Guest Posted August 23, 2016 Report Posted August 23, 2016 I have a customer who wants encryption for voice. SRTP is supported in most of the SIP phones. Does Kazoo support SRTP and if so how do I turn it on?
Rick Guyton Posted August 23, 2016 Report Posted August 23, 2016 Hi Josh, I've seen settings for this under Advanced callflows -> Devices -> (Pick a Device) -> Advanced -> Audio. And in the provisioner under the Lines section, in the advanced settings at the bottom. I have NOT tried this yet though! I had a client what as supper worried about it, then management changed and they didn't care anymore. So, I left it. But, when I was talking to 2600 I remember them telling me to go into these two areas and make sure I was using the zswitch.net domain and not a white labeled one. Maybe give that a try? Please post back and let us know how it goes! EDIT: I'm not sure how "supported" this is though... FYI
Guest Posted August 23, 2016 Report Posted August 23, 2016 You're right - I see the option for SRTP and ZRTP. I'll test it and let you know. Thanks!
Administrators Darren Schreiber Posted August 23, 2016 Administrators Report Posted August 23, 2016 Hi there, A few things on this.1) Rick thanks for chiming in2) Rick is right that the option must be set in the GUI. This causes the server to force SRTP when calling TO the phone3) For calls FROM the phone, you must manually enable SRTP on the phone itself. I think it MAY be in the provisioner tool as well but remains untested to my knowledge.4) Finally, for all this to work ,you must override the default proxy with:secure-us-east.p.zswitch.netsecure-us-west.p.zswitch.netThis is all in beta until 4.0 comes out because the SSL libraries in our current FreeSWITCH version are old and can't be upgraded without a massive overhaul (which is what 4.0 is) so this may or may not work well... Hence why it remains unsupported, but available.It honestly should be OK but your mileage may vary.ALSO, because it's encrypted, WE CAN NOT debug audio issues if you turn this on if they're between your customer and our server.
Guest Posted August 23, 2016 Report Posted August 23, 2016 Thanks Darren. Neither of those secure proxy URLs resolve to anything...But without changing the proxy I enabled SRTP and set it to force all calls on the handset and it was able to complete inbound and outbound calls. Need to get wireshark going to see if it's actually encrypting.
Administrators Darren Schreiber Posted August 23, 2016 Administrators Report Posted August 23, 2016 Sorry, secure-us-east.p.zswitch.net secure-us-west.p.zswitch.net
esoare Posted December 11, 2018 Report Posted December 11, 2018 Just an FYI. Posted this in another thread, but thought it prudent to update this thread also. ~~~~~~~~~~~~~~~~~~~~~~~~~ Using Advanced Call Flows - Device - Audio - Secure RTP (Select SRTP) Then in Advanced Provisioner for the Device Config - Lines - Scroll to the Bottom of " 1 " In Advanced - Make sure the RTP Encruption (SRTP) is enabled. Restart the phone (if you made a change versus building new) From what I can tell. That is all now, as of Version 4.3-11 The only thing different I can tell, is that there is a "Lock" on the Yealink phones, AFTER the call is established.
Frank Seesink Posted May 27, 2022 Report Posted May 27, 2022 (edited) Hey @Darren Schreiber, Has something changed recently? Do all these proxies only work from within the U.S. now? Things used to work when I would travel and setup a Grandstream to connect with SRTP from outside the U.S. But it hasn't been working lately. And eventually I found when I ran nmap against the proxies that they appear to be filtered on 5060/5061 if I source from outside the U.S., but they're open when I source from here in the U.S. That goes for secure-us-east.p.zswitch.net secure-us-west.p.zswitch.net as well as us-east.p.zswitch.net us-west.p.zswitch.net Was just wondering if that's something new, as it used to work just fine. Edited May 30, 2022 by Frank Seesink (see edit history)
Recommended Posts