.5 > s=SIPPER for PhonerLite > c=IN IP4 192.168.1.5 > t=0 0 > m=audio 5062 RTP/AVP 0 8 2 3 97 110 101 > a=rtpmap:0 PCMU/8000 > a=rtpmap:8 PCMA/8000 > a=rtpmap:2 G726-32/8000 > a=rtpmap:3 GSM/8000 > a=rtpmap:97 iLBC/8000 > a=rtpmap:110 speex/8000 > a=rtpmap:101 telephone-event/8000 > a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline: > 3dhne7Il7YqlVZAdnLVgdhngndKXXoNZm7v4/wwC > a=encryption:optional > a=fmtp:101 0-15 > a=sendrecv > ---------------------------------------------------- > Freeswitch -> Receiver (192.168.1.4) > > INVITE sip:[EMAIL PROTECTED]:5060 SIP/2.0 > Via: SIP/2.0/UDP 192.168.1.3;rport;branch=z9hG4bKeeFDH2FB5j0Dj > Max-Forwards: 69 > From: "Extension 1002" <sip:[EMAIL PROTECTED]>;tag=ND0tXZH5Qe0aD > To: <sip:[EMAIL PROTECTED]:5060> > Call-ID: fa523794-8be7-122b-2780-39a48cb53b8d > CSeq: 98362890 INVITE > Contact: <sip:[EMAIL PROTECTED]:5060> > User-Agent: FreeSWITCH-mod_sofia/1.0.rc1-7946 > Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, > NOTIFY, REFER, UPDATE, REGISTER, INFO, PUBLISH > Supported: 100rel, precondition, timer > Min-SE: 120 > Content-Type: application/sdp > Content-Disposition: session > Content-Length: 428 > Remote-Party-ID: "Extension 1002" <sip: > [EMAIL PROTECTED]>;screen=yes;privacy=off > > v=0 > o=FreeSWITCH 5985117983522540515 5861368874018127564 IN IP4 > 192.168.1.3 > s=FreeSWITCH > c=IN IP4 192.168.1.3 > t=0 0 > a=sendrecv > m=audio 26382 RTP/SAVP 0 9 8 3 101 13 > a=rtpmap:0 PCMU/8000 > a=rtpmap:9 G722/8000 > a=rtpmap:8 PCMA/8000 > a=rtpmap:3 GSM/8000 > a=rtpmap:101 telephone-event/8000 > a=fmtp:101 0-16 > a=rtpmap:13 CN/8000 > a=ptime:20 > a=crypto:1 AES_CM_128_HMAC_SHA1_32 inline:C/ > XV148O1ZQ0V3LEpByfrFCRL7PGtFDJLcjTCwwV > > ------------------------------------------------ > Receiver -> Freeswitch > > SIP/2.0 200 OK > Via: SIP/2.0/UDP 192.168.1.3;rport=5060;branch=z9hG4bKeeFDH2FB5j0Dj > From: "Extension 1002" <sip:[EMAIL PROTECTED]>;tag=ND0tXZH5Qe0aD > To: <sip:[EMAIL PROTECTED]:5060>;tag=00c93cd1b20fdd11886f00b0d0b8ce20 > Call-ID: fa523794-8be7-122b-2780-39a48cb53b8d > CSeq: 98362890 INVITE > Contact: <sip:[EMAIL PROTECTED]:5060> > Content-Type: application/sdp > Allow: INVITE, OPTIONS, ACK, BYE, CANCEL, INFO, NOTIFY, MESSAGE, > UPDATE > Supported: replaces, timer > User-Agent: SIPPER for PhonerLite > Content-Length: 258 > > v=0 > o=- 3139884392 1 IN IP4 192.168.1.4 > s=SIPPER for PhonerLite > c=IN IP4 192.168.1.4 > t=0 0 > m=audio 5062 RTP/SAVP 0 8 3 101 > a=rtpmap:0 PCMU/8000 > a=rtpmap:8 PCMA/8000 > a=rtpmap:3 GSM/8000 > a=rtpmap:101 telephone-event/8000 > a=fmtp:101 0-15 > a=sendrecv > ------------------------------------------------ > Freeswitch -> Initiator > > SIP/2.0 200 OK > Via: SIP/2.0/UDP > 192.168.1.5 > :5060;branch=z9hG4bK001834b8b20fdd11b704000fb0e3cf84;rport=5060 > From: "Tosh" <sip:[EMAIL PROTECTED]>;tag=370855464 > To: <sip:[EMAIL PROTECTED]>;tag=m461U401t59QH > Call-ID: [EMAIL PROTECTED] > CSeq: 98361155 INVITE > Contact: <sip:[EMAIL PROTECTED]:5060;transport=udp> > User-Agent: FreeSWITCH-mod_sofia/1.0.rc1-7946 > Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, MESSAGE, SUBSCRIBE, > NOTIFY, REFER, UPDATE, REGISTER, INFO, PUBLISH > Supported: 100rel, precondition, timer > Min-SE: 120 > Content-Type: application/sdp > Content-Disposition: session > Content-Length: 155 > > v=0 > o=FreeSWITCH 5425860535457980718 3341838566411422164 IN IP4 > 192.168.1.3 > s=FreeSWITCH > c=IN