Hi,
I’ve asked about this on the webrtc2sip forum, but it looks like it relates to an error in my asterisk setup.
The setup is as follows:
Browser (firefox) -> webrtc2sip ->asterisk (13.3.2) ->SFLPhone on Ubuntu
SFLPhone is set up with SRTP key exchange via SDES, and ‘fallback on RTP on SDES failure’.
If I place a call from the FF browser to the SFLPhone the call is placed, but then dropped when the call is answered at the remote end. A warning appears on the asterisk console:
[May 6 16:46:44] WARNING[20191][C-0000000d]: chan_sip.c:10484 process_sdp: Failing due to no acceptable offer found
I’ve got two problems here
- I haven’t been able to place a call to any other softphone (Linphone, Ekiga) at all. Only SFLPhone gets as far as setting up the call, and that seems to be because it supports SDES
- I can only place a call from SFLPhone to the browser, not from the browser back to SFLPhone.
I think what’s happening is the configuration wants the connection to be encrypted from end to end - from the softphone to the browser. I need to be able to support SIP softphones that don’t have encryption though. I understand that the webrtc standards require the browser->webrtc2sip connection to be encrypted, but can’t the connection from Asterisk to the softphone be left unencrypted?
Could someone suggest where I’m going wrong?
thanks,
Charles
output from console with sip debug on
<--- SIP read from UDP:192.168.1.241:10060 --->
INVITE sip:60007@192.168.1.241 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.241:10060;branch=z9hG4bK-646837569;rport
From: <sip:60002@192.168.1.241>;tag=2080760246
To: <sip:60007@192.168.1.241>
Contact: <sip:60002@192.168.1.241:10060;ws-src-ip=192.168.1.4;ws-src-port=60457;ws-src-proto=ws;transport=udp>
Call-ID: a66c6532-4453-2020-9839-3c44e616a9db
CSeq: 2017927504 INVITE
Content-Type: application/sdp
Content-Length: 1753
Max-Forwards: 70
User-Agent: webrtc2sip Media Server 2.6.0
v=0
o=doubango 1983 678901 IN IP4 192.168.1.241
s=-
c=IN IP4 192.168.1.241
t=0 0
a=acap:1 setup:actpass
a=tcap:1 UDP/TLS/RTP/SAVPF UDP/TLS/RTP/SAVP RTP/SAVPF RTP/SAVP RTP/AVPF
a=acap:4 fingerprint:sha-1 CF:A9:24:08:BF:48:C5:D3:4F:84:69:1F:9B:A3:51:6A:E6:C1:B1:18
a=acap:3 fingerprint:sha-256 D8:2F:5E:63:F1:82:BA:F1:AE:57:AD:4A:39:CA:19:44:94:F0:D6:E6:49:73:6C:5F:E6:3E:57:59:9D:6A:B1:70
a=acap:2 connection:new
m=audio 48274 RTP/AVP 9 101
c=IN IP4 192.168.1.241
a=ptime:20
a=minptime:1
a=maxptime:255
a=silenceSupp:off - - - -
a=rtpmap:9 G722/8000/1
a=rtpmap:101 telephone-event/8000/1
a=fmtp:101 0-16
a=acap:5 crypto:1 AES_CM_128_HMAC_SHA1_80 inline:rmMeibdry+kJVn2bNAcXRrOOq/MrSuts8++ENryL
a=acap:6 crypto:2 AES_CM_128_HMAC_SHA1_32 inline:8jUKeKlr3b7dclx930Iz/JgnF+hJF/TmzUDwySnt
a=pcfg:1 t=1 a=1,2,4|3
a=pcfg:2 t=2 a=1,2,4|3
a=pcfg:3 t=3 a=5,6
a=pcfg:4 t=4 a=5,6
a=pcfg:5 t=5
a=sendrecv
a=rtcp-mux
a=ssrc:1593906304 cname:673b17dabeb58611285200d107b4fe66
a=ssrc:1593906304 mslabel:6994f7d1-6ce9-4fbd-acfd-84e5131ca2e2
a=ssrc:1593906304 label:doubango@audio
a=ice-ufrag:NkopHXZc5gY7TBI
a=ice-pwd:e9XKLEmPFpWJixoKAgydYf
a=candidate:TTEjOJzb60Ffvcj 1 udp 2130706431 192.168.1.241 48274 typ host tr udp fd 18
a=candidate:TTEjOJzb60Ffvcj 2 udp 2130706430 192.168.1.241 48275 typ host tr udp fd 19
a=candidate:HDnkDId4dP9cGVI 1 udp 2130706175 192.168.247.10 44986 typ host tr udp fd 20
