SRTP

From FreeSWITCH Wiki

Jump to: navigation, search
[edit]

FreeSWITCH Config

FreeSWITCH supports SRTP via SDES ([1]). No configuration is necessary (?) on FreeSWITCH side, although your phone may require setup.

Use the ${sip_secure_media_confirmed} variable to verify SRTP is being used for a call... Example: 

   <extension name="is_secure">
     <condition field="${sip_secure_media_confirmed}" expression="^true$">
       <action application="sleep" data="1000"/>
       <action application="gentones" data="${bong-ring}"/>
     </condition>
   </extension>
[edit]

Polycom SRTP config

(Tested on SoundPointIP 501- should work with others, requires SIP 2.X Firmware) Polycom bug workaround- sec.srtp.offer.HMAC_SHA1_80="0" (phones won't negotiate SDES properly otherwise) The phone will display a lock next to the line key icon after the call is successfully connected via SRTP. 

  <security>
     <SRTP sec.srtp.enable="1" sec.srtp.leg.enable="1" sec.srtp.offer="1" sec.srtp.require="1" 
           sec.srtp.offer.HMAC_SHA1_80="0" sec.srtp.offer.HMAC_SHA1_32="1" sec.srtp.key.lifetime="" 
           sec.srtp.mki.enabled="" sec.srtp.sessionParams.noAuth.offer="" sec.srtp.sessionParams.noAuth.require="" 
           sec.srtp.sessionParams.noEncrypRTP.offer="" sec.srtp.sessionParams.noEncrypRTP.require="" 
           sec.srtp.sessionParams.noEncrypRTCP.offer="" sec.srtp.sessionParams.noEncrypRTCP.require="" 
           sec.srtp.sessionParams.leg.noAuth.offer="" sec.srtp.sessionParams.leg.noAuth.require="" 
           sec.srtp.sessionParams.leg.noEncrypRTP.offer="" sec.srtp.sessionParams.leg.noEncrypRTP.require="" 
           sec.srtp.sessionParams.leg.noEncrypRTCP.offer="" sec.srtp.sessionParams.leg.noEncrypRTCP.require="" 
           sec.srtp.sessionParams.IP_4000.noAuth.offer="" sec.srtp.sessionParams.IP_4000.noAuth.require="" 
           sec.srtp.sessionParams.IP_4000.noEncrypRTP.offer="" sec.srtp.sessionParams.IP_4000.noEncrypRTP.require="" 
           sec.srtp.sessionParams.IP_4000.noEncrypRTCP.offer="" sec.srtp.sessionParams.IP_4000.noEncrypRTCP.require="" 
           sec.srtp.leg.allowLocalConf=""/>
  </security>

This can be added to a custom config file, or changed from defaults in the sip.cfg file distributed w/ firmware.

[edit]

Overhead

SRTP adds extra 4 bytes to the packets. At 20ms this means 50*4*8=1600 bit/s overhead.

Retrieved from "http://wiki.freeswitch.org/wiki/SRTP"
Personal tools