Hi, the rtpengine cannot negotiate SRTP between the two points, both must support the same cryptography and protocol. eg; SRTP to SRTP , DTLS/SRTP to DTLS/SRTP cipher 128 to 128 and 256 to 256.
You can print the request body ($rb) on the INVITE with “application/sdp” and visually compare the exchange, do this on offer and answer. From: John Nash Sent: Thursday, June 23, 2016 3:42 PM To: OpenSIPS users mailling list Subject: Re: [OpenSIPS-Users] Opensips + rtpengine + Sipml5 webrtc Actually the issue is i hear no audio on either side and just after session progress (I guess when media starts coming from remote media server) i see error "SRTP output wanted, but no crypto suite was negotiated" I had also checked media logs i could see RTP packets being sent from freeswitch to RTPengine IP but there was no packet at all just after that. Ideally after RTP packet from freeswitch to rtpengine, Rtpengine should send that packet to browser using wss? On Fri, Jun 24, 2016 at 1:05 AM, Eric Tamme <[email protected]> wrote: So - i dont see a problem here - Chrome is getting UDP/TLS/RTP/SAVPF and Freeswitch is getting RTP/AVP. Freeswitch responded to the offer in the invite with an answer in the 183, and in the 200. What is the failure you are seeing, and where is it happening (in freeswitch? in the browser?) The only thing that looks bad is that you are retransmitting the ACK which FS either ... doesnt like, or is never getting, because it keeps retransmitting the 200, which is why you get a 481 when you send BYE. -Eric On 06/23/2016 01:24 PM, John Nash wrote: OK here is the log https://gist.github.com/johnnash13/0d2cb5238f3551cd3a8c6b4e638dd744 Sorry took me a while to convert wireshark trace to text file. My freeswitch is running on private IP (127.0.0.1) and opensips I run on both public and private so that for outside world opensips is the only public IP they see. In proxy log I pasted Opensips ===> Freeswitch logs and back. On Fri, Jun 24, 2016 at 12:43 AM, Eric Tamme <[email protected]> wrote: No - it's annoying to look at a trace that's had information removed and try and piece together whats happening. Your paranoid side is wrong, sorry. -Eric On 06/23/2016 01:06 PM, Patrick Wakano wrote: my paranoic side would recommend to hide/change private informations, specially any authentication line that might appear... this is certainly a sort of social engineering threat we should worry... better be safe than sorry.... On Thu, Jun 23, 2016 at 3:31 PM, Eric Tamme <[email protected]> wrote: I mean you can use a private gist, but you will be publishing the link in a public email list. In general I personally dont believe revealing ip addresses etc. is any problem - to put my money where my mouth is here is a gist link to an unaltered SIP trace on my server :) https://gist.github.com/etamme/b864010448a29007b7e0457682e81d52 -Eric On 06/23/2016 12:23 PM, John Nash wrote: Ok i am ready with logs. About gist may I use private option as traces have our IPs, user On Thu, Jun 23, 2016 at 10:32 PM, Eric Tamme <[email protected]> wrote: Hey John, Please paste a full UNALTERED sip trace into a gist (gist.github.com) from the proxy servers perspective and provide a link so that we can see what comes in, and what goes out from both sides. EG: ngrep -qtd any -W byline port 5060 This will show us the traffic that is leaving the proxy destined for the Freeswitch box, and what the freeswitch box sends back. Also - you can look in your browsers console log and provide the SIP trace from there in a seperate gist, so that we can see what opensips sends back up to your browser. -Eric Am I using correct sip.js example? I copied it to my server and accessing it using https: (used letsencrypt) On Thu, Jun 23, 2016 at 7:58 PM, Eric Tamme <[email protected]> wrote: 1. I would suggest using SIP.js - https://github.com/onsip/SIP.js it is a much more active project that sipml5. 2. Im guessing that you are not properly passing flags to RTPEngine. If you want to have DTLS-SRTP between the browser, and plain RTP/AVP between RTPEngine and freeswitch, you need to "offer" rtp/avp to freeswitch, and "answer" dtls-srtp back up to the browser. the offer to freeswitch would be: $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove"; and the answer back up to the browswer would be: $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force"; -Eric On 06/23/2016 08:20 AM, John Nash wrote: I am following http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2 and trying to test a call sipml5 ----------->Opensips + rtpengine --------> SIP end point (Freeswitch) But I do not have any audio on both sides. I see this error at rtpengine log "SRTP output wanted, but no crypto suite was negotiated" Anyone tested this scenario positive? _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users -------------------------------------------------------------------------------- _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
