[OpenSIPS-Users] Opensips + rtpengine + Sipml5 webrtc

sevpal sevpal at aol.com
Thu Jun 23 23:20:30 CEST 2016


Hi, the rtpengine cannot negotiate SRTP between the two points, both must support the same cryptography and protocol. eg; SRTP to SRTP , DTLS/SRTP to DTLS/SRTP cipher 128 to 128 and 256 to 256.

You can print the request body ($rb) on the INVITE with “application/sdp” and visually compare the exchange, do this on offer and answer.

From: John Nash 
Sent: Thursday, June 23, 2016 3:42 PM
To: OpenSIPS users mailling list 
Subject: Re: [OpenSIPS-Users] Opensips + rtpengine + Sipml5 webrtc

Actually the issue is i hear no audio on either side and just after session progress (I guess when media starts coming from remote media server) i see error "SRTP output wanted, but no crypto suite was negotiated" 


I had also checked media logs i could see RTP packets being sent from freeswitch to RTPengine IP but there was no packet at all just after that. Ideally after RTP packet from freeswitch to rtpengine, Rtpengine should send that packet to browser using wss?

On Fri, Jun 24, 2016 at 1:05 AM, Eric Tamme <eric at uphreak.com> wrote:

  So - i dont see a problem here - Chrome is getting UDP/TLS/RTP/SAVPF and Freeswitch is getting RTP/AVP.  Freeswitch responded to the offer in the invite with an answer in the 183, and in the 200.  What is the failure you are seeing, and where is it happening (in freeswitch? in the browser?)

  The only thing that looks bad is that you are retransmitting the ACK which FS either ... doesnt like, or is never getting,  because it keeps retransmitting the 200, which is why you get a 481 when you send BYE.

  -Eric 



  On 06/23/2016 01:24 PM, John Nash wrote:

    OK here is the log https://gist.github.com/johnnash13/0d2cb5238f3551cd3a8c6b4e638dd744 

    Sorry took me a while to convert wireshark trace to text file.

    My freeswitch is running on private IP (127.0.0.1) and opensips I run on both public and private so that for outside world opensips is the only public IP they see. In proxy log I pasted Opensips ===> Freeswitch logs and back.






    On Fri, Jun 24, 2016 at 12:43 AM, Eric Tamme <eric at uphreak.com> wrote:

      No - it's annoying to look at a trace that's had information removed and try and piece together whats happening.  Your paranoid side is wrong, sorry.

      -Eric 



      On 06/23/2016 01:06 PM, Patrick Wakano wrote:

        my paranoic side would recommend to hide/change private informations, specially any authentication line that might appear... this is certainly a sort of social engineering threat we should worry...

        better be safe than sorry....



        On Thu, Jun 23, 2016 at 3:31 PM, Eric Tamme <eric at uphreak.com> wrote:

          I mean you can use a private gist, but you will be publishing the link in a public email list.  In general I personally dont believe revealing ip addresses etc. is any problem - to put my money where my mouth is here is a gist link to an unaltered SIP trace on my server :)

          https://gist.github.com/etamme/b864010448a29007b7e0457682e81d52

          -Eric 



          On 06/23/2016 12:23 PM, John Nash wrote:

            Ok i am ready with logs. About gist may I use private option as traces have our IPs, user

            On Thu, Jun 23, 2016 at 10:32 PM, Eric Tamme <eric at uphreak.com> wrote:

              Hey John,

              Please paste a full UNALTERED sip trace into a gist (gist.github.com) from the proxy servers perspective and provide a link so that we can see what comes in, and what goes out from both sides.

              EG: ngrep -qtd any -W byline port 5060

              This will show us the traffic that is leaving the proxy destined for the Freeswitch box, and what the freeswitch box sends back.

              Also - you can look in your browsers console log and provide the SIP trace from there in a seperate gist, so that we can see what opensips sends back up to your browser.

              -Eric 



                Am I using correct sip.js example? I copied it to my server and accessing it using https: (used letsencrypt)

                On Thu, Jun 23, 2016 at 7:58 PM, Eric Tamme <eric at uphreak.com> wrote:

                  1. I would suggest using SIP.js - https://github.com/onsip/SIP.js it is a much more active project that sipml5.

                  2. Im guessing that you are not properly passing flags to RTPEngine.  If you want to have DTLS-SRTP between the browser, and plain RTP/AVP between RTPEngine and freeswitch, you need to "offer" rtp/avp to freeswitch, and "answer" dtls-srtp back up to the browser.

                  the offer to freeswitch would be:  

        $var(rtpengine_flags) = "RTP/AVP replace-session-connection replace-origin ICE=remove";

and the answer back up to the browswer would be:


        $var(rtpengine_flags) = "UDP/TLS/RTP/SAVPF ICE=force";
                  -Eric 




                  On 06/23/2016 08:20 AM, John Nash wrote:

                    I am following http://www.opensips.org/Documentation/Tutorials-WebSocket-2-2 and trying to test a call  

                    sipml5 ----------->Opensips + rtpengine --------> SIP end point (Freeswitch)


                    But I do not have any audio on both sides. I see this error at rtpengine log "SRTP output wanted, but no crypto suite was negotiated"


                    Anyone tested this scenario positive?

                     

_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



                  _______________________________________________
                  Users mailing list
                  Users at lists.opensips.org
                  http://lists.opensips.org/cgi-bin/mailman/listinfo/users




                 

_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



              _______________________________________________
              Users mailing list
              Users at lists.opensips.org
              http://lists.opensips.org/cgi-bin/mailman/listinfo/users




             

_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



          _______________________________________________
          Users mailing list
          Users at lists.opensips.org
          http://lists.opensips.org/cgi-bin/mailman/listinfo/users




         

_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



      _______________________________________________
      Users mailing list
      Users at lists.opensips.org
      http://lists.opensips.org/cgi-bin/mailman/listinfo/users




     

_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



  _______________________________________________
  Users mailing list
  Users at lists.opensips.org
  http://lists.opensips.org/cgi-bin/mailman/listinfo/users





--------------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20160623/a65f417b/attachment.htm>


More information about the Users mailing list