PJSIP Stun/ICE
I have an asterisk 13 server behind NAT on a dynamic IP Address. It is running the PJSIP Stack It is registering to another asterisk 13 server that is on a Static IP
outside of the firewall at a different location (also on the PJSIP Stack).
How do we implement STUN/ICE on the server behind the dynamic Address. It does not appear to be registering properly without knowing the NAT pubic address. When I manually add external_media_address and external_signaling_address to the pjsipconfig registration seams to work, but knowing that the IP could change really means I need some kind of STUN/ICE similar to what we ran with chan_sip. I can find limited documentation on this, and what I have found does not show how to set a stun server to make the ice_support field work on an endpoint.
Can anyone advise where I could find an answer to this.
Thanks in advance for any ideas you can offer.
Bryant
21 thoughts on - PJSIP Stun/ICE
Bryant Zimmerman wrote:
The res_pjsip module does not currently support an auto-updating mechanism for the external signaling and media address information.
Joshua
Since there is no automated way currently built in to update the external signaling and media address information. Does the realtime pjsip support having the transport contexts section being pulled from a database table?
I was thinking a cron script updating the table and forcing a reload each time an IP address changed might a workable solution.
Thanks Bryant
————————————–
Bryant Zimmerman wrote:
No, once loaded the transports can not be changed.
Joshua
So once a transport is pulled from the transports table in realtime during asterisk startup it can’t get any updates?
Can a new transport be added to the table and the associated endpoints be updated to use the new transport, or are transport types only read at startup across the board?
Thanks
Bryant
————————————–
Bryant Zimmerman wrote:
Transports can only be loaded at startup. This stems from PJSIP not being dynamic with transports (it doesn’t like its environment changed to that degree while in use). I’m afraid if your IP changes you’d have to restart Asterisk when you are using PJSIP.
Bryant,
I have the same problem with dynamic public IPs and PJSIP. What is your idea to solve the problem?
My suggestion would be to write a script that monitors the change, pjsip.transports.conf updated and Asterisk restarts?
Daniel
Daniel
Thank you for your response. I was considering this as well. I have a script that monitors the IP Address now. I was hoping to use the real-time transports table now that alembic creates. I am trying to figure out which pjsip module is responsible for the transports contexts as I need to now configure it in the sorcery.conf file. I thought it would be under the
[res_pjsip] context, but it is not even trying to pull from my transports table when it is there. I am hoping someone will know what module it is in so I can move my configuration under the correct context.
Thanks
Bryant
————————————–
–Apple-Mail=_FB7FF1A6-DD20-48F3-97A4-774092811ADE
Content-Transfer-Encoding: quoted-printable Content-Type: text/plain;
charset=iso-8859-1
Bryant,
that sounds interesting. I am searching for a script which monitors and updates the ip address. Does this your script? Can you share your script with us?
Thanks Daniel
–Apple-Mail=_FB7FF1A6-DD20-48F3-97A4-774092811ADE
Bryant,Content-Transfer-Encoding: 7bit Content-Type: text/html;
charset=iso-8859-1
Thanks
–Apple-Mail=_FB7FF1A6-DD20-48F3-97A4-774092811ADE
JC> This stems from PJSIP not being dynamic with transports (it JC> doesn’t like its environment changed to that degree while JC> in use). I’m afraid if your IP changes you’d have to restart JC> Asterisk when you are using PJSIP.
Wow.
I say this having voted for pjsip over the listed alternatives back when the plan to depricate chan_sip was first floated:
That should have excluded pj from the options. Which of course means there were no reasonable options.
Can ari get around that bug?
Lack of full support for traversing nat makes pjsip worthless for a large number of users. And the whole point of realtime is to have all of the rt config fully dymanic.
If ari cannot avoid that limitation, chan_sip should get full ongoing maintainance until pjsip is fixed.
-JimC
James Cloos wrote:
PJSIP doesn’t like changing existing transports, the NAT functionality is provided by the Asterisk implementation and can’t be reloaded as a side effect due to the heavy handed restriction. With work it could be changed to allow the non low level things to be changed. What you can’t do with PJSIP is create a UDP transport, reload, and have it removed. Once it’s there it is there unless you restart.
ARI is a REST interface to Asterisk, it doesn’t have anything to do with this.
I disagree that it makes it worthless for a large number of users. It’s only within the last few days that a few people have run into this particular issue where they have a public IP address that is changing a lot and PJSIP does not support changing it without a restart. If it were a huge sweeping issue we’d be seeing it more often. If it continues to show up a community member or us (heck maybe even myself in my spare time) may look into implementing it.