a=candidate:HDnkDId4dP9cGVI 2 udp 2130706174 192.168.247.10 44987 typ host tr udp fd 21
a=candidate:srflxTTEjOJzb60 1 udp 1694498815 80.229.142.197 48274 typ srflx raddr 192.168.1.241 rport 48274 tr udp fd 18
a=candidate:srflxTTEjOJzb60 2 udp 1694498814 80.229.142.197 48275 typ srflx raddr 192.168.1.241 rport 48275 tr udp fd 19
<------------->
--- (11 headers 39 lines) ---
Sending to 192.168.1.241:10060 (no NAT)
Sending to 192.168.1.241:10060 (no NAT)
Using INVITE request as basis request - a66c6532-4453-2020-9839-3c44e616a9db
Found peer '60002' for '60002' from 192.168.1.241:10060
<--- Reliably Transmitting (no NAT) to 192.168.1.241:10060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.241:10060;branch=z9hG4bK-646837569;received=192.168.1.241;rport=10060
From: <sip:60002@192.168.1.241>;tag=2080760246
To: <sip:60007@192.168.1.241>;tag=as1359c37b
Call-ID: a66c6532-4453-2020-9839-3c44e616a9db
CSeq: 2017927504 INVITE
Server: Asterisk PBX 13.3.2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="192.168.1.241", nonce="7f887154"
Content-Length: 0
<------------>
Scheduling destruction of SIP dialog 'a66c6532-4453-2020-9839-3c44e616a9db' in 32000 ms (Method: INVITE)
<--- SIP read from UDP:192.168.1.241:10060 --->
ACK sip:60007@192.168.1.241 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.241:10060;branch=z9hG4bK-646837569;rport
From: <sip:60002@192.168.1.241>;tag=2080760246
To: <sip:60007@192.168.1.241>;tag=as1359c37b
Call-ID: a66c6532-4453-2020-9839-3c44e616a9db
CSeq: 2017927504 ACK
Content-Length: 0
Max-Forwards: 70
<------------->
--- (8 headers 0 lines) ---
<--- SIP read from UDP:192.168.1.241:10060 --->
INVITE sip:60007@192.168.1.241 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.241:10060;branch=z9hG4bK-600636497;rport
From: <sip:60002@192.168.1.241>;tag=2080760246
To: <sip:60007@192.168.1.241>
Contact: <sip:60002@192.168.1.241:10060;ws-src-ip=192.168.1.4;ws-src-port=60457;ws-src-proto=ws;transport=udp>
Call-ID: a66c6532-4453-2020-9839-3c44e616a9db
CSeq: 2017927505 INVITE
Content-Type: application/sdp
Content-Length: 1753
Max-Forwards: 70
Authorization: Digest username="60002",realm="192.168.1.241",nonce="7f887154",uri="sip:60007@192.168.1.241",response="8f0ac0534260996bde582de180c95a11",algorithm=MD5
User-Agent: webrtc2sip Media Server 2.6.0
v=0
o=doubango 1983 678901 IN IP4 192.168.1.241
s=-
c=IN IP4 192.168.1.241
t=0 0
a=acap:1 setup:actpass
a=tcap:1 UDP/TLS/RTP/SAVPF UDP/TLS/RTP/SAVP RTP/SAVPF RTP/SAVP RTP/AVPF
a=acap:4 fingerprint:sha-1 CF:A9:24:08:BF:48:C5:D3:4F:84:69:1F:9B:A3:51:6A:E6:C1:B1:18
a=acap:3 fingerprint:sha-256 D8:2F:5E:63:F1:82:BA:F1:AE:57:AD:4A:39:CA:19:44:94:F0:D6:E6:49:73:6C:5F:E6:3E:57:59:9D:6A:B1:70
a=acap:2 connection:new
m=audio 48274 RTP/AVP 9 101
c=IN IP4 192.168.1.241
a=ptime:20
a=minptime:1
a=maxptime:255
a=silenceSupp:off - - - -
a=rtpmap:9 G722/8000/1
a=rtpmap:101 telephone-event/8000/1
a=fmtp:101 0-16
a=acap:5 crypto:1 AES_CM_128_HMAC_SHA1_80 inline:rmMeibdry+kJVn2bNAcXRrOOq/MrSuts8++ENryL
a=acap:6 crypto:2 AES_CM_128_HMAC_SHA1_32 inline:8jUKeKlr3b7dclx930Iz/JgnF+hJF/TmzUDwySnt
a=pcfg:1 t=1 a=1,2,4|3
a=pcfg:2 t=2 a=1,2,4|3
a=pcfg:3 t=3 a=5,6
a=pcfg:4 t=4 a=5,6
a=pcfg:5 t=5
a=sendrecv
a=rtcp-mux
a=ssrc:1593906304 cname:673b17dabeb58611285200d107b4fe66
a=ssrc:1593906304 mslabel:6994f7d1-6ce9-4fbd-acfd-84e5131ca2e2
a=ssrc:1593906304 label:doubango@audio
