Getting 488 while trying to make calls through websocket

Asterisk Asterisk Support
1

Hi,

I am usinf asterisk 11.11.0 and I have the below entry in my asterisk sip.conf

[alice]
type=friend
username=alice
host=dynamic
secret=1234
qualify=yes
context=web-socket
transport=ws
avpf=yes
encryption=yes
allow=all
nat=yes,force_rport

I can successfully register from my webclient. However, when I try to make calls, it fails with “488 Not acceptable here”. From asterisk console I get,

My SIP trace is as below,

[code]=> 192.168.146.129:8088
INVITE sip:1234@192.168.146.129 SIP/2.0
Via: SIP/2.0/WS r2227735631.invalid;rport;branch=z9hG4bKNWFhMzRmMDViNjcxNWQ0ZWY4ZTZiYmEzNmI5ODVkM2I.
From: “First Last” sip:alice@192.168.146.129;tag=68580079923073672219
To: sip:1234@192.168.146.129
Call-ID: 1303223197@r2227735631.invalid
CSeq: 2 INVITE
Max-Forwards: 70
Contact: sip:alice@192.168.146.129
Route: sip:1234@192.168.146.129:8088;lr
Content-Length: 4661
User-Agent: sip-js/1.0
Content-Type: application/sdp
Authorization: Digest algorithm=“MD5”,nonce=“10fefbed”,realm=“asterisk”,response=“b4d7ef346d79c2638bec007fa66f0ccd”,uri="sip:1234@192.168.146.129",username=“alice”

v=0
o=- 4300301372007852420 2 IN IP4 127.0.0.1
s=-
t=0 0
a=group:BUNDLE audio video
a=msid-semantic: WMS DKELiIIok8zkrbVKttDeIy1Ex2aYApOuMus9
m=audio 59941 RTP/SAVPF 111 103 104 0 8 106 105 13 126
c=IN IP4 172.16.1.188
a=rtcp:59941 IN IP4 172.16.1.188
a=candidate:3915572707 1 udp 2122260223 172.16.1.188 59941 typ host generation 0
a=candidate:3915572707 2 udp 2122260223 172.16.1.188 59941 typ host generation 0
a=candidate:174257638 1 udp 2122194687 192.168.146.1 59942 typ host generation 0
a=candidate:174257638 2 udp 2122194687 192.168.146.1 59942 typ host generation 0
a=candidate:3671821981 1 udp 2122129151 192.168.232.1 59943 typ host generation 0
a=candidate:3671821981 2 udp 2122129151 192.168.232.1 59943 typ host generation 0
a=candidate:2999745851 1 udp 2122063615 192.168.56.1 59944 typ host generation 0
a=candidate:2999745851 2 udp 2122063615 192.168.56.1 59944 typ host generation 0
a=candidate:2816547091 1 tcp 1518280447 172.16.1.188 0 typ host generation 0
a=candidate:2816547091 2 tcp 1518280447 172.16.1.188 0 typ host generation 0
a=candidate:1155598614 1 tcp 1518214911 192.168.146.1 0 typ host generation 0
a=candidate:1155598614 2 tcp 1518214911 192.168.146.1 0 typ host generation 0
a=candidate:2488824429 1 tcp 1518149375 192.168.232.1 0 typ host generation 0
a=candidate:2488824429 2 tcp 1518149375 192.168.232.1 0 typ host generation 0
a=candidate:4233069003 1 tcp 1518083839 192.168.56.1 0 typ host generation 0
a=candidate:4233069003 2 tcp 1518083839 192.168.56.1 0 typ host generation 0
a=ice-ufrag:6p59fVDzTo9q4FMW
a=ice-pwd:uqOpOlLKyPm1ew/NMIEopFNX
a=ice-options:google-ice
a=fingerprint:sha-256 ED:88:A5:A0:6D:DF:AC:37:A0:7E:08:D6:4C:60:92:EE:00:7A:D9:3A:32:82:A5:64:05:1C:7B:6B:B4:DF:AE:86
a=setup:actpass
a=mid:audio
a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
a=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
a=sendrecv
a=rtcp-mux
a=rtpmap:111 opus/48000/2
a=fmtp:111 minptime=10
a=rtpmap:103 ISAC/16000
a=rtpmap:104 ISAC/32000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:106 CN/32000
a=rtpmap:105 CN/16000
a=rtpmap:13 CN/8000
a=rtpmap:126 telephone-event/8000
a=maxptime:60
a=ssrc:338864679 cname:CydI1sxvaYQyAMH5
a=ssrc:338864679 msid:DKELiIIok8zkrbVKttDeIy1Ex2aYApOuMus9 919939e3-1243-4a95-b613-6e4c89c7d5b4
a=ssrc:338864679 mslabel:DKELiIIok8zkrbVKttDeIy1Ex2aYApOuMus9
a=ssrc:338864679 label:919939e3-1243-4a95-b613-6e4c89c7d5b4
m=video 59943 RTP/SAVPF 100 116 117
c=IN IP4 192.168.232.1
a=rtcp:59943 IN IP4 192.168.232.1
a=candidate:3671821981 1 udp 2122129151 192.168.232.1 59943 typ host generation 0
a=candidate:3671821981 2 udp 2122129151 192.168.232.1 59943 typ host generation 0
a=candidate:3915572707 1 udp 2122260223 172.16.1.188 59941 typ host generation 0
a=candidate:174257638 1 udp 2122194687 192.168.146.1 59942 typ host generation 0
a=candidate:3915572707 2 udp 2122260223 172.16.1.188 59941 typ host generation 0
a=candidate:174257638 2 udp 2122194687 192.168.146.1 59942 typ host generation 0
a=candidate:2999745851 1 udp 2122063615 192.168.56.1 59944 typ host generation 0
a=candidate:2999745851 2 udp 2122063615 192.168.56.1 59944 typ host generation 0
a=candidate:2816547091 1 tcp 1518280447 172.16.1.188 0 typ host generation 0
a=candidate:2816547091 2 tcp 1518280447 172.16.1.188 0 typ host generation 0
a=candidate:1155598614 1 tcp 1518214911 192.168.146.1 0 typ host generation 0
a=candidate:1155598614 2 tcp 1518214911 192.168.146.1 0 typ host generation 0
a=candidate:2488824429 1 tcp 1518149375 192.168.232.1 0 typ host generation 0
a=candidate:2488824429 2 tcp 1518149375 192.168.232.1 0 typ host generation 0
a=candidate:4233069003 1 tcp 1518083839 192.168.56.1 0 typ host generation 0
a=candidate:4233069003 2 tcp 1518083839 192.168.56.1 0 typ host generation 0
a=ice-ufrag:6p59fVDzTo9q4FMW
a=ice-pwd:uqOpOlLKyPm1ew/NMIEopFNX
a=ice-options:google-ice
a=fingerprint:sha-256 ED:88:A5:A0:6D:DF:AC:37:A0:7E:08:D6:4C:60:92:EE:00:7A:D9:3A:32:82:A5:64:05:1C:7B:6B:B4:DF:AE:86
a=setup:actpass
a=mid:video
a=extmap:2 urn:ietf:params:rtp-hdrext:toffset
a=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
a=sendrecv
a=rtcp-mux
a=rtpmap:100 VP8/90000
a=rtcp-fb:100 ccm fir
a=rtcp-fb:100 nack
a=rtcp-fb:100 nack pli
a=rtcp-fb:100 goog-remb
a=rtpmap:116 red/90000
a=rtpmap:117 ulpfec/90000
a=ssrc:3685647760 cname:CydI1sxvaYQyAMH5
a=ssrc:3685647760 msid:DKELiIIok8zkrbVKttDeIy1Ex2aYApOuMus9 41254c8a-c425-4fee-9810-f8a6df9dadb0
a=ssrc:3685647760 mslabel:DKELiIIok8zkrbVKttDeIy1Ex2aYApOuMus9
a=ssrc:3685647760 label:41254c8a-c425-4fee-9810-f8a6df9dadb0

