I have been working with several SIP.js clients that utilize TURNS for voice communication, and they have been performing admirably in environments where UDP is not available. However, on the server-side, I have observed that Asterisk requires UDP for transferring audio data, even when using TURN.
I am curious to know if there is a specific reason why Asterisk seems to only support TURN over UDP, and not the TLS/TCP variant TURNS. The inclusion of TURNS, with its encrypted communication, would be especially advantageous in scenarios where UDP connections are not available.
I think RTP over TCP is very rare. The reason that RTP favours connectionless transports is that it is generally better to skip a lost frame than than to wait for a retransmission, and have all subsequent frames delayed. As such I would assume that implementing RTP over TCP was a very low priority.
It looks like RFC 4571 has been stuck at proposed standard for 17 years. RFC 3550 has been a full standard for nearly 20 years.
What’s wrong with SRTP if you want both media encryption and real-time?
As david551 has said, TCP introduces such complications with real-time audio
transmission that (almost) nobody bothers to implement it, and UDP is far
better-suited to the job.
SRTP adds the security layer if that’s what you’re after.
What sort of networks are you working in where “UDP is not available”?
I currently have an Asterisk server set up on a Raspberry Pi at my home. Unfortunately, my ISP appears to be blocking UDP packets, particularly from IP addresses outside the country.
In my existing configuration, the SIP.js clients utilize TURNS for establishing a connection to the Asterisk server, and the audio quality has been excellent.
To work around the ISP’s UDP blocking, I am using a TCP-based VPN to connect the Asterisk server to the TURNS server. While this setup is functional, I am exploring alternatives to eliminate the need for the VPN.
Hope asterisk adds support for TCP/TLS transport for TURN. The media would still be UDP relayed through the TURN server.
Mostafa, if you’re in Egypt, or pretty much any Middle Eastern country, there are DPI systems on all inbound and outbound packets. They’re not blocking UDP, they’re blocking RTP bearing the usual codecs used for VoIP calls. It’s a regulation thing…
In that case, I would assume it is either being done to protect a government monopoly or for national security reasons, and bypassing it with TCP is not something you want to do without good legal advice.