Sorry sevpal somehow your message went to spam. I am not sure I get what you are trying to say as I was under the impression rtpengine is supposed to bridge protocols. Better I explain my test setup properly to you ..
1- On linux server I installed certificates from letsencrypt for a domain (<mydomain>). 2- I have opensips (wss listner is there as well as udp), Rtpengine and freeswitch (udp only and it terminate calls to SIP network) 3- On web server I copied sipml5 code which I access on chrome browser using https://<mydomain>:443. In sipml5 I give wss url of the opensips wss listener (wss://<mydomain>:4431 along with SIP credentials 4- My call flow is Chrome(sipml5) ==wss==>Opensips===udp==>Freeswitch. Before sending Invite to freeswitch Rtpengine call is made as per http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2. Same being done when session progress or 200 OK comes from freeswitch. Now in this setup how can I make sure same crypto is used? On Fri, Jun 24, 2016 at 2:50 AM, sevpal <sev...@aol.com> wrote: > Hi, the rtpengine cannot negotiate SRTP between the two points, both must > support the same cryptography and protocol. eg; SRTP to SRTP , DTLS/SRTP to > DTLS/SRTP cipher 128 to 128 and 256 to 256. > > You can print the request body ($rb) on the INVITE with “application/sdp” > and visually compare the exchange, do this on offer and answer. > > *From:* John Nash <john.nash...@gmail.com> > *Sent:* Thursday, June 23, 2016 3:42 PM > *To:* OpenSIPS users mailling list <users@lists.opensips.org> > *Subject:* Re: [OpenSIPS-Users] Opensips + rtpengine + Sipml5 webrtc > > Actually the issue is i hear no audio on either side and just after > session progress (I guess when media starts coming from remote media > server) i see error "SRTP output wanted, but no crypto suite was > negotiated" > > I had also checked media logs i could see RTP packets being sent from > freeswitch to RTPengine IP but there was no packet at all just after that. > Ideally after RTP packet from freeswitch to rtpengine, Rtpengine should > send that packet to browser using wss? > > On Fri, Jun 24, 2016 at 1:05 AM, Eric Tamme <e...@uphreak.com> wrote: > >> So - i dont see a problem here - Chrome is getting UDP/TLS/RTP/SAVPF and >> Freeswitch is getting RTP/AVP. Freeswitch responded to the offer in the >> invite with an answer in the 183, and in the 200. What is the failure you >> are seeing, and where is it happening (in freeswitch? in the browser?) >> >> The only thing that looks bad is that you are retransmitting the ACK >> which FS either ... doesnt like, or is never getting, because it keeps >> retransmitting the 200, which is why you get a 481 when you send BYE. >> >> -Eric >> >> >> On 06/23/2016 01:24 PM, John Nash wrote: >> >> OK here is the log >> https://gist.github.com/johnnash13/0d2cb5238f3551cd3a8c6b4e638dd744 >> >> Sorry took me a while to convert wireshark trace to text file. >> >> My freeswitch is running on private IP (127.0.0.1) and opensips I run on >> both public and private so that for outside world opensips is the only >> public IP they see. In proxy log I pasted Opensips ===> Freeswitch logs and >> back. >> >> >> >> >> >> >> On Fri, Jun 24, 2016 at 12:43 AM, Eric Tamme <e...@uphreak.com> wrote: >> >>> No - it's annoying to look at a trace that's had information removed and >>> try and piece together whats happening. Your paranoid side is wrong, sorry. >>> >>> -Eric >>> >>> >>> On 06/23/2016 01:06 PM, Patrick Wakano wrote: >>> >>> my paranoic side would recommend to hide/change private informations, >>> specially any authentication line that might appear... this is certainly a >>> sort of social engineering threat we should worry... >>> better be safe than sorry.... >>> >>> >>> On Thu, Jun 23, 2016 at 3:31 PM, Eric Tamme <e...