[jitsi-users] Jigasi TLS / SRTP


#1

Hi,

Does anyone know what I need to change in sip-communicator to allow Jigasi to connect over TLS to my PBX (Freeswitch - SIP)

Ive tried a few things, such as change connection from 'SIP' to 'SIPS' and 'TLS' but it always seems to connect over UDP without TLS

Thanks


#2

Does anyone know what I need to change in sip-communicator to allow Jigasi to
connect over TLS to my PBX (Freeswitch - SIP)

For TLS:
...acc123.PREFERRED_TRANSPORT=TLS
...acc123.PROXY_ADDRESS=<asterisk-server-name>
...acc123.PROXY_PORT=5061 (assuming the TLS listener is on this port)
...acc123.PROXY_AUTO_CONFIG=false

For SRTP:
#force SRTP
...acc123.SAVP_OPTION=1

#enable media encryption
...acc123.DEFAULT_ENCRYPTION=true

#enable SDES only
...acc123.ENCRYPTION_PROTOCOL.ZRTP=0
...acc123.ENCRYPTION_PROTOCOL.SDES=1
...acc123.ENCRYPTION_PROTOCOL.DTLS-SRTP=2
...acc123.ENCRYPTION_PROTOCOL_STATUS.ZRTP=false
...acc123.ENCRYPTION_PROTOCOL_STATUS.SDES=true
...acc123.ENCRYPTION_PROTOCOL_STATUS.DTLS-SRTP=false

#configure SDES suite
...acc123.SDES_CHIPER_SUITES=AES_CM_128_HMAC_SHA1_80

Ive tried a few things, such as change connection from 'SIP' to 'SIPS' and
'TLS' but it always seems to connect over UDP without TLS

You'd best install Jitsi Desktop, configure and test the SIP account there and copy the settings to Jigasi.

Thanks

Ingo


#3

Thank you - it now works!

For other peoples benefit, I configured on Jitsi Desktop, then copied all the info relevant info over (deleting the data on Jigasi). Relevant info being parts that start with "net.java.sip.communicator.impl.protocol.sip.acc140xxxxxxx"

I did have to add in the following to get it to work

...acc123.PROXY_ADDRESS=<SIP-SERVER-URL>
...acc123.PROXY_PORT=5061 (assuming the TLS listener is on this port)

and also remove the "ENCRYPTED_PASSWORD" line and replace with Jigasi's Base64 version "PASSWORD".

Below is my config that works on Freeswitch.

net.java.sip.communicator.impl.protocol.sip.acc1234xxxx=acc1234xxxx
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.ACCOUNT_UID=SIP\:USER@SERVER-ADDRESS.com
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.AMR-WB/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.DEFAULT_ENCRYPTION=true
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.DEFAULT_SIPZRTP_ATTRIBUTE=false
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.DTMF_METHOD=AUTO_DTMF
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.DTMF_MINIMAL_TONE_DURATION=70
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.PASSWORD=BASE64-PASSWORD
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.ENCRYPTION_PROTOCOL.DTLS-SRTP=2
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.ENCRYPTION_PROTOCOL.SDES=1
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.ENCRYPTION_PROTOCOL.ZRTP=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.ENCRYPTION_PROTOCOL_STATUS.DTLS-SRTP=false
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.ENCRYPTION_PROTOCOL_STATUS.SDES=true
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.ENCRYPTION_PROTOCOL_STATUS.ZRTP=true
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.AMR-WB/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.G722/8000=705
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.G723/8000=150
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.GSM/8000=450
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.H264/90000=1100
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.PCMA/8000=600
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.PCMU/8000=650
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.SILK/12000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.SILK/16000=713
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.SILK/24000=714
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.SILK/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.VP8/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.iLBC/8000=500
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.opus/48000=750
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.red/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.speex/16000=700
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.speex/32000=701
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.speex/8000=352
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.telephone-event/8000=1
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.Encodings.ulpfec/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.FORCE_P2P_MODE=false
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.FORCE_PROXY_BYPASS=false
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.G722/8000=705
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.G723/8000=150
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.GSM/8000=450
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.H264/90000=1100
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.IS_PRESENCE_ENABLED=true
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.KEEP_ALIVE_INTERVAL=25
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.KEEP_ALIVE_METHOD=OPTIONS
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.OPT_CLIST_SERVER_URI=
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.OPT_CLIST_USER=
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.OPT_CLIST_USE_SIP_CREDETIALS=false
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.OVERRIDE_ENCODINGS=false
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.PCMA/8000=600
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.PCMU/8000=650
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.POLLING_PERIOD=30
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.PREFERRED_TRANSPORT=TLS
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.PROTOCOL_NAME=SIP
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.PROXY_AUTO_CONFIG=false
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.PROXY_ADDRESS=SERVER-ADDRESS.com
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.PROXY_PORT=5061
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.SAVP_OPTION=1
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.SDES_CIPHER_SUITES=AES_CM_128_HMAC_SHA1_80,AES_CM_128_HMAC_SHA1_32
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.SERVER_ADDRESS=SERVER-ADDRESS.com
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.SERVER_PORT=5061
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.SILK/12000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.SILK/16000=713
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.SILK/24000=714
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.SILK/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.SUBSCRIPTION_EXPIRATION=3600
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.USER_ID=USER@SERVER-ADDRESS.com
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.VOICEMAIL_CHECK_URI=
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.VOICEMAIL_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.VOICEMAIL_URI=
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.VP8/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.XCAP_ENABLE=false
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.XIVO_ENABLE=false
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.iLBC/8000=500
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.opus/48000=750
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.red/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.speex/16000=700
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.speex/32000=701
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.speex/8000=352
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.telephone-event/8000=1
net.java.sip.communicator.impl.protocol.sip.acc1234xxxx.ulpfec/90000=0

Thanks again

ยทยทยท

On 25 June 2017 at 18:07 Ingo Bauersachs <ingo@jitsi.org> wrote:

> Does anyone know what I need to change in sip-communicator to allow Jigasi to
> connect over TLS to my PBX (Freeswitch - SIP)

For TLS:
...acc123.PREFERRED_TRANSPORT=TLS
...acc123.PROXY_ADDRESS=<asterisk-server-name>
...acc123.PROXY_PORT=5061 (assuming the TLS listener is on this port)
...acc123.PROXY_AUTO_CONFIG=false

For SRTP:
#force SRTP
...acc123.SAVP_OPTION=1

#enable media encryption
...acc123.DEFAULT_ENCRYPTION=true

#enable SDES only
...acc123.ENCRYPTION_PROTOCOL.ZRTP=0
...acc123.ENCRYPTION_PROTOCOL.SDES=1
...acc123.ENCRYPTION_PROTOCOL.DTLS-SRTP=2
...acc123.ENCRYPTION_PROTOCOL_STATUS.ZRTP=false
...acc123.ENCRYPTION_PROTOCOL_STATUS.SDES=true
...acc123.ENCRYPTION_PROTOCOL_STATUS.DTLS-SRTP=false

#configure SDES suite
...acc123.SDES_CHIPER_SUITES=AES_CM_128_HMAC_SHA1_80

> Ive tried a few things, such as change connection from 'SIP' to 'SIPS' and
> 'TLS' but it always seems to connect over UDP without TLS

You'd best install Jitsi Desktop, configure and test the SIP account there and copy the settings to Jigasi.

> Thanks

Ingo

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users