Jump to content

SRTP available on the hosted platform?

Guest

By Guest
in Product Discussion

 Share

Recommended Posts

Rick Guyton

Rick Guyton

Posted
Posted
Hi Josh, I've seen settings for this under Advanced callflows -> Devices -> (Pick a Device) -> Advanced -> Audio. And in the provisioner under the Lines section, in the advanced settings at the bottom.


I have NOT tried this yet though! I had a client what as supper worried about it, then management changed and they didn't care anymore. So, I left it. But, when I was talking to 2600 I remember them telling me to go into these two areas and make sure I was using the zswitch.net domain and not a white labeled one. Maybe give that a try? Please post back and let us know how it goes!

EDIT: I'm not sure how "supported" this is though... FYI
Link to comment
Share on other sites
  • Administrators
Darren Schreiber

Darren Schreiber

Posted
  • Administrators
Posted
Hi there,
     A few things on this.

1) Rick thanks for chiming in
2) Rick is right that the option must be set in the GUI. This causes the server to force SRTP when calling TO the phone
3) For calls FROM the phone, you must manually enable SRTP on the phone itself. I think it MAY be in the provisioner tool as well but remains untested to my knowledge.
4) Finally, for all this to work ,you must override the default proxy with:
secure-us-east.p.zswitch.net
secure-us-west.p.zswitch.net

This is all in beta until 4.0 comes out because the SSL libraries in our current FreeSWITCH version are old and can't be upgraded without a massive overhaul (which is what 4.0 is) so this may or may not work well... Hence why it remains unsupported, but available.

It honestly should be OK but your mileage may vary.

ALSO, because it's encrypted, WE CAN NOT debug audio issues if you turn this on if they're between your customer and our server.
Link to comment
Share on other sites
Guest

Guest

Posted
Posted
Thanks Darren. Neither of those secure proxy URLs resolve to anything...

But without changing the proxy I enabled SRTP and set it to force all calls on the handset and it was able to complete inbound and outbound calls. Need to get wireshark going to see if it's actually encrypting. 
Link to comment
Share on other sites
  • 2 years later...
esoare

esoare

Posted
Posted

Just an FYI. 

Posted this in another thread, but thought it prudent to update this thread also. 

~~~~~~~~~~~~~~~~~~~~~~~~~

Using Advanced Call Flows - Device - Audio - Secure RTP  (Select SRTP)

 

image.png

 

Then in Advanced Provisioner for the Device 

Config - Lines - Scroll to the Bottom of " 1 " In Advanced - Make sure the RTP Encruption (SRTP) is enabled. 

 

image.png

Restart the phone (if you made a change versus building new) 

From what I can tell. That is all now, as of Version 4.3-11

The only thing different I can tell, is that there is a "Lock" on the Yealink phones, AFTER the call is established. 

Link to comment
Share on other sites
  • 3 years later...
Frank Seesink

Frank Seesink

Posted
Posted (edited)

Hey @Darren Schreiber,

Has something changed recently?  Do all these proxies only work from within the U.S. now?

Things used to work when I would travel and setup a Grandstream to connect with SRTP from outside the U.S.  But it hasn't been working lately.  And eventually I found when I ran nmap against the proxies that they appear to be filtered on 5060/5061 if I source from outside the U.S., but they're open when I source from here in the U.S.  That goes for

  • secure-us-east.p.zswitch.net
  • secure-us-west.p.zswitch.net

as well as

  • us-east.p.zswitch.net
  • us-west.p.zswitch.net

Was just wondering if that's something new, as it used to work just fine.

Edited by Frank Seesink (see edit history)
Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...