Rtp secure Calls fail if another also has only secure

Discussion in '3CX Phone System - General' started by Arunesh Dutta, Dec 9, 2017.

Thread Status:
Not open for further replies.
  1. Arunesh Dutta

    Joined:
    Sep 9, 2017
    Messages:
    28
    Likes Received:
    0
    Ref:Android 3cx soft phone have pbx express

    Hello

    Have observed if I enable Only secure in rtp I can comfortably place calls when receiver has rtp secure as normal or only secure but if receiver also has only secure in rtp calls fail, kindly guide on this

    Reference doc :: 3cxsoftphone RTP secure https://www.3cx.com/docs/secure-sip/#h.lc9ghio25us5

    As mentioned “Allow Secure”. This will allow Secure RTP and Non Secure RTP, or Only Secure. This will ONLY allow Secure RTP Connections.

    Case1 3cxSoftphone1 (RTP Secure - Only Secure) <---> 3cxSoftphone2 (RTP Secure - Normal/Allow Secure) - Call happens
    Case2 3cxSoftphone1 (RTP Secure - Only Secure) <---->3cxSoftphone1 (RTP Secure - Only Secure) - Call Fails

    I only want to know when both the client have only secure enabled the call is failing

    My concern here is

    As I believe the encryption is happening between client and server with respective handshake.only secure I believe is enabling an encrypted channel,for allow secure as it passes non secure/secure RTP will it generate a secure path based on that moment resources?Why is only secure which only enables a secure pass through fails the communication between parties ?
     
    #1 Arunesh Dutta, Dec 9, 2017
    Last edited: Dec 9, 2017
  2. Ahmad Mustafa Abo Atwan

    Joined:
    Dec 9, 2017
    Messages:
    5
    Likes Received:
    0
    hi
    the problem of firewall
    the ports of rtp must be open in two way
    you can use port forwarding for tunnel 5090 and 5001 it will be help you

    BR
     
  3. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,083
    Likes Received:
    61
    Am confused, you stated (paraphrased)
    1, My phone has only secure for RTP set
    When I place a call to a remote device, the remote device has RTP set to:
    1. normal, the call passes
    2, only secure, the call passes
    3, has ONLY SECURE, the call fails

    2 and 3 are the same condition, but stated with different results.

    There are 3 conditions possible Normal, Allow, Only

    Can you clarify to include the devices in use that are trying to communicate with one another? A wireshark might show the negotiation and why an issue.

    Port 5001 is for HTTPS and has nothing to do with the RTP stream. The 3CX tunnel might (5090), but this is only usable when using a 3CX SBC or client software, but then SRTP is not needed as the tunnel has its own method of securing. .
     
    #3 lneblett, Dec 9, 2017
    Last edited: Dec 9, 2017
  4. Arunesh Dutta

    Joined:
    Sep 9, 2017
    Messages:
    28
    Likes Received:
    0

    Thanks for the message I meant Allow secure in receiver which tends to pass both normal and secure calls to the respective client and only secure which will allow only secure call to pass through..reference info here https://www.3cx.com/docs/secure-sip/#h.lc9ghio25us5 .. But I have seen the case as mentioned below happen

    Case1 3cxSoftphone1 (RTP Secure - Only Secure) <---> 3cxSoftphone2 (RTP Secure - Normal/Allow Secure) - Call happens
    Case2 3cxSoftphone1 (RTP Secure - Only Secure) <---->3cxSoftphone1 (RTP Secure - Only Secure) - Call Fails

    I only want to know when both the client have only secure enabled the call is failing

    My concern here is

    As I believe the encryption is happening between client and server with respective handshake,.only secure I believe is enabling an encrypted channel,and allow secure calls as it passes secure/non secure RTP will it generate a secure path based on that moment resources ?Why is only secure which only enables a secure pass through fails the communication between parties ?
     
    #4 Arunesh Dutta, Dec 9, 2017
    Last edited: Dec 9, 2017
  5. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,083
    Likes Received:
    61
    You might consider doing some testing using wireshark and see how the negotiation is being handled.
     
    NickD_3CX likes this.
Thread Status:
Not open for further replies.