IP4 192.168.1.3 > t=0 0 > a=sendrecv > m=audio 0 RTP/AVP 19 > > ================================================= > > And voice traffic looks like this: > > Reciever -> Freeswitch SRTP > Freeswitch -> Initiator RTP > > I hope this will explain everything. I have also a wireshark pcap > file from this call (but i don't know where and how to send it). > Thanks for help > Chris > ----- Original Message ----- > From: Michael Jerris > To: [email protected] > Sent: Wednesday, April 23, 2008 9:11 PM > Subject: Re: [Freeswitch-users] SRTP in PhonerLite and Freeswitch > > Can you post a sip trace of this entire call, the 19 means we are > rejecting that m= line, are there 2 m lines, AVP and SAVP to > indicate optional secure? > > Mike > > On Apr 23, 2008, at 3:01 PM, Krzysiek wrote: >> Hi >> I have 2 softphones PhonerLite (they support SRTP via SDES ) and >> the freeswitch (windows RC1 version) server and I wanted to make >> secure call between those two endpoints (SRTP). >> I spend whole day on testing this scenario and my conclusions are: >> - when the option: <action application="export" >> data="sip_secure_media=true"/> is uncommented, and both enpoints >> have enabled SRTP then: >> 1) Initiator of the session sends SIP Invite with a=crypto paramter >> and supported codecs >> 2) Freeswitch receives SIP Invite and sends SIP Invite to the >> receiver (also with the crypto) >> 3) Receiver receives the SIP Invite with the a=crypto parameter and >> he sends back supported codecs with 200 OK message (but without >> a=crypto parametr. Is that ok? I'm afraid not) >> 4) Freeswitch sends 200 OK message but witout any codecs: m=audio 0 >> RTP/AVP 19 and no a= parameters! >> 5) Final result is that the second leg of the session between >> Freeswitch and receiver has SRTP transport enbaled and the first >> leg (initiator- Freeswitch) doesn't hear anything - no codecs! >> However Freeswitch is sending RTP (not SRTP) pacekets to the >> initiator. >> >> Could someone explain to me, what is going on, and why freeswitch >> doesn't forward codecs accepted by the receiver to the initiator? >> Is it a PhonerLite's bug or freeswitch's? Maybe someone has tested >> SRTP with the PhonerLite softphone or any other free softphone with >> srtp support? >> >> When I uncommented: <param name="Inbound-no-media" value="true"> >> everything works fine. The parameter <action application="export" >> data="sip_secure_media=true"/> doesn't change anything then (but i >> cound miss something). >> >> Thanks for help >> Chris >> _______________________________________________ >> Freeswitch-users mailing list >> [email protected] >> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users >> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users >> http://www.freeswitch.org > > > > _______________________________________________ > Freeswitch-users mailing list > [email protected] > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org > _______________________________________________ > Freeswitch-users mailing list > [email protected] > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users > http://www.freeswitch.org Brian West sip:[EMAIL PROTECTED] _______________________________________________ Freeswitch-users mailing list [email protected] http://lists.freeswitch.org/mailman/listinfo/freeswitch-users UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users http://www.freeswitch.org
