Asterisk and TURN over TLS (TURNS)

Mostafa · June 11, 2023, 6:06pm

I have been working with several SIP.js clients that utilize TURNS for voice communication, and they have been performing admirably in environments where UDP is not available. However, on the server-side, I have observed that Asterisk requires UDP for transferring audio data, even when using TURN.

I am curious to know if there is a specific reason why Asterisk seems to only support TURN over UDP, and not the TLS/TCP variant TURNS. The inclusion of TURNS, with its encrypted communication, would be especially advantageous in scenarios where UDP connections are not available.

david551 · June 11, 2023, 8:31pm

I think RTP over TCP is very rare. The reason that RTP favours connectionless transports is that it is generally better to skip a lost frame than than to wait for a retransmission, and have all subsequent frames delayed. As such I would assume that implementing RTP over TCP was a very low priority.

It looks like RFC 4571 has been stuck at proposed standard for 17 years. RFC 3550 has been a full standard for nearly 20 years.

Pooh · June 11, 2023, 8:54pm

What’s wrong with SRTP if you want both media encryption and real-time?

As david551 has said, TCP introduces such complications with real-time audio
transmission that (almost) nobody bothers to implement it, and UDP is far
better-suited to the job.

SRTP adds the security layer if that’s what you’re after.

What sort of networks are you working in where “UDP is not available”?

How do you do DNS, for example?

Antony.

jcolp · June 11, 2023, 9:33pm

The answer is because noone has implemented it.

Mostafa · June 11, 2023, 9:41pm

I currently have an Asterisk server set up on a Raspberry Pi at my home. Unfortunately, my ISP appears to be blocking UDP packets, particularly from IP addresses outside the country.

In my existing configuration, the SIP.js clients utilize TURNS for establishing a connection to the Asterisk server, and the audio quality has been excellent.

To work around the ISP’s UDP blocking, I am using a TCP-based VPN to connect the Asterisk server to the TURNS server. While this setup is functional, I am exploring alternatives to eliminate the need for the VPN.

Hope asterisk adds support for TCP/TLS transport for TURN. The media would still be UDP relayed through the TURN server.

david551 · June 11, 2023, 11:51pm

I thought ISP stood for internet service provider; you are not getting an internet service!

Unless you are proposing to submit the code, yourself, I think that is unlikely, as this is the first time anyone has even suggested it.

TheMark · June 12, 2023, 5:32pm

have you cheked that the issue is not related to wrong IP in the sdp header
and or NAT related shenanigans
as that is the typical issues with no RTP

sergani · June 12, 2023, 5:49pm

Mostafa, if you’re in Egypt, or pretty much any Middle Eastern country, there are DPI systems on all inbound and outbound packets. They’re not blocking UDP, they’re blocking RTP bearing the usual codecs used for VoIP calls. It’s a regulation thing…

david551 · June 12, 2023, 8:01pm

In that case, I would assume it is either being done to protect a government monopoly or for national security reasons, and bypassing it with TCP is not something you want to do without good legal advice.

system · July 12, 2023, 8:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.