<div dir="ltr">Sorry sevpal somehow your message went to spam. I am not sure I get what you are trying to say as I was under the impression rtpengine is supposed to bridge protocols. Better I explain my test setup properly to you ..<div><br><div>1- On linux server I installed certificates from letsencrypt for a domain (<mydomain>).</div><div>2- I have opensips (wss listner is there as well as udp), Rtpengine and freeswitch (udp only and it terminate calls to SIP network)</div><div>3- On web server I copied sipml5 code which I access on chrome browser using https://<mydomain>:443. In sipml5 I give wss url of the opensips wss listener (wss://<mydomain>:4431 along with SIP credentials</div><div>4- My call flow is Chrome(sipml5) ==wss==>Opensips===udp==>Freeswitch. Before sending Invite to freeswitch Rtpengine call is made </div><div>as per <a href="http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2">http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2</a>. Same being done when session progress or 200 OK comes from freeswitch.</div><div><br></div><div><br></div><div>Now in this setup how can I make sure same crypto is used?</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 24, 2016 at 2:50 AM, sevpal <span dir="ltr"><<a href="mailto:sevpal@aol.com" target="_blank">sevpal@aol.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div dir="ltr">
<div style="FONT-SIZE:12pt;FONT-FAMILY:'Calibri';COLOR:#000000">
<div>Hi, the rtpengine cannot negotiate SRTP between the two points, both must
support the same cryptography and protocol. eg; SRTP to SRTP , DTLS/SRTP to
DTLS/SRTP cipher 128 to 128 and 256 to 256.</div>
<div> </div>
<div>You can print the request body ($rb) on the INVITE with “application/sdp”
and visually compare the exchange, do this on offer and answer.</div>
<div style="FONT-SIZE:small;TEXT-DECORATION:none;FONT-FAMILY:"Calibri";FONT-WEIGHT:normal;COLOR:#000000;FONT-STYLE:normal;DISPLAY:inline">
<div style="FONT:10pt tahoma">
<div><font size="3" face="Calibri"></font> </div>
<div style="BACKGROUND:#f5f5f5">
<div><b>From:</b> <a title="john.nash778@gmail.com" href="mailto:john.nash778@gmail.com" target="_blank">John Nash</a> </div>
<div><b>Sent:</b> Thursday, June 23, 2016 3:42 PM</div>
<div><b>To:</b> <a title="users@lists.opensips.org" href="mailto:users@lists.opensips.org" target="_blank">OpenSIPS users mailling list</a> </div>
<div><b>Subject:</b> Re: [OpenSIPS-Users] Opensips + rtpengine + Sipml5
webrtc</div></div></div>
<div> </div></div>
<div style="FONT-SIZE:small;TEXT-DECORATION:none;FONT-FAMILY:"Calibri";FONT-WEIGHT:normal;COLOR:#000000;FONT-STYLE:normal;DISPLAY:inline"><div><div class="h5">
<div dir="ltr">Actually the issue is i hear no audio on either side and just after
session progress (I guess when media starts coming from remote media server) i
see error <span style="FONT-SIZE:12px">"SRTP output wanted, but no crypto suite
was negotiated"</span>
<div><span style="FONT-SIZE:12px"><br></span></div>
<div><span style="FONT-SIZE:12px">I had also checked media logs i could see RTP
packets being sent from freeswitch to RTPengine IP but there was no packet at
all just after that. Ideally after RTP packet from freeswitch to rtpengine,
Rtpengine should send that packet to browser using wss?</span></div></div>
<div class="gmail_extra">
<div> </div>
<div class="gmail_quote">On Fri, Jun 24, 2016 at 1:05 AM, Eric Tamme <span dir="ltr"><<a href="mailto:eric@uphreak.com" target="_blank">eric@uphreak.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT:1ex;MARGIN:0px 0px 0px 0.8ex;BORDER-LEFT:#ccc 1px solid">
<div bgcolor="#FFFFFF" text="#000000">So - i dont see a problem here - Chrome
is getting UDP/TLS/RTP/SAVPF and Freeswitch is getting RTP/AVP.
Freeswitch responded to the offer in the invite with an answer in the 183, and
in the 200. What is the failure you are seeing, and where is it
happening (in freeswitch? in the browser?)<br><br>The only thing that looks
bad is that you are retransmitting the ACK which FS either ... doesnt like, or
is never getting, because it keeps retransmitting the 200, which is why
you get a 481 when you send BYE.<span><font color="#888888"><br><br>-Eric</font></span>
<div>
<div><br><br>
<div>On 06/23/2016 01:24 PM, John Nash wrote:<br></div>
<blockquote type="cite">
<div dir="ltr">OK here is the log <a href="https://gist.github.com/johnnash13/0d2cb5238f3551cd3a8c6b4e638dd744" target="_blank">https://gist.github.com/johnnash13/0d2cb5238f3551cd3a8c6b4e638dd744</a>
<div> </div>
<div>Sorry took me a while to convert wireshark trace to text file.</div>
<div> </div>
<div>My freeswitch is running on private IP (127.0.0.1) and opensips I run
on both public and private so that for outside world opensips is the only
public IP they see. In proxy log I pasted Opensips ===> Freeswitch logs
and back.</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div> </div></div>
<div class="gmail_extra">
<div> </div>
<div class="gmail_quote">On Fri, Jun 24, 2016 at 12:43 AM, Eric Tamme <span dir="ltr"><<a href="mailto:eric@uphreak.com" target="_blank">eric@uphreak.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT:1ex;MARGIN:0px 0px 0px 0.8ex;BORDER-LEFT:#ccc 1px solid">
<div bgcolor="#FFFFFF" text="#000000">No - it's annoying to look at a
trace that's had information removed and try and piece together whats
happening. Your paranoid side is wrong, sorry.<span><font color="#888888"><br><br>-Eric</font></span>
<div>
<div><br><br>
<div>On 06/23/2016 01:06 PM, Patrick Wakano wrote:<br></div>
<blockquote type="cite">
<div dir="ltr">
<div>my paranoic side would recommend to hide/change private
informations, specially any authentication line that might appear...
