Return to LanScape's home page Go back a page...       Active TopicsActive Topics   Display List of Forum MembersMember List   Knowledge Base SearchSearch   HelpHelp  RegisterRegister  LoginLogin

SIP Proxy and Media Proxy - Pre-Sales Technical Support
 LanScape Support Forum -> SIP Proxy and Media Proxy - Pre-Sales Technical Support
Subject Topic: Encrypt SIP message Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: June 20 2009 at 9:32am | IP Logged Quote John

Hi Randal,
I want Encrypt SIP message between Softphone & Centrix.
please guide me.

Best regrads
Back to Top View John's Profile Search for other posts by John
 
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: June 23 2009 at 3:37am | IP Logged Quote John

Hi Randal,
I'm still waiting for your response.
If possible can quickly answer

Best regards.
Back to Top View John's Profile Search for other posts by John
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: June 25 2009 at 12:48pm | IP Logged Quote support

Hello John,

Excuse the delay. Its very busy here…

SIP Proxy - Enabling the plug-in DLL:
The LanScape Centrex SIP proxy will allow you to encrypt/decrypt SIP messages if you have the Enterprise version of the SIP proxy and you enable the optional plug-in dll.

To access the SIP messages the SIP proxy uses, you can enable the custom plug-in DLL that comes along with the SIP proxy. You get the full source code for this DLL with the proxy product.

To configure the proxy to use the plug-in DLL, use the main tool bar and go to:

Configure->Proxy Server Settings

And select the “Custom Plug-In” settings property page.

Check the “Enable Plug In DL” checkbox and then specify the full path to your plug-in DLL. You can also see the SIP proxy compiled HTML help file on how to enable the plug-in DLL.


SIP Proxy - Rebuilding the plug-in DLL:
The example DLL that comes with the proxy, doesn’t do too much. Its only an example. See the help file for the “Proxy Plug-in API” section.

You can modify the complete source code for the DLL as you require. Using the DLL, you can modify all received and transmitted SIP messages as you require.

The documentation for the plug-in dll is the source code. The main API header file is called DllApi.h. It contains the definitions for the required DLL exported procedure the SIP proxy requires.

The source module “ExportedFunctions.cpp” contains the implementations for the required DLL exported procedures. Make sure to review this module.

To perform SIP message encryption/decryption, you will be interested in the exported procs:

SipMessageReceived()
SipMessageTransmitting()

Take a look at the source code to see how to access the SIP message buffers and how to change them.

Soft Phone – SIP message encryption using the VOIP Media Engine:
If you want to build your soft phone using our VOIP Media Engine, you can.

You can use one of our sample soft phones (the single line or 2 line sample soft phones) as a stating point. Modify the source code and change the GUI in the sample as you require.

To allow your soft phone to access all received and transmitted SIP messages, your app can process the SipModifySipMessage immediate event. This event allows your app to access and change all received and ready-to-be-transmitted SIP messages. You can perform all of your SIP message encoding and decoding in your SipModifySipMessage event handler.

I hope this information helps… at least as a starting point.

Repost if I have missed something or if you have other questions.

Thanks John,

Randal

Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: June 30 2009 at 1:10am | IP Logged Quote John

Hi Randal,
thanks for answer,
I implement custom dll & work great.
i have a problem with ModifySipMessage in MediaEngine
I change first 20 character from sip message. similar follow:
I change:
REGISTER sip:xx.xxx.
To:
SFHJTUFS!tjq;78/336/
this work & send to proxy(custom dll) & proxy send answer(SIP/2.0 401 Unauthorized)

But after change this:
REGISTER sip:xx.xx.xx.xx SIP/2.0
Via: SIP/2.0/UDP xx.xx.xx:5061;rport;branch=z9hG4bK11f141f2
From: <sip:301@xx.xx.xx.xx>;tag=11f16431
To: <sip:301@xx.xx.xx.xx>
Call-Id: bba86d57-2ab2-4279-a6d0-6a0677f99c98-00001d94@213.207.222.24 0
CSeq: 15546855 REGISTER
Authorization: Digest algorithm=md5,nonce="59a898ddfbbb8c1cd116783470e7f48e",opaqu e="aaabd76d249b6942cc269eea2e62b2d6",realm="xxxx.xxxt",respo nse="d40a4a7300aebbf3fdc7726b5ca7210b",uri="sip:xx.xx.xx.xx" ,username="301"
Expires: 3600
Max-Forwards: 70
Contact: <sip:301@xx.xx.xx.xx:5061>;user=phone
Content-Length: 0

To:(only change 20 first character):
SFHJTUFS!tjq;78/336/
....
....
Sip Message not send to proxy

please explain about ModifySipMessage(in MediaEngine).
How much I changed the message on I do?
also
Back to Top View John's Profile Search for other posts by John
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: July 01 2009 at 11:26am | IP Logged Quote support

Hello John,

Thanks for your post.