a=ice-ufrag:NkopHXZc5gY7TBI
a=ice-pwd:e9XKLEmPFpWJixoKAgydYf
a=candidate:TTEjOJzb60Ffvcj 1 udp 2130706431 192.168.1.241 48274 typ host tr udp fd 18
a=candidate:TTEjOJzb60Ffvcj 2 udp 2130706430 192.168.1.241 48275 typ host tr udp fd 19
a=candidate:HDnkDId4dP9cGVI 1 udp 2130706175 192.168.247.10 44986 typ host tr udp fd 20
a=candidate:HDnkDId4dP9cGVI 2 udp 2130706174 192.168.247.10 44987 typ host tr udp fd 21
a=candidate:srflxTTEjOJzb60 1 udp 1694498815 80.229.142.197 48274 typ srflx raddr 192.168.1.241 rport 48274 tr udp fd 18
a=candidate:srflxTTEjOJzb60 2 udp 1694498814 80.229.142.197 48275 typ srflx raddr 192.168.1.241 rport 48275 tr udp fd 19
<------------->
--- (12 headers 39 lines) ---
Sending to 192.168.1.241:10060 (no NAT)
Using INVITE request as basis request - a66c6532-4453-2020-9839-3c44e616a9db
Found peer '60002' for '60002' from 192.168.1.241:10060
Found RTP audio format 9
Found RTP audio format 101
Found audio description format G722 for ID 9
Found audio description format telephone-event for ID 101
Capabilities: us - (g722), peer - audio=(g722)/video=(nothing)/text=(nothing), combined - (g722)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x1 (telephone-event|), combined - 0x1 (telephone-event|)
Peer audio RTP is at port 192.168.1.241:48274
Looking for 60007 in from-sip (domain 192.168.1.241)
sip_route_dump: route/path hop: <sip:60002@192.168.1.241:10060;ws-src-ip=192.168.1.4;ws-src-port=60457;ws-src-proto=ws;transport=udp>
<--- Transmitting (no NAT) to 192.168.1.241:10060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.241:10060;branch=z9hG4bK-600636497;received=192.168.1.241;rport=10060
From: <sip:60002@192.168.1.241>;tag=2080760246
To: <sip:60007@192.168.1.241>
Call-ID: a66c6532-4453-2020-9839-3c44e616a9db
CSeq: 2017927505 INVITE
Server: Asterisk PBX 13.3.2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Contact: <sip:60007@192.168.1.241:5060>
Content-Length: 0
<------------>
Really destroying SIP dialog '1419480c25e0d50e5af3538d3ceba49b@127.0.1.1:5060' Method: INVITE
[May 12 15:17:27] WARNING[10528][C-00000010]: app_dial.c:2431 dial_exec_full: Unable to create channel of type 'SIP' (cause 20 - Subscriber absent)
<--- Reliably Transmitting (no NAT) to 192.168.1.241:10060 --->
SIP/2.0 503 Service Unavailable
Via: SIP/2.0/UDP 192.168.1.241:10060;branch=z9hG4bK-600636497;received=192.168.1.241;rport=10060
From: <sip:60002@192.168.1.241>;tag=2080760246
To: <sip:60007@192.168.1.241>;tag=as566107da
Call-ID: a66c6532-4453-2020-9839-3c44e616a9db
CSeq: 2017927505 INVITE
Server: Asterisk PBX 13.3.2
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
X-Asterisk-HangupCause: Subscriber absent
X-Asterisk-HangupCauseCode: 20
Content-Length: 0
<------------>
<--- SIP read from UDP:192.168.1.241:10060 --->
ACK sip:60007@192.168.1.241 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.241:10060;branch=z9hG4bK-600636497;rport
From: <sip:60002@192.168.1.241>;tag=2080760246
To: <sip:60007@192.168.1.241>;tag=as566107da
Call-ID: a66c6532-4453-2020-9839-3c44e616a9db
CSeq: 2017927505 ACK
Content-Length: 0
Max-Forwards: 70
<------------->
--- (8 headers 0 lines) ---
Really destroying SIP dialog 'a66c6532-4453-2020-9839-3c44e616a9db' Method: ACK
Mjolnir*CLI> sip set debug off
SIP Debugging Disabled
sip.conf
[general]
realm=192.168.1.241
udpbindaddr=192.168.1.241
transport=udp;
