Hello there,
have instance of Asterisk in DigitalOcean K8S cluster. For VPN connections is everything working perfectly, but for external access its not work. I try fix it for few days and I am totally frustrated.
I have WebRTC app, this app uses transport-wss. My loaded config for transport-wss is following:
# pjsip show transport transport-wss
Transport: <TransportId........> <Type> <cos> <tos> <BindAddress....................>
==========================================================================================
Transport: transport-wss ws 0 0 0.0.0.0:5060
ParameterName : ParameterValue
============================================================
allow_reload : false
allow_wildcard_certs : No
async_operations : 1
bind : 0.0.0.0:5060
ca_list_file :
ca_list_path :
cert_file : /etc/asterisk/tls/asterisk.crt
cipher :
cos : 0
domain :
external_media_address : 188.166.193.9
external_signaling_address : 188.166.193.9
external_signaling_port : 0
local_net : 10.244.0.0/255.255.0.0
local_net : 10.245.0.0/255.255.0.0
local_net : 10.80.0.0/255.255.0.0
method : unspecified
password :
priv_key_file : /etc/asterisk/tls/asterisk.key
protocol : wss
require_client_cert : No
symmetric_transport : true
tcp_keepalive_enable : false
tcp_keepalive_idle_time : 30
tcp_keepalive_interval_time : 1
tcp_keepalive_probe_count : 5
tos : 0
verify_client : No
verify_server : No
websocket_write_timeout : 100
In INVITE is Asterisk still returning onl their local IP adresses (for pod and for Gluetun VPN)
SIP/2.0 200 OK
Via: SIP/2.0/WSS p5g436acau9t.invalid;rport=58290;received=127.0.0.1;branch=z9hG4bK8342029
Call-ID: s5shmiej3gdpaohe54q6
From: "Caller 0195d2b517117a4f" <sip:0195d2b517117a4f@webrtc.omni-link.dev.derivato.io>;tag=4frittaevh
To: <sip:webrtc@webrtc.omni-link.dev.derivato.io>;tag=5e82d26e-301e-49fe-a2ec-e4ecec5c29da
CSeq: 2 INVITE
Server: Asterisk PBX 22.4.1
Contact: <sip:127.0.0.1:8088;transport=ws>
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, INFO, MESSAGE, REFER
Supported: 100rel, timer, replaces, norefersub
Content-Type: application/sdp
Content-Length: 983
v=0
o=- 7507564437143426711 4 IN IP4 10.80.0.3
s=Asterisk
c=IN IP4 10.80.0.3
t=0 0
a=msid-semantic:WMS *
a=group:BUNDLE 0
m=audio 17988 UDP/TLS/RTP/SAVPF 111 0 8 110 126
a=connection:new
a=setup:active
a=fingerprint:SHA-256 E3:F6:95:57:D8:36:E9:CB:FB:A5:3F:75:88:07:18:B2:33:B5:8F:6C:15:3C:2D:77:91:26:2C:EB:43:D8:B2:F5
a=ice-ufrag:356d6d294ee8b58e78364cfe73b9d7f1
a=ice-pwd:1e8c51215f5e2e890e2fa63c7017837a
a=candidate:Ha500003 1 UDP 2130706431 10.80.0.3 17988 typ host
a=candidate:Haf400bf 1 UDP 2130706431 10.244.0.191 17988 typ host
a=rtpmap:111 opus/48000/2
a=fmtp:111 useinbandfec=1
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=ptime:20
a=maxptime:20
a=sendrecv
a=rtcp-mux
a=ssrc:54958689 cname:b24b6049-48c9-42c0-9d3f-76cdcf6ab54f
a=msid:50df36a2-c818-4ab4-9328-f9ee4eb72179 04ad7ab1-3ca2-4950-a89e-489e79f66aea
a=rtcp-fb:* transport-cc
a=mid:0
a=rtpmap:110 telephone-event/48000
a=fmtp:110 0-16
a=rtpmap:126 telephone-event/8000
a=fmtp:126 0-16
My loaded config of used endpoint is:
# pjsip show endpoint 0195d2b517117a4f
Endpoint: <Endpoint/CID.....................................> <State.....> <Channels.>
I/OAuth: <AuthId/UserName...........................................................>
Aor: <Aor............................................> <MaxContact>
Contact: <Aor/ContactUri..........................> <Hash....> <Status> <RTT(ms)..>
Transport: <TransportId........> <Type> <cos> <tos> <BindAddress..................>
Identify: <Identify/Endpoint.........................................................>
Match: <criteria.........................>
Channel: <ChannelId......................................> <State.....> <Time.....>
Exten: <DialedExten...........> CLCID: <ConnectedLineCID.......>