The second REGISTER request that you “encode” should be sent to the proxy. I don’t think you are doing anything wrong. We will have to investigate to see what is happening.

Item 1:
If possible, can you determine if the second encoded REGISTER request is actually being sent from the media engine? A good way to do this is to simply get a Wireshark network capture and send that to me. We need to determine if the media engine is transmitting the second REGISTER at all or if it is sending the second REGISTER to some other bogus network ip:port location.

Another way to get this information is to enable SIP logging in the media engine. We should be able to then examine the SIP log for the proper information.


Item 2:
Explanation of the ModifySipMessage() API procedure:

The ModifySipMessage() API procedure is very simple to use. When your VOIP application processes the SipModifySipMessage immediate event that is sent to your application, your application can call the ModifySipMessage() API procedure to change the SIP message however it wants. The API docs for this proc pretty much explain it all. Please ask further questions if something is unclear.


Item 3:
Make sure the media engine does not ignore your modified SIP message that will be transmitted:

You must make sure that when you process the SipModifySipMessage immediate event that you set to FALSE (zero) the IgnoreSipMessage member of the SIP_MESSAGE_IMMEDIATE_DATA data structure. This structure member must remain FALSE (zero) in order for the media engine to transmit your modified SIP message.


Item 4:
Question regarding the use of trial software:

Has your group purchased software from us or are you testing your VOIP solution with trial LanScape software?


Item 5:
We have created a support FTP account for you to use. We can use it to exchange data between us. I will send you the login info via email shortly.


Thank you,


Randal


Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: July 01 2009 at 1:54pm | IP Logged Quote John

Hi Randal,
Thanks for answer.
Item 1:
I already had test with wireshark & Media Engine Log system.
Unfortunately information is not stored in SIP Log file(for second encoded REGISTER)
Also, it is not seen in wireshark,
I'm sure that will not Send(second register)
Item 2
Working with this command is very convenient.
my question is,
What restrictions on how to change messages are there?
Because when I change all messages I'm done(encode entire sip message), Media Engine send unkown sip message
Item 3
Yes, I sure
Item 4
We purchased Centerix(Enterprise) & Voip MediaProxy(Enterprise)
& Use Media Engine(5, 12, 3, 30)
Item 5
Thank you so much from your kind

Best Regards
John
Back to Top View John's Profile Search for other posts by John
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: July 02 2009 at 9:55am | IP Logged Quote support

Hello John,

That was good information in your last post. Thank you.

I had no idea you were using such an “old” VOIP media engine version (v5.12.3.30). That version is pretty old. It may be possible that a bug existed in that version regarding SIP message modifications when using the ModifySipMessage() API procedure.

Item 1: Media Engine License:
Who is your media engine licensed to? (company name and person).

Item 2: Re-licensing the latest media engine version:
Last November 2008 we started shipping “Release 6” media engine. The current version that is available as of this posting is v6.0.0.15.

You should really consider re-licensing the latest media engine version. The main reason is because there are many great enhancements and bug fixes that have been introduced over the last 1 to 2 years. Also, there are a large number of SIP interoperability issues resolved when using the media engine with other vendor’s VOIP equipment. We have a tough time supporting old version so getting your group to the latest version will probably remove many issues for you and make our support effort more effective.

Here is a link to the version info for the media engine. Notice all the changes:
http://www.lanscapecorp.com/ProductPages/VOIP%20Media%20Engi ne%20Version%20History.htm

Please consider re-licensing to Release 6 media engine. We can get you a new product image as soon as you are ready to place your order

Thank you,


Randal


Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: July 05 2009 at 4:09pm | IP Logged Quote John

Hi Randal,
I also test with new version (6.0.0.15(trial)).
But exactly the same problem occurs.
I change your sample code(SingleLinePhone(vc++ 6.0)):
in Received messages section:

Code:

    NewSipMessage += pFromHeaderLine;

    //my code
    NewSipMessage.Replace("R:p:", "SIP/2.0 401 Unauthorized");




now modify the SIP message the Media Engine will process.

