[asterisk-users] Questions regarding ICE and STUN with Asterisk

Kirill Marchuk 62mkv at mail.ru
Fri Mar 18 05:53:28 CDT 2016


Well, after a more specific research I came to 2 conclusions:

1) no need to specify "stunaddr" option in Asterisk configs in this 
case, as we know that host definitely has a public IP

2) as of the inclusion of all local IP-addresses as candidates, this is 
(apparently) done in "rtp_add_candidates_to_ice" function of 
res_rtp_asterisk.c, where it has a code:
     /* Add all the local interface IP addresses */
..

And as fas as I can tell from basic ICE overview [1], this should NOT 
prevent proper session functioning, as long as candidate pairs 
(local/remote) are checked for connectivity first.

Still, I would think it to be useful, to have an option to EXCLUDE local 
IP-addresses from using as local candidates.

What does the community think on this ?

Thanks

Kirill Marchuk

[1] https://trac.pjsip.org/repos/wiki/Using_Standalone_ICE

18.03.2016 14:37, Kirill Marchuk пишет:
> Hi everyone
>
>  I would like to get some help and clarification from the experienced 
> ones, upon the following:
>
> - we're using Asterisk 13.7.0, that is deployed on a host, that has a 
> public IP *and* a couple of gray IPs (192.168.x.x & 10.10.x.x)
>
> - we're using WebRTC web-page (jsSIP) as a client
>
> Which is the proper setup of ICE/STUN related config (on the Asterisk 
> and on the client) for the most reliable work in most cases ?
>
> For example, now we're trying to use our own STUN server (from 
> Debian's "stund" package), whose documentation says "You have to have 
> 2 different public IPs on the same server in order to run STUN server"
>
> Is it really so? and what are the implications of using it with only 
> one IP (which is possible, at least it runs seemingly well without that)
>
> On the client side, we've configured jsSIP.UA to use our own STUN 
> server via "pcConfig" object
>
> On Asterisk, we have icesupport=yes both in sip.conf and rtp.conf. 
> We've also enabled stunaddr=stun.l.google.com:19302 in rtp.conf.
>
> Is it proper solution for this case ?
>
> When I inspect SIP packets, I see that there are ICE candidates in 
> both offers and answers. BUT: SDP bodies in the packets from server to 
> client contain "gray" IPs of the Asterisk host:
>
> a=ice-ufrag:636c49c84158d2b45840291c6724c0f9
> a=ice-pwd:6b012c01092ec01275964eaa55a8784b
> a=candidate:H904cc6da 1 UDP 2130706431 144.76.x.y 51604 typ host
> a=candidate:Ha0a0202 1 UDP 2130706431 10.10.2.2 51604 typ host
> a=candidate:S904cc6da 1 UDP 1694498815 144.76.x.y 51604 typ srflx 
> raddr 144.76.x.y rport 51604
> a=candidate:H904cc6da 2 UDP 2130706430 144.76.x.y 51605 typ host
> a=candidate:Ha0a0202 2 UDP 2130706430 10.10.2.2 51605 typ host
> a=candidate:S904cc6da 2 UDP 1694498814 144.76.x.y 51605 typ srflx 
> raddr 144.76.x.y rport 51605
>
> I am afraid it might be a potential problem, when a client will have 
> his private IP in similar subnets. Or am I wrong here ?
>
> So far we are not experiencing any issues, but this seems to be 
> alarming..
>
> Can this behaviour (namely, which IP addresses does Asterisk include 
> into SDPs body) be configured somehow ?
>
> Many thanks for any help with this question..
>
> Kirill Marchuk




More information about the asterisk-users mailing list