[asterisk-users] Questions regarding ICE and STUN with Asterisk
Kirill Marchuk
62mkv at mail.ru
Fri Mar 18 03:37:14 CDT 2016
Hi everyone
I would like to get some help and clarification from the experienced
ones, upon the following:
- we're using Asterisk 13.7.0, that is deployed on a host, that has a
public IP *and* a couple of gray IPs (192.168.x.x & 10.10.x.x)
- we're using WebRTC web-page (jsSIP) as a client
Which is the proper setup of ICE/STUN related config (on the Asterisk
and on the client) for the most reliable work in most cases ?
For example, now we're trying to use our own STUN server (from Debian's
"stund" package), whose documentation says "You have to have 2 different
public IPs on the same server in order to run STUN server"
Is it really so? and what are the implications of using it with only one
IP (which is possible, at least it runs seemingly well without that)
On the client side, we've configured jsSIP.UA to use our own STUN server
via "pcConfig" object
On Asterisk, we have icesupport=yes both in sip.conf and rtp.conf. We've
also enabled stunaddr=stun.l.google.com:19302 in rtp.conf.
Is it proper solution for this case ?
When I inspect SIP packets, I see that there are ICE candidates in both
offers and answers. BUT: SDP bodies in the packets from server to client
contain "gray" IPs of the Asterisk host:
a=ice-ufrag:636c49c84158d2b45840291c6724c0f9
a=ice-pwd:6b012c01092ec01275964eaa55a8784b
a=candidate:H904cc6da 1 UDP 2130706431 144.76.x.y 51604 typ host
a=candidate:Ha0a0202 1 UDP 2130706431 10.10.2.2 51604 typ host
a=candidate:S904cc6da 1 UDP 1694498815 144.76.x.y 51604 typ srflx raddr
144.76.x.y rport 51604
a=candidate:H904cc6da 2 UDP 2130706430 144.76.x.y 51605 typ host
a=candidate:Ha0a0202 2 UDP 2130706430 10.10.2.2 51605 typ host
a=candidate:S904cc6da 2 UDP 1694498814 144.76.x.y 51605 typ srflx raddr
144.76.x.y rport 51605
I am afraid it might be a potential problem, when a client will have his
private IP in similar subnets. Or am I wrong here ?
So far we are not experiencing any issues, but this seems to be alarming..
Can this behaviour (namely, which IP addresses does Asterisk include
into SDPs body) be configured somehow ?
Many thanks for any help with this question..
Kirill Marchuk
More information about the asterisk-users
mailing list