this is certainly a sort of social engineering threat we should
worry...<br></div>
<div>better be safe than sorry....<br></div>
<div> </div></div>
<div class="gmail_extra">
<div> </div>
<div class="gmail_quote">On Thu, Jun 23, 2016 at 3:31 PM, Eric Tamme <span dir="ltr"><<a href="mailto:eric@uphreak.com" target="_blank">eric@uphreak.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT:1ex;MARGIN:0px 0px 0px 0.8ex;BORDER-LEFT:#ccc 1px solid">
<div bgcolor="#FFFFFF" text="#000000">I mean you can use a private
gist, but you will be publishing the link in a public email
list. In general I personally dont believe revealing ip
addresses etc. is any problem - to put my money where my mouth is here
is a gist link to an unaltered SIP trace on my server :)<br><br><a href="https://gist.github.com/etamme/b864010448a29007b7e0457682e81d52" target="_blank">https://gist.github.com/etamme/b864010448a29007b7e0457682e81d52</a><span><font color="#888888"><br><br>-Eric</font></span>
<div>
<div><br><br>
<div>On 06/23/2016 12:23 PM, John Nash wrote:<br></div>
<blockquote type="cite">
<div dir="ltr">Ok i am ready with logs. About gist may I use private
option as traces have our IPs, user</div>
<div class="gmail_extra">
<div> </div>
<div class="gmail_quote">On Thu, Jun 23, 2016 at 10:32 PM, Eric Tamme
<span dir="ltr"><<a href="mailto:eric@uphreak.com" target="_blank">eric@uphreak.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT:1ex;MARGIN:0px 0px 0px 0.8ex;BORDER-LEFT:#ccc 1px solid">
<div bgcolor="#FFFFFF" text="#000000">Hey John,<br><br>Please
paste a full UNALTERED sip trace into a gist (<a href="http://gist.github.com" target="_blank">gist.github.com</a>)
from the proxy servers perspective and provide a link so that we
can see what comes in, and what goes out from both
sides.<br><br>EG: ngrep -qtd any -W byline port 5060<br><br>This
will show us the traffic that is leaving the proxy destined for
the Freeswitch box, and what the freeswitch box sends
back.<br><br>Also - you can look in your browsers console log and
provide the SIP trace from there in a seperate gist, so that we
can see what opensips sends back up to your browser.<span><font color="#888888"><br><br>-Eric</font></span>
<div>
<div><br><br>
<blockquote type="cite">
<div dir="ltr">
<div><span style="FONT-SIZE:12px">Am I using correct sip.js
example? I copied it to my server and accessing it using https:
(used letsencrypt)</span></div></div>
<div class="gmail_extra">
<div> </div>
<div class="gmail_quote">On Thu, Jun 23, 2016 at 7:58 PM, Eric
Tamme <span dir="ltr"><<a href="mailto:eric@uphreak.com" target="_blank">eric@uphreak.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT:1ex;MARGIN:0px 0px 0px 0.8ex;BORDER-LEFT:#ccc 1px solid">
<div bgcolor="#FFFFFF" text="#000000">1. I would suggest using
SIP.js - <a href="https://github.com/onsip/SIP.js" target="_blank">https://github.com/onsip/SIP.js</a> it is a much
more active project that sipml5.<br><br>2. Im guessing that
you are not properly passing flags to RTPEngine. If you
want to have DTLS-SRTP between the browser, and plain RTP/AVP
between RTPEngine and freeswitch, you need to "offer" rtp/avp
to freeswitch, and "answer" dtls-srtp back up to the
browser.<br><br>the offer to freeswitch would be: <br><pre> $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove";
</pre>and the answer back up to the browswer would be:<br><br><pre> $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force";</pre><br>-Eric
<div>
<div><br><br><br>
<div>On 06/23/2016 08:20 AM, John Nash
wrote:<br></div></div></div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">I am following <a href="http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2" target="_blank">http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2</a>
and trying to test a call
<div> </div>
<div>sipml5 ----------->Opensips + rtpengine -------->
SIP end point (Freeswitch)<br>
<div> </div>
<div>But I do not have any audio on both sides. I see this
error at rtpengine log "SRTP output wanted, but no crypto
suite was negotiated"<br></div></div>
<div> </div>
<div>Anyone tested this scenario positive?</div></div><br>
<fieldset></fieldset> <br></div></div><pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre></blockquote><br></div><br>_______________________________________________<br>Users
mailing list<br><a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br><br></blockquote></div>
<div> </div></div><br>
<fieldset></fieldset> <br><pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre></blockquote><br></div></div></div><br>_______________________________________________<br>Users
mailing list<br><a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br><br></blockquote></div>
<div> </div></div><br>
<fieldset></fieldset> <br><pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre></blockquote><br></div></div></div><br>_______________________________________________<br>Users
mailing list<br><a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br><br></blockquote></div>
<div> </div></div><br>
<fieldset></fieldset> <br><pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre></blockquote><br></div></div></div><br>_______________________________________________<br>Users
mailing list<br><a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br><br></blockquote></div>
<div> </div></div><br>
<fieldset></fieldset> <br><pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre></blockquote><br></div></div></div><br>_______________________________________________<br>Users
mailing list<br><a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br><br></blockquote></div>
<div> </div></div>
</div></div><p>
</p><hr><span class="">
_______________________________________________<br>Users mailing
list<br><a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br></span><p></p></div></div></div></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>