[OpenSIPS-Users] Opensips + rtpengine + Sipml5 webrtc

John Nash john.nash778 at gmail.com
Fri Jun 24 08:25:48 CEST 2016


Sorry sevpal somehow your message went to spam. I am not sure I get what
you are trying to say as I was under the impression rtpengine is supposed
to bridge protocols.  Better I explain my test setup properly to you ..

1- On linux server I installed certificates from letsencrypt for a domain
(<mydomain>).
2- I have opensips (wss listner is there as well as udp), Rtpengine and
freeswitch (udp only and it terminate calls to SIP network)
3- On web server I copied sipml5 code which I access on chrome browser
using https://<mydomain>:443. In sipml5 I give wss url of the opensips wss
listener (wss://<mydomain>:4431 along with SIP credentials
4- My call flow is Chrome(sipml5) ==wss==>Opensips===udp==>Freeswitch.
Before sending Invite to freeswitch Rtpengine call is made
as per http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2. Same
being done when session progress or 200 OK comes from freeswitch.


Now in this setup how can I make sure same crypto is used?






On Fri, Jun 24, 2016 at 2:50 AM, sevpal <sevpal at aol.com> wrote:

> Hi, the rtpengine cannot negotiate SRTP between the two points, both must
> support the same cryptography and protocol. eg; SRTP to SRTP , DTLS/SRTP to
> DTLS/SRTP cipher 128 to 128 and 256 to 256.
>
> You can print the request body ($rb) on the INVITE with “application/sdp”
> and visually compare the exchange, do this on offer and answer.
>
> *From:* John Nash <john.nash778 at gmail.com>
> *Sent:* Thursday, June 23, 2016 3:42 PM
> *To:* OpenSIPS users mailling list <users at lists.opensips.org>
> *Subject:* Re: [OpenSIPS-Users] Opensips + rtpengine + Sipml5 webrtc
>
> Actually the issue is i hear no audio on either side and just after
> session progress (I guess when media starts coming from remote media
> server) i see error "SRTP output wanted, but no crypto suite was
> negotiated"
>
> I had also checked media logs i could see RTP packets being sent from
> freeswitch to RTPengine IP but there was no packet at all just after that.
> Ideally after RTP packet from freeswitch to rtpengine, Rtpengine should
> send that packet to browser using wss?
>
> On Fri, Jun 24, 2016 at 1:05 AM, Eric Tamme <eric at uphreak.com> wrote:
>
>> So - i dont see a problem here - Chrome is getting UDP/TLS/RTP/SAVPF and
>> Freeswitch is getting RTP/AVP.  Freeswitch responded to the offer in the
>> invite with an answer in the 183, and in the 200.  What is the failure you
>> are seeing, and where is it happening (in freeswitch? in the browser?)
>>
>> The only thing that looks bad is that you are retransmitting the ACK
>> which FS either ... doesnt like, or is never getting,  because it keeps
>> retransmitting the 200, which is why you get a 481 when you send BYE.
>>
>> -Eric
>>
>>
>> On 06/23/2016 01:24 PM, John Nash wrote:
>>
>> OK here is the log
>> https://gist.github.com/johnnash13/0d2cb5238f3551cd3a8c6b4e638dd744
>>
>> Sorry took me a while to convert wireshark trace to text file.
>>
>> My freeswitch is running on private IP (127.0.0.1) and opensips I run on
>> both public and private so that for outside world opensips is the only
>> public IP they see. In proxy log I pasted Opensips ===> Freeswitch logs and
>> back.
>>
>>
>>
>>
>>
>>
>> On Fri, Jun 24, 2016 at 12:43 AM, Eric Tamme <eric at uphreak.com> wrote:
>>
>>> No - it's annoying to look at a trace that's had information removed and
>>> try and piece together whats happening.  Your paranoid side is wrong, sorry.
>>>
>>> -Eric
>>>
>>>
>>> On 06/23/2016 01:06 PM, Patrick Wakano wrote:
>>>
>>> my paranoic side would recommend to hide/change private informations,
>>> specially any authentication line that might appear... this is certainly a
>>> sort of social engineering threat we should worry...
>>> better be safe than sorry....
>>>
>>>
>>> On Thu, Jun 23, 2016 at 3:31 PM, Eric Tamme <eric at uphreak.com> wrote:
>>>
>>>> I mean you can use a private gist, but you will be publishing the link
>>>> in a public email list.  In general I personally dont believe revealing ip
>>>> addresses etc. is any problem - to put my money where my mouth is here is a
>>>> gist link to an unaltered SIP trace on my server :)
>>>>
>>>> https://gist.github.com/etamme/b864010448a29007b7e0457682e81d52
>>>>
>>>> -Eric
>>>>
>>>>
>>>> On 06/23/2016 12:23 PM, John Nash wrote:
>>>>
>>>> Ok i am ready with logs. About gist may I use private option as traces
>>>> have our IPs, user
>>>>
>>>> On Thu, Jun 23, 2016 at 10:32 PM, Eric Tamme <eric at uphreak.com> wrote:
>>>>
>>>>> Hey John,
>>>>>
>>>>> Please paste a full UNALTERED sip trace into a gist (gist.github.com)
>>>>> from the proxy servers perspective and provide a link so that we can see
>>>>> what comes in, and what goes out from both sides.
>>>>>
>>>>> EG: ngrep -qtd any -W byline port 5060
>>>>>
>>>>> This will show us the traffic that is leaving the proxy destined for
>>>>> the Freeswitch box, and what the freeswitch box sends back.
>>>>>
>>>>> Also - you can look in your browsers console log and provide the SIP
>>>>> trace from there in a seperate gist, so that we can see what opensips sends
>>>>> back up to your browser.
>>>>>
>>>>> -Eric
>>>>>
>>>>>
>>>>> Am I using correct sip.js example? I copied it to my server and
>>>>> accessing it using https: (used letsencrypt)
>>>>>
>>>>> On Thu, Jun 23, 2016 at 7:58 PM, Eric Tamme <eric at uphreak.com> wrote:
>>>>>
>>>>>> 1. I would suggest using SIP.js - https://github.com/onsip/SIP.js it
>>>>>> is a much more active project that sipml5.
>>>>>>
>>>>>> 2. Im guessing that you are not properly passing flags to RTPEngine.
>>>>>> If you want to have DTLS-SRTP between the browser, and plain RTP/AVP
>>>>>> between RTPEngine and freeswitch, you need to "offer" rtp/avp to
>>>>>> freeswitch, and "answer" dtls-srtp back up to the browser.
>>>>>>
>>>>>> the offer to freeswitch would be:
>>>>>>
>>>>>>         $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove";
>>>>>>
>>>>>>
>>>>>> and the answer back up to the browswer would be:
>>>>>>
>>>>>>         $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force";
>>>>>>
>>>>>>
>>>>>> -Eric
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 06/23/2016 08:20 AM, John Nash wrote:
>>>>>>
>>>>>> I am following
>>>>>> http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2 and
>>>>>> trying to test a call
>>>>>>
>>>>>> sipml5 ----------->Opensips + rtpengine --------> SIP end point
>>>>>> (Freeswitch)
>>>>>>
>>>>>> But I do not have any audio on both sides. I see this error at
>>>>>> rtpengine log "SRTP output wanted, but no crypto suite was negotiated"
>>>>>>
>>>>>> Anyone tested this scenario positive?
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at lists.opensips.org
>>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at lists.opensips.org
>>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>> _______________________________________________
>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
> ------------------------------
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20160624/70b2bf43/attachment-0001.htm>


More information about the Users mailing list