Code:

    // & in Send Messages section(I Add):
    NewSipMessage += pFromHeaderLine;
                                   
    //my code
    NewSipMessage.Replace("REGISTER sip:", "R:s:");



also i changed dll custom(in centrix) for parse these codes(in dll act reverse for example change "R:s:" to "REGISTER sip:").

But no time code containing information identifying not send(second register): (follow code)

Code:

REGISTER sip:xx.xx.xx.xx SIP/2.0 
Via: SIP/2.0/UDP xx.xx.xx:5061;rport;branch=z9hG4bK11f141f2 
From: <sip:301@xx.xx.xx.xx>;tag=11f16431 
To: <sip:301@xx.xx.xx.xx> 
Call-Id: bba86d57-2ab2-4279-a6d0-6a0677f99c98-00001d94@213.2 07.222.24 0 
CSeq: 15546855 REGISTER 
Authorization: Digest algorithm=md5,nonce="59a898ddfbbb8c1cd 116783470e7f48e",
 opaque="aaabd76d249b6942cc269eea2e62b2d6",
 realm="xxxx.xxxt",
 response="d40a4a7300aebbf3fdc7726b5ca7210b",
 uri="sip:xx.xx.xx.xx" ,username="301" 
Expires: 3600 
Max-Forwards: 70 
Contact: <sip:301@xx.xx.xx.xx:5061>;user=phone 
Content-Length: 0 



I checked also with wireshark,
only first register is send

Best Regards.
John


Back to Top View John's Profile Search for other posts by John
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: July 06 2009 at 10:58am | IP Logged Quote support

Hello John,

OK… good. I will use your latest information and look into this further.

I will repost as soon as we find something.

Best,


Randal


Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: July 06 2009 at 12:31pm | IP Logged Quote support

Hi John,

I put together a bit of test code based on what you described in your last post.

When modifying SIP message content, VOIP apps have to be very careful. What you are attempting to do is confusing the internal media engine SIP parser and registration state logic. I want to pass along to you some additional information that should help us out.

The rules regarding encrypting/decrypting SIP messages:

1)
The media engine will allow your VOIP app to modify any SIP message.

2)
If you want to encode SIP messages before they get transmitted, the best way to do this is to modify the SIP messages as you require and then base64 encode them before allowing the media engine to default process the encoded SIP messages.

3)
The media engine assumes any SIP message containing a “Call-ID:” header is not encoded and will try to process the SIP message as normal. In your case, this is causing the issue. The normal SIP processing does not know how to handle your encoded REGISTER request headers.

4)
If you do not want to use base64 encoding/decoding as part of your SIP encode/decode scheme, simply alter “Call-ID:” headers to some other name and you will get the results you need. For example, when you encode your SIP message request headers, also be sure to change the “Call-ID:” header in the same SIP message to something else like “x-Encoded-Call-ID:”. This will force the media engine to handle the processing of your encoded SIP message differently.

Remember – as long as you make your required changes to the SIP messages AND change the “Call-ID:” header, all should be fine. Don’t forget to perform the reverse encoding (i.e. decoding) in the “custom user DLL” at your LanScape Centrex SIP proxy server.

Repost when you have further info.

Thank you,


Randal


Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: July 08 2009 at 1:19pm | IP Logged Quote John

Hi Randal,
thanks for answer
I add follow code before ModifySipMessage(in singleline phone example):
Code:

NewSipMessage.Replace("Call-ID:", "xCallx-IDx:");
for(i=0;i<=25;i++)     
  {
    NewSipMessage.SetAt(i, NewSipMessage.GetAt(i) + 1);
  }


After adding this code in the program, Almost everything was done(registring)
but, after call start(in Centrix) show two line(Error parsing) for follow message:

