[asterisk-bugs] [JIRA] (ASTERISK-27605) ICE: Not configurable for externhost (chan_sip) / external_media_address (chan_pjsip).

Alexander Traud (JIRA) noreply at issues.asterisk.org
Sun Jan 21 09:57:49 CST 2018 

Alexander Traud created ASTERISK-27605:
------------------------------------------

             Summary: ICE: Not configurable for externhost (chan_sip) / external_media_address (chan_pjsip).
                 Key: ASTERISK-27605
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27605
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: Channels/chan_pjsip, Channels/chan_sip/Interoperability
    Affects Versions: 15.2.0, 13.19.0
         Environment: IPv6
            Reporter: Alexander Traud
            Severity: Critical


In Asterisk, ICE candidates are determined automatically, after setting
* {{icesupport=yes}} in the configuration file _sip.conf_ for the SIP channel driver _chan_sip_
* {{ice_support=yes}} in the configuration file _pjsip.conf_ for the SIP channel driver _chan_pjsip_

Furthermore, Asterisk allows
* {{externhost=example.com}} (sip.conf)
* {{external_media_address=example.com}} (pjsip.conf)
to set a fully-qualified domain-name (FQDN). With this, Asterisk can be used with a dynamic IP address, Asterisk resolves its global IPv4 address via DNS-A and this FQDN.

To use ICE in that case, one could go for a public STUN server in _rtp.conf_, like
{code}[general]
stunaddr=stun.l.google.com:19302{code}

However, this has two drawbacks:
# the NAT internal IPv4 address is mentioned in SDP as host ICE candidate
# the result of the STUN server is a server-reflexive ICE candidate (srflx)
Some user-agent clients (UACs; namely Linphone) pick the srflx even if a IPv6 based host ICE candidate is available. That can lead to IPv6 on the signaling layer (SIP) and IPv4 on the media layer (RTP). In such a case, Asterisk uses IPv6 on SIP and RTP. The UAC sends its media via IPv6 and expects to receive media via IPv4. Therefore, the UAC did not punch a possible NAT and all RTP packets from Asterisk are dropped by the NAT; a one-way audio scenario.

Another alternative is to blacklist all local IP addresses in _rtp.conf_:
{code}[general]
todo{code}However, this has one drawback:
Asterisk does not determine srflx at all and only IPv6 are advertised. Some UACs (namely pjsua of PJProject) think that the Asterisk is not reachable via IPv4 (on the RTP layer) at all; the call is not established.

Another alternative is to override/replace the advertised IPv4 based host candidate:
{code}[ice_host_candidates]
todo{code}However, this has one drawback:
Because the IPv4 changes dynamically, one would like to specify the FQDN as replacement here. This is not supported by Asterisk, only IP addresses work as replacement.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list