==========================================================================================
Endpoint: 0195d2b517117a4f Not in use 0 of inf
InAuth: 0195d2b517117a4f/0195d2b517117a4f
Aor: 0195d2b517117a4f 2
Contact: 0195d2b517117a4f/sip:1oe17rkb@127.0.0.1:47 7661940e34 Unavail nan
Contact: 0195d2b517117a4f/sip:fkl6oirg@127.0.0.1:58 99ad351f10 Avail 253.939
Transport: transport-wss ws 0 0 0.0.0.0:5060
ParameterName : ParameterValue
===================================================================================================
100rel : yes
accept_multiple_sdp_answers : false
accountcode :
acl :
aggregate_mwi : true
allow : (opus|ulaw|alaw)
allow_overlap : true
allow_subscribe : true
allow_transfer : true
allow_unauthenticated_options : false
aors : 0195d2b517117a4f
asymmetric_rtp_codec : false
auth : 0195d2b517117a4f
bind_rtp_to_media_address : true
bundle : true
call_group :
callerid : <unknown>
callerid_privacy : allowed_not_screened
callerid_tag :
codec_prefs_incoming_answer : prefer:pending, operation:intersect, keep:all, transcode:allow
codec_prefs_incoming_offer : prefer:pending, operation:intersect, keep:all, transcode:allow
codec_prefs_outgoing_answer : prefer:pending, operation:intersect, keep:all, transcode:allow
codec_prefs_outgoing_offer : prefer:pending, operation:union, keep:all, transcode:allow
connected_line_method : invite
contact_acl :
context : webrtc-auth-context
cos_audio : 0
cos_video : 0
device_state_busy_at : 0
direct_media : false
direct_media_glare_mitigation : none
direct_media_method : invite
disable_direct_media_on_nat : true
dtls_auto_generate_cert : Yes
dtls_ca_file :
dtls_ca_path :
dtls_cert_file :
dtls_cipher :
dtls_fingerprint : SHA-256
dtls_private_key :
dtls_rekey : 0
dtls_setup : actpass
dtls_verify : Yes
dtmf_mode : rfc4733
fax_detect : false
fax_detect_timeout : 0
follow_early_media_fork : true
force_avp : false
force_rport : true
from_domain :
from_user :
g726_non_standard : false
geoloc_incoming_call_profile :
geoloc_outgoing_call_profile :
ice_support : true
identify_by : username,ip
ignore_183_without_sdp : false
inband_progress : false
incoming_call_offer_pref : local
incoming_mwi_mailbox :
language :
mailboxes :
max_audio_streams : 1
max_video_streams : 1
media_address :
media_encryption : dtls
media_encryption_optimistic : false
media_use_received_transport : true
message_context :
moh_passthrough : false
moh_suggest : default
mwi_from_user :
mwi_subscribe_replaces_unsolicited : no
named_call_group :
named_pickup_group :
notify_early_inuse_ringing : false
one_touch_recording : false
outbound_auth :
outbound_proxy :
outgoing_call_offer_pref : remote_merge
overlap_context :
pickup_group :
preferred_codec_only : false
record_off_feature : automixmon
record_on_feature : automixmon
redirect_method : user
refer_blind_progress : true
rewrite_contact : true
rpid_immediate : false
rtcp_mux : true
rtp_engine : asterisk
rtp_ipv6 : false
rtp_keepalive : 0
rtp_symmetric : true
rtp_timeout : 0
rtp_timeout_hold : 0
sdp_owner : -
sdp_session : Asterisk
security_negotiation : no
send_aoc : false
send_connected_line : yes
send_diversion : true
send_history_info : false
send_pai : false
send_rpid : false
set_var :
srtp_tag_32 : false
stir_shaken : no
stir_shaken_profile :
sub_min_expiry : 0
subscribe_context :
suppress_moh_on_sendonly : false
suppress_q850_reason_headers : false
t38_bind_udptl_to_media_address : false
t38_udptl : false
t38_udptl_ec : none
t38_udptl_ipv6 : false
t38_udptl_maxdatagram : 0
t38_udptl_nat : false
tenantid :
timers : yes
timers_min_se : 90
timers_sess_expires : 1800
tone_zone :
tos_audio : 0
tos_video : 0
transport : transport-wss
trust_connected_line : yes
trust_id_inbound : false
trust_id_outbound : false
use_avpf : true
use_ptime : false
user_eq_phone : false
voicemail_extension :
webrtc : yes
Do you have any idea what happends?
Thank you!