SIP/2.0 100 Trying
Via: SIP/2.0/UDP xx.xx.xx.xx:5060;received=xx.xx.xx.xx;branch=z9hG4bKf798b498 5efd51441b27f5997df8b20f0.0
Via: SIP/2.0/UDP 192.168.1.2:5060;received=xx.xx.xx.77;rport=5060;branch=z9hG 4bK0075806c
x-MyCustomHeader: "This is a modified transmitted SIP message."
From: 305 <sip:305@xxxxxxxx.xxx>;tag=757b2a
To: <sip:300@telcenter.net>
Call-ID: 2542bf52-f4ec-4960-94c9-5c4eeac97f1c-00000be8@192.168.1.2
CSeq: 7713709 INVITE
User-Agent: LanScape VOIP Media Engine/6.0.0.15 (www.LanScapeCorp.com - This is a trial version not for general deployment)
x-VOIP-SDK: LanScape VOIP Media Engine/6.0.0.15 (www.LanScapeCorp.com - This is a trial version not for general deployment)
Content-Length: 0

& after click on connect call, terminate call(in destination & starter not undrestand that call disconnected)

Best Regards
John
Back to Top View John's Profile Search for other posts by John
 
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: July 09 2009 at 1:10am | IP Logged Quote John

I wish complete the previous post

I add before modify sip message received:
Code:

NewSipMessage.Replace("Call-ID:", "xCallx-IDx:"); 
for(i=0;i<=25;i++)      
  { 
    NewSipMessage.SetAt(i, NewSipMessage.GetAt(i) - 1); 
  } 


& add before send modify sip message:
Code:

NewSipMessage.Replace("Call-ID:", "xCallx-IDx:"); 
for(i=0;i<=25;i++)      
  { 
    NewSipMessage.SetAt(i, NewSipMessage.GetAt(i) + 1); 
  } 


After adding the codes,
registration is ok, But the possibility of establishing a completely no contact
after answer call(in Phone Line Notification)
select "SipInviteAckNotReceived"
I try use ConnectIncomingCallWithoutInviteAck but Did not affect

Best Regards.
John
Back to Top View John's Profile Search for other posts by John
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: July 09 2009 at 1:32pm | IP Logged Quote support

Hello John,

I will be back tomorrow morning to answer your last post. Please excuse the delay and thank you for your patience.


Randal


Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: July 10 2009 at 4:07pm | IP Logged Quote support

Hi John,

Sorry for the delay. We have not had a chance to test your last problem description.

To speed things up, is it possible for you to upload to your LanScape support FTP account the source code for your complete LanScape Centrex SIP proxy extension DLL and the sample single line soft phone app you are using?

If you can do this, it will really speed up our ability to see what is occurring so we can get it solved.

Thank you,


Randal


Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: July 11 2009 at 1:20am | IP Logged Quote John

I try to send single phone line & custom dll but i get error message(in FileZilla):
Response:     550 Permission denied.
Error:             Critical error
Course, Login successfully get logged
also, you can change single phone line similar previous post & register in (telcenter.net:5060 proxy with username:300 & pass:123)
Back to Top View John's Profile Search for other posts by John
 
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: July 11 2009 at 1:22am | IP Logged Quote John

John wrote:
I try to send single phone line & custom dll but i get error message(in FileZilla):
Response:     550 Permission denied.
Error:             Critical error
Course, Login successfully get logged
also, you can change single phone line similar previous post & register in (telcenter.net:5060 proxy with username:300 & pass:123)

I forget the username for you to write the second
username:301, pass:123
Back to Top View John's Profile Search for other posts by John
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: July 11 2009 at 10:33am | IP Logged Quote support

John,

Please try to upload the soft phone and DLL projects again. Your FTP support account did not have write access enabled.


Randal

Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: July 11 2009 at 11:51am | IP Logged Quote John

I upload custom Centrex Dll & single phone line(With changes that had already announced).
I used delphi language in my applications.
You can also use our system(telcenter)

John
Back to Top View John's Profile Search for other posts by John
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: July 13 2009 at 12:08pm | IP Logged Quote support

Hello John,

Item 1: Need source code for DLL:
We will need you to upload the entire project (including source code) for the example proxy extension DLL you are using. We need this for debugging your VOIP deployment.

Item 2: Giving proper support:
John, in order to give you proper support, we request that you send us the order number you received when you purchased your LanScape Centrex and media proxy applications. For some reason we cannot verify you as a license holder in our system.

Item 3: Your VOIP media engine license:
Please send us your “CustomerLog.html” file that contains your license information for your VOIP media engine. We need to verify that your group is the license holder. Send the file to “supportgroup” at lanscapecorp.com.

I regret the inconvienence of having to verifying order numbers and license information but we must establish this information so that we can support you properly.

Item 4: Describe your intended deployment:
Please describe your overall VOIP deployment you are trying to achieve. Please be as specific as possible. Of particular importance:

1) Why are you wanting to encode SIP messages?
2) How are you encoding and decoding your SIP messages?

