[asterisk-users] Questions regarding ICE and STUN with Asterisk

Kirill Marchuk 62mkv at mail.ru
Fri Mar 18 03:37:14 CDT 2016 

Hi everyone

  I would like to get some help and clarification from the experienced 
ones, upon the following:

- we're using Asterisk 13.7.0, that is deployed on a host, that has a 
public IP *and* a couple of gray IPs (192.168.x.x & 10.10.x.x)

- we're using WebRTC web-page (jsSIP) as a client

Which is the proper setup of ICE/STUN related config (on the Asterisk 
and on the client) for the most reliable work in most cases ?

For example, now we're trying to use our own STUN server (from Debian's 
"stund" package), whose documentation says "You have to have 2 different 
public IPs on the same server in order to run STUN server"

Is it really so? and what are the implications of using it with only one 
IP (which is possible, at least it runs seemingly well without that)

On the client side, we've configured jsSIP.UA to use our own STUN server 
via "pcConfig" object

On Asterisk, we have icesupport=yes both in sip.conf and rtp.conf. We've 
also enabled stunaddr=stun.l.google.com:19302 in rtp.conf.

Is it proper solution for this case ?

When I inspect SIP packets, I see that there are ICE candidates in both 
offers and answers. BUT: SDP bodies in the packets from server to client 
contain "gray" IPs of the Asterisk host:

a=ice-ufrag:636c49c84158d2b45840291c6724c0f9
a=ice-pwd:6b012c01092ec01275964eaa55a8784b
a=candidate:H904cc6da 1 UDP 2130706431 144.76.x.y 51604 typ host
a=candidate:Ha0a0202 1 UDP 2130706431 10.10.2.2 51604 typ host
a=candidate:S904cc6da 1 UDP 1694498815 144.76.x.y 51604 typ srflx raddr 
144.76.x.y rport 51604
a=candidate:H904cc6da 2 UDP 2130706430 144.76.x.y 51605 typ host
a=candidate:Ha0a0202 2 UDP 2130706430 10.10.2.2 51605 typ host
a=candidate:S904cc6da 2 UDP 1694498814 144.76.x.y 51605 typ srflx raddr 
144.76.x.y rport 51605

I am afraid it might be a potential problem, when a client will have his 
private IP in similar subnets. Or am I wrong here ?

So far we are not experiencing any issues, but this seems to be alarming..

Can this behaviour (namely, which IP addresses does Asterisk include 
into SDPs body) be configured somehow ?

Many thanks for any help with this question..

Kirill Marchuk

More information about the asterisk-users mailing list