Asterisk Pjsip Webrtc Rtp To Private IP
hi,
i have following topology
PSTN – Asterisk —- internet —– router – jssip client (wss)
Asterisk 13.29.1 on public IP, chan_pjsip for wss, chan_sip/udp for SIP
connection to PSTN
router – public IP/private IP (NAT)
jssip client – private IP – sip over websocket to Asterisk PJSIP
~30% of calls has problem with no audio. reason is that Asterisk is sending RTP to private IP of jssip
SDP looks the same for good call and bad call too
i searched through res_rtp_asterisk.c but i’m not sure where to put DEBUG info about which IP and why Asterisk pick for RTP
any hint?
is it possible debug Asterisk STUN request/response ? or is it hidden in pjsip internals?
Marek
—
10 thoughts on - Asterisk Pjsip Webrtc Rtp To Private IP
ICE is performed using pjnath, which is part of pjproject and not Asterisk itself. Looking at the SDP and the ICE candidates can tell you the possibilities for the paths, and a wireshark capture can show you the actual traffic going back and forth and what is being attempted.
with wireshark i need decrypt traffic every call which is time consuming. get debug from pjnat through asterisk is not possible because of technical reasons or nobody did it?
in my case its strange that ice candidates are the same
good call
v=0
o=- 3669976329745317845 2 IN IP4 127.0.0.1
s=-
t=0 0
a=msid-semantic: WMS EoNIdKcMZvWBLULGqGPJTDe12ujjFEemeapo m=audio 52421 RTP/SAVPF 8 0 101
c=IN IP4 10.2.152.36
a=rtcp:9 IN IP4 0.0.0.0
a
You need to look at the ICE candidates given by Asterisk as well, and ensure that if it is behind NAT it is configured in rtp.conf to do some mapping of candidates, as well as ensuring the firewall is open. The wireshark capture like I said will provide insight into what ICE is doing.
ICE is what is used to figure out the path and determine the IP
address/port to use. If that fails, then it won’t work.
I would also urge you to learn more about the lower level details of WebRTC
if you plan on deploying it. You really need some understanding of ICE/STUN/DTLS-SRTP if deploying, as those are fundamental aspects and stuff doesn’t just work in all cases. Digging into why it’s not working takes you down to those.
Asterisk is on public IP (as described in the first email)
i have 10 years experience in voip, 4 years webrtc in production. i know about ICE/STUN/DTLS-SRTP. yes, not every detail but the basic mechanism
but i confess. i dont understand WHY Asterisk SOMETIMES switches destination IP in RTP. this is not only about ICE. its about RTP engine too which is Asterisk specific
and Asterisk DEBUG is not helping
… going back to read res_rtp_asterisk.c & decrypting pcaps with wireshark
Dne 12/12/2019 v 13:02 Joshua C. Colp napsal(a):
RTP traffic is given to pjnath to send using ICE, if this fails then it uses the c= line. If you don’t see (via ICE) then the fallback has occurred and pjnath didn’t send it via ICE, which most likely means ICE negotiation failed for some reason. ICE and STUN is not encrypted in Wireshark, so it can be seen there easily. You can enable debug in logger.conf to go to console, and also increase the log_level in pjproject.conf to a high amount to see some pjnath messages.
The learning phase doesn’t impact outgoing. It’s for locking on to a source of media so other sources can be ignored, preventing hijacking.
thank you very much. this is exactly whats needed for debug
example output for your info
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 .Added new remote candidate from the request:
2.2.2.2:57536
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 .New triggered check added: 1
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 ..Sending connectivity check for check 1: [1]
1.1.1.1:17728–>2.2.2.2:57536
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 …Check 1: [1] 1.1.1.1:17728–>2.2.2.2:57536: state changed from Waiting to In Progress
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 .Check 1: [1] 1.1.1.1:17728–>2.2.2.2:57536
(nominated): connectivity check SUCCESS
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 .Check 1: [1] 1.1.1.1:17728–>2.2.2.2:57536: state changed from In Progress to Succeeded
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 .Check 1 is successful and nominated
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 .Cancelling check 0: [1]
1.1.1.1:17728–>10.128.3.150:57536 (In Progress)
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 .Check 0: [1] 1.1.1.1:17728–>10.128.3.150:57536:
state changed from In Progress to Failed
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 .ICE process complete, status=Success
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 .Valid list
[Dec 12 15:39:19] DEBUG[2182][C-00000000]: pjproject: >:
icess0x7f5d44081e88 . 0: [1] 1.1.1.1:17728–>2.2.2.2:57536 (nominated, state=Succeeded)
1.1.1.1 is asterisk on “public” ip
2.2.2.2 is router on “public” ip (jssip is behind it on private ip
10.128.3.150)
our specific case
we found problem in customers internet provider
we dont know yet what technology is the problem but “sometimes” respond ip of some core router ( ISP – isp core/edge router ip – customers router ip – customers private ip ) to stun request
pjsproject debug config
pjproject.conf
[startup]
log_level=4
type=startup
btw some examples will be very helpfull
Marek
Dne 12/12/2019 v 14:05 Joshua C. Colp napsal(a):
Examples of what?
examples of “interesting” information like ICE result and howto make
“minimal” configuration of pjproject.conf
i.e.
for debugging app_queue.so
core set debug 5 app_queue.so
for debugging RTP
core set debug 10 rtp_engine core set debug 10 res_rtp_asterisk
rtp set debug on
logger.conf
rtp => debug,verbose(5)
so i mean
in https://github.com/asterisk/asterisk/blob/master/configs/samples/pjproject.conf.sample
by few examples try to explain what usefull info i can get
set
[startup]
log_level=6
type=startup
and dig what’s usefull is not very productive
btw we are using tools like sipcapture.org,voipmonitor.org, callstats.io, elasticsearch+filebeat, … but without informations whats happening inside asterisk is harder to solve problems
Dne 12/12/2019 v 16:00 Joshua C. Colp napsal(a):
Please file an issue[1] with these specific examples and any others so it’s not lost.
[1] https://issues.asterisk.org/jira
https://issues.asterisk.org/jira/browse/ASTERISK-28656
Dne 12/12/2019 v 16:49 Joshua C. Colp napsal(a):