We have other customers that use our SIP proxy/media proxy products along with the VOIP media engine to deploy SIP encoded VOIP domains. Some of them also fully encrypt the RTP media streams. The issues you are having are most likely very simple to resolve.


Thanks,

Randal


Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: July 15 2009 at 1:22am | IP Logged Quote John

Hi Randal,

Item 2:
Order Number is(Centrex and media proxy): 090613-35627

Item 3:
File comments I've posted for you

Item 4:

Q1)Due to fact that VoIP is blocked at some region of middle east, so dialer must have anti-blocking feature
Q2)What a way I know right?

Quote:
We have other customers that use our SIP proxy/media proxy products along with the VOIP media engine to deploy SIP encoded VOIP domains. Some of them also fully encrypt the RTP media streams. The issues you are having are most likely very simple to resolve.

The best way that you please do this for us know, explain the appropriate
Back to Top View John's Profile Search for other posts by John
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: July 15 2009 at 11:38am | IP Logged Quote support

Hi John,

Thank you for your last information.

I think we are having a small communication problem.

Item 1: Your VOIP media engine license:
Please send us your “CustomerLog.html” file that contains your license information for your VOIP media engine. We need to verify that your company is the license holder. Please send the file to “supportgroup” at lanscapecorp.com.

A good solution would be for your company to enter into a one to two month support agreement with us so that we can generate the appropriate C/C++ sample source code for the media engines sample apps and the Centrex SIP proxy so that full SIP message encryption/decryption can be performed. You can then take this sample code as a model and code it up using Delphi or whatever language you like.


Thank you,

Randal


Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 
John
Intermediate
Intermediate


Joined: June 20 2009
Location: United Kingdom
Posts: 12
Posted: July 15 2009 at 12:56pm | IP Logged Quote John

Hi Randal,

I using Trial version(Media Engine) your product.

if this problem be solved, I going to buy this product.

If problem be solved in addition to purchase this product(Media Engine(up to 8 concurrent network phone lines)), We should talk on the support

thank you,
John
Back to Top View John's Profile Search for other posts by John
 
support
Administrator
Administrator


Joined: January 26 2005
Location: United States
Posts: 1666
Posted: July 16 2009 at 11:49am | IP Logged Quote support

Hello John,

Thanks for your last post. I want to let you know in advance that we would very much enjoy working on this VOIP project with your group.

What is your time zone? We are GMT-5.

I do not want to delay your project or slow down your development process but…

You first stated that you are using v5.12.3.30 media engine. We need you to produce your license info for this version because we do not have record of your group as being a valid license holder. This presents a big support problem for us.

You then state that you are now using v6.0.0.15 trial media engine. For trial versions, we offer limited support. For trial products, we can offer advice and answer questions using this forum but we can no longer supply free example source code prior to a customer licensing a product.

The solution:
Seeing you need to eventually license an 8 line VOIP media engine, lets get your new media engine order processed and then we will be able to resolve all your SIP message encryption issues. I can assure you what you want to accomplish is possible when using our proxy products and the media engine product.

Here is a purchase link to the 8 line media engine on our web store:

LanScape VOIP Media Engine™ - Supports up to 8 concurrent network phone lines:
http://www.lanscapecorp.com/Store/pd-69568983.asp?categoryId =0

At this time we will assume that you will need an infinite deployment of your “dialer/softphone” built around the VOIP media engine. This will require an annual license renewal each year. Here is the media engine product page that discusses licensing:

http://www.lanscapecorp.com/ProductPages/LanScapeVoipMediaEn gine.asp

Please see the “Licensing Requirements” section of the above web page for the licensing terms.


You >>>
… If problem be solved in addition to purchase this product(Media Engine(up to 8 concurrent network phone lines)), We should talk on the support.

<<< Randal
Yes, we can determine the proper level of support at anytime. We try to be flexible regarding post-sales support options.

I would prefer that you make your 8 line media engine purchase (renewable each deployment year) and then we get your company into a minimum 2 month short term support agreement that will ensure that we can assist you on delivering your final VOIP solution to your customers.

Please repost if I have missed something.



Thank you,

Randal

Back to Top View support's Profile Search for other posts by support Visit support's Homepage
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum






Contact LanScape Hear what the Lawyers have to say How youm may use this site Read your privacy rights