The support level for chan_sip has already been changed and was announced long ago. Patches will continue to be accepted for it and community members can support it. We (Digium) are putting our effort towards PJSIP.
Hi JC,
I have the same case as you are my server has static public IP assigned and my client has public dynamic IP address in order to connect them without issue what I did was to setup openvpn in my other side that has public static IP and then the client server asterisk will connect into it and they will communicate with the VPN local IP adresses that I assigned. hope this ‘workaround’ helps
~Cheers
Joshua
I look forward to improvements as time goes on with PJSIP. I have been trying all day to get the Transport objects to pull from a real-time table. The documentation says it is possible, but does not show any examples. I am hoping to have the Transports pulled from the table at asterisk startup and then add additional as necessary. Using reloads to make the new Transports available. I understand the limitation of not being able to change existing and can live with that for now.
Do you know if there is anything special I have to do in the sorcery.conf to make the Transports pull from the real-time side of things. All my other tables are working.
I disagree with the user that things PJSIP is worthless. There are some issues to work out long term, and documentation will get better over time as more of us work with it and contribute back. Thanks for all you have assisted with around PJSIP.
Bryant
————————————–
Bryant Zimmerman wrote:
This is not a configuration I’ve used but I am aware of others doing so. However if you intend to be able to add to the table and then do a reload this won’t work. The reload operation is stopped for transports as I’ve previously stated. If you are starting up and transports aren’t found then this would be an issue, which would need console output and configuration.
JC> I disagree that it makes it worthless for a large number of JC> users. It’s only within the last few days that a few people have run JC> into this particular issue where they have a public IP address that is JC> changing a lot and PJSIP does not support changing it without a JC> restart. If it were a huge sweeping issue we’d be seeing it more JC> often. If it continues to show up a community member or us (heck maybe JC> even myself in my spare time) may look into implementing it.
It is only in the last few days that this discussion occurred. This is not the first mention of problems with using pjsip on dynamic ips.
Most affected users are probably still using chan_sip. Or haven’t even upgraded to 13 yet.
I gave up switching my edge asterisk to pjsip at least twice because I
couldn’t figure out how to configure it properly for a dynamic ip. And I sent a note to one of the lists at least on the 2nd attempt.
That install doesn’t need nat for sip/rtp since it runs on the router, but it does need to handle dynamic ip.
In short, this breaks sip for nearly everyone using asterisk at home and even a lot of businesses.
It may not break it every day, but it is enough to drive a lot of people away from asterisk once they learn of it.
JC> The support level for chan_sip has already been changed and was JC> announced long ago.
had this issue been noted in that announce you’d have received — I
expect — quite a few complaints.
This flies in the face of all of the (very welcome) work which went into supporting reload rather than restart.
Getting pjsip to support changes on a reload would be an acceptable first step.
-JimC
If you open an issue (or give me an already opened one) I can take a look at adding the ability to reload transports.
Just an idea for a work around, Have you thought about putting a proxy between your PBX and the Internet such as openSIPS or Kamilio?
That way you may not need to change your IP inside pjsip, Let your proxy handle it.
I gave up switching my edge asterisk to pjsip at least twice because I
Why does it need to handle dynamic IP?
If you are paying for a business-grade Internet connection, you should get a static IP address — or a block of them — as standard. Maybe you need to change your ISP?
AS> If you are paying for a business-grade Internet connection, you AS> should get a static IP address — or a block of them — as AS> standard. Maybe you need to change your ISP?
In some places (including here) static ip is not affordable.
-JimC
Please create a JIRA issue and let me know what the number is. I’ve just posted a patch for review that allows reloading transports from the command line. I’d like to know what else you actually need.
George
Reloading transports is one critical part and it sounds like you are making headway on that. I have yet to be able to get transports to load from a real-time table using sorcery.conf If I would get the transports pulling from real-time as the (documentation says is possible but I have found no working examples yet) and then be able to reload any changes without forcing a compete asterisk restart. This would allow for a host of options for detecting and updating IP addresses. In the long run it would be nice to be able to tie some kind of stun support for updating the external media and signaling IP addresses.
Thanks
Bryant
————————————–
Patch up for this part which allows transports to be loaded from realtime. https://gerrit.asterisk.org/#/c/2129/
Try it.
Updates will be ignored until the earlier patch (which I now have to refactor slightly) goes in.