context=from-sip ; Default context for incoming calls
;
bindport=5060 ; bindport is the local UDP port that Asterisk will listen on
bindaddr=0.0.0.0 ; IP address to bind to (0.0.0.0 binds to all)
;
;disallow=all ; First disallow all codecs
;allow=g729
disallow=all
;allow=g729
;allow=all
allow=g722
;
videosupport=yes;
tcpenable=yes;
transport=tcp,udp,ws,wss;
avpf=no ;
force_avp=no ; Force Asterisk to use avp. Introduced in Asterisk 11.11
dtlsenable=yes ; Tell Asterisk to enable DTLS for this peer
dtlsverify=no ; Tell Asterisk to not verify your DTLS certs
dtlscertfile=/etc/asterisk/keys/asterisk.pem ; Tell Asterisk where your DTLS cert file is
dtlsprivatekey=/etc/asterisk/keys/asterisk.pem ; Tell Asterisk where your DTLS private key is
dtlssetup=actpass ; Tell Asterisk to use actpass SDP parameter when setting up DTLS
directmedia=no ; Asterisk will relay media for this peer
rtcachefriends=yes
encryption=no
ext 60002 (Firefox)
id: 1095
name: 60002
callerid: NULL
defaultuser: 60002
regexten: NULL
secret: password
mailbox: NULL
accountcode: NULL
context: from-sip
amaflags: NULL
callgroup: NULL
canreinvite: no
defaultip: NULL
dtmfmode: NULL
fromuser: NULL
fromdomain: NULL
fullcontact: sip:60002@192.168.1.241:10060^3Brtcweb-breaker=yes^3Btransport=udp^3Bws-src-ip=1
host: dynamic
insecure: NULL
language: NULL
md5secret: NULL
nat: no
deny: NULL
permit: NULL
mask: NULL
pickupgroup: NULL
port: 10060
qualify: NULL
restrictcid: NULL
rtptimeout: NULL
rtpholdtimeout: NULL
type: friend
disallow: all
allow: g722
musiconhold: NULL
regseconds: 1430928012
ipaddr: 192.168.1.241
cancallforward: yes
lastms: 0
useragent:
regserver:
guid: 8c981eca-4a2a-452c-b6a3-5af7ef360002
objecthash: ddc353f0382a6579b699b61e1fe99fe9
transport: udp
avpf: no
encryption: no
icesupport: yes
dtlsenable: no
dtlsverify: no
dtlscertfile: /etc/asterisk/keys/asterisk.pem
dtlsprivatekey: /etc/asterisk/keys/asterisk.key
dtlssetup: actpass
directmedia: outgoing
force_avp: NULL
callbackextension: NULL
ext 60007 (SFLPhone)
id: 1100
name: 60007
callerid: NULL
defaultuser: 60007
regexten: NULL
secret: password
mailbox: NULL
accountcode: NULL
context: from-sip
amaflags: NULL
callgroup: NULL
canreinvite: no
defaultip: NULL
dtmfmode: NULL
fromuser: NULL
fromdomain: NULL
fullcontact: sip:60007@192.168.1.59:5060
host: dynamic
insecure: NULL
language: NULL
md5secret: NULL
nat: no
deny: NULL
permit: NULL
mask: NULL
pickupgroup: NULL
port: 5060
qualify: NULL
restrictcid: NULL
rtptimeout: NULL
rtpholdtimeout: NULL
type: friend
disallow: all
allow: g722
musiconhold: NULL
regseconds: 1430926550
ipaddr: 192.168.1.59
cancallforward: yes
lastms: 0
useragent: SFLphone/1.3.0
regserver:
guid: 8c981eca-4a2a-452c-b6a3-5af7ef360007
objecthash: 74ed134c37b25570ec2f3a17f18823ed
transport: udp,ws
avpf: no
encryption: no
icesupport: no
dtlsenable: yes
dtlsverify: no
dtlscertfile: /etc/asterisk/keys/asterisk.pem
dtlsprivatekey: /etc/asterisk/keys/asterisk.key
dtlssetup: actpass
directmedia: no
force_avp: NULL
callbackextension: NULL
dialplan
mysql> select * from extensions;
+-----+----------+-------+----------+------+-----------------+
| id | context | exten | priority | app | appdata |
+-----+----------+-------+----------+------+-----------------+
| 257 | from-sip | _X. | 1 | Dial | SIP/${EXTEN},30 |
+-----+----------+-------+----------+------+-----------------