[asterisk-users] Questions regarding ICE and STUN with Asterisk
Kirill Marchuk
62mkv at mail.ru
Fri Mar 18 05:53:28 CDT 2016
Well, after a more specific research I came to 2 conclusions:
1) no need to specify "stunaddr" option in Asterisk configs in this
case, as we know that host definitely has a public IP
2) as of the inclusion of all local IP-addresses as candidates, this is
(apparently) done in "rtp_add_candidates_to_ice" function of
res_rtp_asterisk.c, where it has a code:
/* Add all the local interface IP addresses */
..
And as fas as I can tell from basic ICE overview [1], this should NOT
prevent proper session functioning, as long as candidate pairs
(local/remote) are checked for connectivity first.
Still, I would think it to be useful, to have an option to EXCLUDE local
IP-addresses from using as local candidates.
What does the community think on this ?
Thanks
Kirill Marchuk
[1] https://trac.pjsip.org/repos/wiki/Using_Standalone_ICE
18.03.2016 14:37, Kirill Marchuk пишет:
> Hi everyone
>
> I would like to get some help and clarification from the experienced
> ones, upon the following:
>
> - we're using Asterisk 13.7.0, that is deployed on a host, that has a
> public IP *and* a couple of gray IPs (192.168.x.x & 10.10.x.x)
>
> - we're using WebRTC web-page (jsSIP) as a client
>
> Which is the proper setup of ICE/STUN related config (on the Asterisk
> and on the client) for the most reliable work in most cases ?
>
> For example, now we're trying to use our own STUN server (from
> Debian's "stund" package), whose documentation says "You have to have
> 2 different public IPs on the same server in order to run STUN server"
>
> Is it really so? and what are the implications of using it with only
> one IP (which is possible, at least it runs seemingly well without that)
>
> On the client side, we've configured jsSIP.UA to use our own STUN
> server via "pcConfig" object
>
> On Asterisk, we have icesupport=yes both in sip.conf and rtp.conf.
> We've also enabled stunaddr=stun.l.google.com:19302 in rtp.conf.
>
> Is it proper solution for this case ?
>
> When I inspect SIP packets, I see that there are ICE candidates in
> both offers and answers. BUT: SDP bodies in the packets from server to
> client contain "gray" IPs of the Asterisk host:
>
> a=ice-ufrag:636c49c84158d2b45840291c6724c0f9
> a=ice-pwd:6b012c01092ec01275964eaa55a8784b
> a=candidate:H904cc6da 1 UDP 2130706431 144.76.x.y 51604 typ host
> a=candidate:Ha0a0202 1 UDP 2130706431 10.10.2.2 51604 typ host
> a=candidate:S904cc6da 1 UDP 1694498815 144.76.x.y 51604 typ srflx
> raddr 144.76.x.y rport 51604
> a=candidate:H904cc6da 2 UDP 2130706430 144.76.x.y 51605 typ host
> a=candidate:Ha0a0202 2 UDP 2130706430 10.10.2.2 51605 typ host
> a=candidate:S904cc6da 2 UDP 1694498814 144.76.x.y 51605 typ srflx
> raddr 144.76.x.y rport 51605
>
> I am afraid it might be a potential problem, when a client will have
> his private IP in similar subnets. Or am I wrong here ?
>
> So far we are not experiencing any issues, but this seems to be
> alarming..
>
> Can this behaviour (namely, which IP addresses does Asterisk include
> into SDPs body) be configured somehow ?
>
> Many thanks for any help with this question..
>
> Kirill Marchuk
More information about the asterisk-users
mailing list