[Snom and No Encryption]

Yes my Motorola has 128 bit encryption, it is a hidden feature of the phone I found when flexing.

[Snom and No Encryption]

Hmmmmmmmm.

 

Well, the only thing that I can think about right now it to use the latest and the greatest, which is currently http://www.pbxnsip.com/download/pbxctrl-2.1.0.2109.exe (see http://wiki.pbxnsip.com/index.php/Installi...#Manual_Upgrade on how to move to that version).

 

 

OK, I have finally got the encryption working. If you add the line transport=tls to your outbound proxy it plays havock with the encryption on Snom 370 but if you just register the Snom to the ip address without the tls line it shows that it offers AES Encryption. I tried it with a call to my mobile which supports secure calls and it encrypted the call ok. So I dont know why the tls line would effect the encryption but it does, you can either have outbound over tcp with tls or outbound over udp with tls or just outbound over tcp but these do not work with encryption, as soon as a line is added to the outbound proxy it cuts out the automatic encryption.

 

Sara.

[Snom and No Encryption]

Are you using TLS? Are you able to see the SIP traffic?

 

The PBX uses SRTP only if TLS has been used.

 

Versions? Of the PBX and of the phones?

 

I use xxx.xxx.xxx:5061;transport=tls on outgoing proxy and yes I have encryption enabled on the Snom 370 phones all with firmware version 7.1.19, the pbxnsip is version 2.0.3.1715 windows. When I use xxx.xxx.xxx:5061;transport=tls it runs over UDP with my VPN OK but when I use sip:xxx.xxx.xxx:5061;transport=tls it does encrypt but I cannot receive any incoming calls.

 

Sara.

[Snom and No Encryption]

I hooked up my three Snom 370 Phones and all have encryption enabled so one would think they would automatically encrypt calls between each of the phones but NO they don't. I did a network scan and could see the unencrypted packets travelling back and forward ready for me to gather statists on the VOIP call and play it back in the clear.

 

I have tried just about everything but to no avail.

 

Sara.

[Incoming TLS on Snom 370]

Hi thanks I think that has actually done the job and the firmware appears to be better as I had a beta version. I will test the incoming calls now to see if they actually can get transfered and let you know.

 

Sara.

 

--------------------------------------------------------------------------------

 

Sent to tls:192.168.1.3:5061 at 20/9/2007 22:15:33:929 (547 bytes):

 

REGISTER sip:192.168.1.3 SIP/2.0

Via: SIP/2.0/TLS 192.168.1.6:1025;branch=z9hG4bK-tml41bj696i3;rport

From: "PBX Gateway" <sip:200@192.168.1.3>;tag=ezdw7g6xl2

To: "PBX Gateway" <sip:200@192.168.1.3>

Call-ID: 3c26702ac79f-0h495mvgwdbu

CSeq: 1 REGISTER

Max-Forwards: 70

Contact: <sip:200@192.168.1.6:1025;transport=tls;line=zq5p1hzm>;q=1.0;flow-id=1;+sip.instance="<urn:uuid:38070bbf-d2cf-4420-90d0-b950ac8255f3>"

User-Agent: snom370/7.1.19

Supported: gruu

Allow-Events: dialog

X-Real-IP: 192.168.1.6

Expires: 86400

Content-Length: 0

 

 

 

 

--------------------------------------------------------------------------------

 

Received from tls:192.168.1.3:5061 at 20/9/2007 22:15:34:391 (462 bytes):

 

SIP/2.0 401 Authentication Required

Via: SIP/2.0/TLS 192.168.1.6:1025;branch=z9hG4bK-tml41bj696i3;rport=1029

From: "PBX Gateway" <sip:200@192.168.1.3>;tag=ezdw7g6xl2

To: "PBX Gateway" <sip:200@192.168.1.3>;tag=41c8826e02

Call-ID: 3c26702ac79f-0h495mvgwdbu

CSeq: 1 REGISTER

User-Agent: pbxnsip-PBX/2.0.3.1715

WWW-Authenticate: Digest realm="192.168.1.3",nonce="b21e2d2e47efc0d2102367c4c8f04ee3",domain="sip:192.168.1.3",algorithm=MD5

Content-Length: 0

 

 

 

 

--------------------------------------------------------------------------------

 

Sent to tls:192.168.1.3:5061 at 20/9/2007 22:15:34:407 (726 bytes):

 