@uphreak.com> wrote: >>> >>>> I mean you can use a private gist, but you will be publishing the link >>>> in a public email list. In general I personally dont believe revealing ip >>>> addresses etc. is any problem - to put my money where my mouth is here is a >>>> gist link to an unaltered SIP trace on my server :) >>>> >>>> https://gist.github.com/etamme/b864010448a29007b7e0457682e81d52 >>>> >>>> -Eric >>>> >>>> >>>> On 06/23/2016 12:23 PM, John Nash wrote: >>>> >>>> Ok i am ready with logs. About gist may I use private option as traces >>>> have our IPs, user >>>> >>>> On Thu, Jun 23, 2016 at 10:32 PM, Eric Tamme <e...@uphreak.com> wrote: >>>> >>>>> Hey John, >>>>> >>>>> Please paste a full UNALTERED sip trace into a gist (gist.github.com) >>>>> from the proxy servers perspective and provide a link so that we can see >>>>> what comes in, and what goes out from both sides. >>>>> >>>>> EG: ngrep -qtd any -W byline port 5060 >>>>> >>>>> This will show us the traffic that is leaving the proxy destined for >>>>> the Freeswitch box, and what the freeswitch box sends back. >>>>> >>>>> Also - you can look in your browsers console log and provide the SIP >>>>> trace from there in a seperate gist, so that we can see what opensips >>>>> sends >>>>> back up to your browser. >>>>> >>>>> -Eric >>>>> >>>>> >>>>> Am I using correct sip.js example? I copied it to my server and >>>>> accessing it using https: (used letsencrypt) >>>>> >>>>> On Thu, Jun 23, 2016 at 7:58 PM, Eric Tamme <e...@uphreak.com> wrote: >>>>> >>>>>> 1. I would suggest using SIP.js - https://github.com/onsip/SIP.js it >>>>>> is a much more active project that sipml5. >>>>>> >>>>>> 2. Im guessing that you are not properly passing flags to RTPEngine. >>>>>> If you want to have DTLS-SRTP between the browser, and plain RTP/AVP >>>>>> between RTPEngine and freeswitch, you need to "offer" rtp/avp to >>>>>> freeswitch, and "answer" dtls-srtp back up to the browser. >>>>>> >>>>>> the offer to freeswitch would be: >>>>>> >>>>>> $var(rtpengine_flags) = "RTP/AVP replace-session-connection >>>>>> replace-origin ICE=remove"; >>>>>> >>>>>> >>>>>> and the answer back up to the browswer would be: >>>>>> >>>>>> $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force"; >>>>>> >>>>>> >>>>>> -Eric >>>>>> >>>>>> >>>>>> >>>>>> On 06/23/2016 08:20 AM, John Nash wrote: >>>>>> >>>>>> I am following >>>>>> http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2 and >>>>>> trying to test a call >>>>>> >>>>>> sipml5 ----------->Opensips + rtpengine --------> SIP end point >>>>>> (Freeswitch) >>>>>> >>>>>> But I do not have any audio on both sides. I see this error at >>>>>> rtpengine log "SRTP output wanted, but no crypto suite was negotiated" >>>>>> >>>>>> Anyone tested this scenario positive? >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Users mailing >>>>>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Users mailing list >>>>>> Users@lists.opensips.org >>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>>> >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing >>>>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Users mailing list >>>>> Users@lists.opensips.org >>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>>> >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Users mailing >>>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>> >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users@lists.opensips.org >>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>> >>>> >>> >>> >>> _______________________________________________ >>> Users mailing >>> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >>> >>> >>> _______________________________________________ >>> Users mailing list >>> Users@lists.opensips.org >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >>> >> >> >> _______________________________________________ >> Users mailing >> listUsers@lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> >> >> _______________________________________________ >> Users mailing list >> Users@lists.opensips.org >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> >> > > ------------------------------ > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > >
_______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users