I’m trying to configure Asterisk 13 to work with webRTC. I installed it like described here and configured it like described here. When i try to call from a browser with sipML5 to another sip user, i get the following error:
When i call from softphone like blink with two instances from demo-bob to demo-alice, the call rings, can be accepted and audio is working. Only calling from browser (sipML5) to e.g. blink does not work. The certificates seem to be valid (except that its self-signed) in the check via openssl. I also tried to remove encryption from the asterisk config to have unencrypted communication, but the error persisted.
Can someone please tell me what is wrong here?
My sip.conf (other configuration is provided in my linked wiki documentation):
[friends_internal](!)
type=friend
host=dynamic
context=from-internal
disallow=all
allow=ulaw
[demo-alice](friends_internal)
secret=demo-alice ; put a strong, unique password here instead
[demo-bob](friends_internal)
secret=demo-bob ; put a strong, unique password here instead
[general]
udpbindaddr=0.0.0.0:5060
realm=192.168.1.91 ;replace with your Asterisk server public IP address or host
transport=udp,ws,wss
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
[6002]
host=dynamic
secret=test2
context=from-internal
type=friend
encryption=yes
avpf=yes
force_avp=yes
icesupport=yes
directmedia=no
disallow=all
allow=ulaw
dtlsenable=yes
;dtlsverify=fingerprint
dtlscertfile=/etc/asterisk/keys/asterisk.pem
dtlscafile=/etc/asterisk/keys/ca.crt
dtlssetup=actpass
rtcp_mux=yes
transport=tls,udp,ws ; Asterisk will allow this peer to register on UDP or WebSockets
dtlsverify=no ; Tell Asterisk to not verify your DTLS certs
[6001]
host=dynamic
secret=test1
context=from-internal
type=friend
encryption=yes
avpf=yes
force_avp=yes
icesupport=yes
directmedia=no
disallow=all
allow=ulaw
dtlsenable=yes
;dtlsverify=fingerprint
dtlscertfile=/etc/asterisk/keys/asterisk.pem
dtlscafile=/etc/asterisk/keys/ca.crt
dtlssetup=actpass
transport=tls,udp,ws ; Asterisk will allow this peer to register on UDP or WebSockets
dtlsverify=no ; Tell Asterisk to not verify your DTLS certs
rtcp_mux=yes
If necessary, i can provide my sip debug log on pastebin, but i wasn’t allowed to paste more than 2 links in one topic
I’m able to start a call from softphone Blink to logged in sipml5 in Chrome, the browser request access to microphone and then the call is terminated. The other way, calling from SipML5 to Blink result in the above stated error.
It appears as though your “demo-alice” configuration is incomplete or incorrect. I’d suggest providing it against ensuring that the “Preformatted Text” button is used for it. You should also verify that it contains all of the WebRTC specific options set to what they should be (like 6002 and 6001 is).
You need to rename 6001 or 6002 to be “demo-alice” and remove the other “demo-alice” entry. As it is you have a “demo-alice” endpoint configured with no WebRTC, only 6001 and 6002 have WebRTC stuff enabled.
Ok, looks like i got confused with number and sip users. also some tutorials used pjsip, but i have to use chan_sip. I will try later when i’m back home, thanks!
Ok, i renamed “6001” to “demo-alice” and “6002” to “demo-bob”. “demo-bob” is online via Blink softphone and “demo-alice” is connected via SipML5 in Chrome. Unfortunately i’m still getiing the same error.
My sip.conf is now:
[friends_internal](!)
type=friend
host=dynamic
context=from-internal
disallow=all
allow=ulaw
[demo-alice](friends_internal)
secret=demo-alice ; put a strong, unique password here instead
[demo-bob](friends_internal)
secret=demo-bob ; put a strong, unique password here instead
[general]
udpbindaddr=0.0.0.0:5060
realm=192.168.1.91 ;replace with your Asterisk server public IP address or host
transport=udp,ws
[demo-bob]
host=dynamic
secret=test2
context=from-internal
type=friend
encryption=no
icesupport=yes
directmedia=no
disallow=all
allow=ulaw
allow=opus
auth_type=userpass
rtcp_mux=yes
transport=tls,udp,ws ; Asterisk will allow this peer to register on UDP or WebSockets
[demo-alice]
host=dynamic
secret=test1
context=from-internal
type=friend
encryption=no
icesupport=yes
directmedia=no
disallow=all
allow=ulaw
allow=opus
auth_type=userpass
rtcp_mux=yes
transport=tls,udp,ws ; Asterisk will allow this peer to register on UDP or WebSockets
You appear to have also removed additional things, as all the dtls options are now gone. You also did not remove the original “demo-alice” and “demo-bob”.
Now its much closer too working, thank you But now i get another error
when starting a call from SipML5 with “demo-alice” to “demo-bob” with Blink:
[Jul 8 00:16:23] WARNING[6376]: chan_sip.c:17770 register_verify: peer 'demo-alice' HAS NOT USED (OR SWITCHED TO) TLS in favor of 'WS' (but this was allowed in sip.conf)!
[Jul 8 00:16:27] ERROR[6378]: tcptls.c:1068 ast_tcptls_client_start: Unable to connect SIP socket to 192.168.1.75:38454: Connection refused
[Jul 8 00:16:51] NOTICE[6336]: chan_sip.c:28404 handle_request_subscribe: Received SIP subscribe for peer without mailbox: demo-alice
[Jul 8 00:16:59] WARNING[6336]: chan_sip.c:4072 retrans_pkt: Retransmission timeout reached on transmission 2a9886b759130da847adbfab1e6df9ca@192.168.1.91:8089 for seqno 102 (Critical Request) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 31999ms with no response
I added iptables rules for every port accepting udp and tcp from 10000 to 40000 and of course 5060 and 8089.