REGISTER sip:192.168.1.3 SIP/2.0

Via: SIP/2.0/TLS 192.168.1.6:1025;branch=z9hG4bK-p5hy1m7sj0xp;rport

From: "PBX Gateway" <sip:200@192.168.1.3>;tag=ezdw7g6xl2

To: "PBX Gateway" <sip:200@192.168.1.3>

Call-ID: 3c26702ac79f-0h495mvgwdbu

CSeq: 2 REGISTER

Max-Forwards: 70

Contact: <sip:200@192.168.1.6:1025;transport=tls;line=zq5p1hzm>;q=1.0;flow-id=1;+sip.instance="<urn:uuid:38070bbf-d2cf-4420-90d0-b950ac8255f3>"

User-Agent: snom370/7.1.19

Supported: gruu

Allow-Events: dialog

X-Real-IP: 192.168.1.6

Authorization: Digest username="200",realm="192.168.1.3",nonce="b21e2d2e47efc0d2102367c4c8f04ee3",uri="sip:192.168.1.3",response="1e0c846356a4845d892ec6a27cb325a2",algorithm=MD5

Expires: 86400

Content-Length: 0

 

 

 

 

--------------------------------------------------------------------------------

 

Received from tls:192.168.1.3:5061 at 20/9/2007 22:15:34:471 (436 bytes):

 

SIP/2.0 200 Ok

Via: SIP/2.0/TLS 192.168.1.6:1025;branch=z9hG4bK-p5hy1m7sj0xp;rport=1029

From: "PBX Gateway" <sip:200@192.168.1.3>;tag=ezdw7g6xl2

To: "PBX Gateway" <sip:200@192.168.1.3>;tag=41c8826e02

Call-ID: 3c26702ac79f-0h495mvgwdbu

CSeq: 2 REGISTER

Contact: <sip:200@192.168.1.6:1025;transport=tls;line=zq5p1hzm>;q=1.0;flow-id=1;+sip.instance="<urn:uuid:38070bbf-d2cf-4420-90d0-b950ac8255f3>";expires=360

Content-Length: 0

 

--------------------------------------------------------------------------------

 

 

EDIT: Nope it did not work. I have to setup two connections one with TLS and one without and this creates a subscription but I am able to receive incoming calls in the clear and make outgoing calls secured. This is a very strange situation indeed.

[Incoming TLS on Snom 370]

mmmmm, in outbound proxy on the phone I used 192.168.1.3:5061;transport=tls - this works fine for outgoing calls. I did notice that when using the vpn calls come in as udp and there is no RTP at all but it still connects to the PBX ok, it is only when I enter the extension number that I get nothing but voice mail or white noise.

 

Here is the sip trace within SNOM 370.

 

 

Sent to udp:192.168.1.3:5061 at 19/9/2007 07:46:25:866 (536 bytes):

 

REGISTER sip:192.168.1.3 SIP/2.0

Via: SIP/2.0/UDP 192.168.1.6:1025;branch=z9hG4bK-tfcna53qu529;rport

From: "PBX Gateway [Out]" <sip:200@192.168.1.3>;tag=hkswm4jdf0

To: "PBX Gateway [Out]" <sip:200@192.168.1.3>

Call-ID: 46f04e1c2aa3-uxatyp7ztyq1

CSeq: 37 REGISTER

Max-Forwards: 70

Contact: <sip:200@192.168.1.6:1025;line=lhieczq4>;flow-id=1;q=1.0;+sip.instance="<urn:uuid:0b939f13-3359-43f4-b5a2-104dbfd43e44>"

User-Agent: snom370/

Supported: gruu

Allow-Events: dialog

X-Real-IP: 192.168.1.6

Expires: 0

Content-Length: 0

 

[Repetitions deleted]

[Incoming TLS on Snom 370]

SNOM 370 can connect ok with 5061;transport=tls but cannot get any calls passed from pbxnsip to extensions. The calls come in ok to pbxnsip but as soon as the user enters the extension pbxnsip cant pass the call, all they hear is white noise.

 

I have been shooting off emails to every man and their dog trying to work this out but Im stumped, can someone please help me set up incoming TLS connections that actually work, I have attached a Snom 370 pcap which clearly shows TLS is working and the other pbxnsip file shows that it clearly doesnt do anything, it goes straight to voice mail. When I use pbxnsip with VPN then call just does not go anywhere. The files are .txt so you will need to change them to .pcap?

 

Regards,

 

Sara Donald

Australia.

pbxnsipwithoutvpn.txt

Snom370TLS.txt