Hi list
I have installed a newer version of rtpproxy (2.0) in our development server , i was happy because it brings lot of performance improvements
However i have found an issue when clients use TLS+SRTP
In that scenario i do not want rtpproxy to decrypt/reencrypt the traffic as my B2BUA does that or in some scenarios we do plan to add end to end encryption. RTPProxy 1.X was doing that perfectly
Instead since i use rtpproxy 2.0 all SRTP and SRTCP traffic is decrypted by rtpproxy and i receive it clear in the B2BUA
How can i disable this new feature and that rtpproxy just keeps sending the received SRTP/SRTCP stream without decrypting it?
Hello,
are you sure rtpproxy 2.0 does encryption/decryption of the RTP/SRTP? I haven't noticed that the v2.0 has support for such feature.
What are the parameters you are using to control rtpproxy from kamailio.cfg?
Cheers, Daniel
On 01/06/16 12:18, Albert Petit wrote:
Hi list
I have installed a newer version of rtpproxy (2.0) in our development server , i was happy because it brings lot of performance improvements
However i have found an issue when clients use TLS+SRTP
In that scenario i do not want rtpproxy to decrypt/reencrypt the traffic as my B2BUA does that or in some scenarios we do plan to add end to end encryption. RTPProxy 1.X was doing that perfectly
Instead since i use rtpproxy 2.0 all SRTP and SRTCP traffic is decrypted by rtpproxy and i receive it clear in the B2BUA
How can i disable this new feature and that rtpproxy just keeps sending the received SRTP/SRTCP stream without decrypting it?
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi ,
Sorry for previous question. Finally it seems i got confused because traffic my UA was sending was not properly encrypted .Then when doing server tcpdump wireshark was seeing it still as RTCP (and not SRTCP) when jumping on rtpproxy :-) When fixed problem in user agent all traffic is SRTCP and rtpproxy just bridges it to the destination.
I was thinking of some interaction because new feature at https://github.com/sipwise/mediaproxy-ng ( (Bridging between RTP and SRTP user agents) but i understand this feature to decode SRTP can only be enabled when mediaproxy-ng is used (that feature is not supported by rtpproxy, but by mediaproxy-ng correct?).
BTW can this feature be enabled easily when mediaproxy-ng is used? Is that enabled using following flags on rtpproxy_offer etc? (*s, S, p, P* - These flags control the RTP transport protocol that should be used towards the recipient of the SDP. If none of them are specified, the protocol given in the SDP is left untouched. Otherwise, the "S" flag indicates that SRTP should be used, while "s" indicates that SRTP should not be used. "P" indicates that the advanced RTCP profile with feedback messages should be used, and "p" indicates that the regular RTCP profile should be used. As such, the combinations "sp", "sP", "Sp" and "SP" select between RTP/AVP, RTP/AVPF, RTP/SAVP and RTP/SAVPF, respectively.)
Thanks Albert
2016-06-01 12:18 GMT+02:00 Albert Petit albert.petit@genaker.net:
Hi list
I have installed a newer version of rtpproxy (2.0) in our development server , i was happy because it brings lot of performance improvements
However i have found an issue when clients use TLS+SRTP
In that scenario i do not want rtpproxy to decrypt/reencrypt the traffic as my B2BUA does that or in some scenarios we do plan to add end to end encryption. RTPProxy 1.X was doing that perfectly
Instead since i use rtpproxy 2.0 all SRTP and SRTCP traffic is decrypted by rtpproxy and i receive it clear in the B2BUA
How can i disable this new feature and that rtpproxy just keeps sending the received SRTP/SRTCP stream without decrypting it?
We don't support SRTP de/re-encryption at this point, neither in master nor in 2.0. The work to add it is underway, but we are not quite there yet. Pass-through mode should be working fine though, we've tested it recently specifically. On Jun 7, 2016 12:27 PM, "Albert Petit" albert.petit@genaker.net wrote:
Hi ,
Sorry for previous question. Finally it seems i got confused because traffic my UA was sending was not properly encrypted .Then when doing server tcpdump wireshark was seeing it still as RTCP (and not SRTCP) when jumping on rtpproxy :-) When fixed problem in user agent all traffic is SRTCP and rtpproxy just bridges it to the destination.
I was thinking of some interaction because new feature at https://github.com/sipwise/mediaproxy-ng ( (Bridging between RTP and SRTP user agents) but i understand this feature to decode SRTP can only be enabled when mediaproxy-ng is used (that feature is not supported by rtpproxy, but by mediaproxy-ng correct?).
BTW can this feature be enabled easily when mediaproxy-ng is used? Is that enabled using following flags on rtpproxy_offer etc? (*s, S, p, P* - These flags control the RTP transport protocol that should be used towards the recipient of the SDP. If none of them are specified, the protocol given in the SDP is left untouched. Otherwise, the "S" flag indicates that SRTP should be used, while "s" indicates that SRTP should not be used. "P" indicates that the advanced RTCP profile with feedback messages should be used, and "p" indicates that the regular RTCP profile should be used. As such, the combinations "sp", "sP", "Sp" and "SP" select between RTP/AVP, RTP/AVPF, RTP/SAVP and RTP/SAVPF, respectively.)
Thanks Albert
2016-06-01 12:18 GMT+02:00 Albert Petit albert.petit@genaker.net:
Hi list
I have installed a newer version of rtpproxy (2.0) in our development server , i was happy because it brings lot of performance improvements
However i have found an issue when clients use TLS+SRTP
In that scenario i do not want rtpproxy to decrypt/reencrypt the traffic as my B2BUA does that or in some scenarios we do plan to add end to end encryption. RTPProxy 1.X was doing that perfectly
Instead since i use rtpproxy 2.0 all SRTP and SRTCP traffic is decrypted by rtpproxy and i receive it clear in the B2BUA
How can i disable this new feature and that rtpproxy just keeps sending the received SRTP/SRTCP stream without decrypting it?
-- Albert Petit Agile Software Architect http://www.linkedin.com/in/albertpv GENAKER - Esi Mobile Solutions SL www.genaker.net Phone +34 932 422 885
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Albert Petit -
Daniel-Constantin Mierla -
Maxim Sobolev