I’m developing a system with asterisk with webrtc and I was able to run the system without any issue. But as my knowledge, we have to allow rtp port range (rtp.conf) for media transmission. Now, our requirement is to block those ports in the asterisk server and transmit media through turn server. First I want to get to know that, is it possible to do that (media transfer through turn sever after blocking rtp ports), and if it is, can anyone please give me high level guide for do this. I’m stuck with this for couple of days.
one question what are you trying to achive with using a a turn server ?
adding a turn server is only ment to fix NAT issue
you still neet to send the RTP into Asterisk
if you want to secure your Asterisk server at better option is to use a SBC like
Kamailio + rtpproxy
One question is, I cannot open asterisk server’s larger port range to the public for security. Then, I searched and I came to know that we can use turn server for media transmission. That’s why I’m asking about that.
According to you, definitely I need to open rtp ports in asterisk server for successful communication right?
yes you will need to open ports for RTP where you use an STUN server or not
just remember that you can always change asterisk to have less RTP ports
the default is 10.000 but you can change to somthing else
if just need to be 2 x “max calls” you want to support + some extra
but where you only have 10 or 10.000 ports is not going to affect security
as Asterisk will only listen on the one it is expection a call on,
so the security hole is still there the atacker now just need get relayed via the STUN server
and in my 20 years of VoIP I have not heard of any practical hacking via RTP
technical with a STUN server you do not need to open any ports, but until both partys in the call send RTP the other will not be able to recive
so STUN is not a perfect solution, as it do not handle EarlyMedia well
it only to be used if you are not able to use public IP or port forward
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.