<= 127.0.0.1:0
SIP/2.0 488 Not acceptable here
Via: SIP/2.0/WS r2227735631.invalid;branch=z9hG4bKNWFhMzRmMDViNjcxNWQ0ZWY4ZTZiYmEzNmI5ODVkM2I.;received=192.168.146.1;rport=53113
From: “First Last” sip:alice@192.168.146.129;tag=68580079923073672219
To: sip:1234@192.168.146.129;tag=as5e329676
Call-ID: 1303223197@r2227735631.invalid
CSeq: 2 INVITE
Server: Asterisk PBX 11.11.0
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

received response=488 Not acceptable here
=> 192.168.146.129:8088
ACK sip:1234@192.168.146.129 SIP/2.0
Via: SIP/2.0/WS r2227735631.invalid;rport;branch=z9hG4bKNWFhMzRmMDViNjcxNWQ0ZWY4ZTZiYmEzNmI5ODVkM2I.
From: “First Last” sip:alice@192.168.146.129;tag=68580079923073672219
To: sip:1234@192.168.146.129;tag=as5e329676
Call-ID: 1303223197@r2227735631.invalid
CSeq: 2 ACK
Content-Length: 0
Route: sip:1234@192.168.146.129:8088;lr

[/code]

Not sure why asterisk is rejecting my call. Please help!!

Thanks in advanced…

2

You need DTLS-SRTP support enabled in order to use thw websockets, check the threads about WebRTC troubleshooting.

3

Hi,

Thanks a lot for your reply. can you please refer any post/thread where I can get a working configuration. I didnt get much searching the internet. Like in my sample sip.conf I have the below section for configuring DTLS-SRTP. I am using ws only for transport. In this case what should be the best way to configure DTLS-SRTP?

;------------------------------------------------------------------------------
; DTLS-SRTP CONFIGURATION
;
; DTLS-SRTP support is available if the underlying RTP engine in use supports it.
;
; dtlsenable = yes                   ; Enable or disable DTLS-SRTP support
; dtlsverify = yes                   ; Verify that provided peer certificate and fingerprint are valid
;                                    ; A value of 'yes' will perform both certificate and fingerprint verification
;                                    ; A value of 'no' will perform no certificate or fingerprint verification
;                                    ; A value of 'fingerprint' will perform ONLY fingerprint verification
;                                    ; A value of 'certificate' will perform ONLY certficiate verification
; dtlsrekey = 60                     ; Interval at which to renegotiate the TLS session and rekey the SRTP session
;                                    ; If this is not set or the value provided is 0 rekeying will be disabled
; dtlscertfile = file                ; Path to certificate file to present
; dtlsprivatekey = file              ; Path to private key for certificate file
; dtlscipher = <SSL cipher string>   ; Cipher to use for TLS negotiation
;                                    ; A list of valid SSL cipher strings can be found at:
;                                    ; http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
; dtlscafile = file                  ; Path to certificate authority certificate
; dtlscapath = path                  ; Path to a directory containing certificate authority certificates
; dtlssetup = actpass                ; Whether we are willing to accept connections, connect to the other party, or both.
;                                    ; Valid options are active (we want to connect to the other party), passive (we want to
;                                    ; accept connections only), and actpass (we will do both). This value will be used in
;                                    ; the outgoing SDP when offering and for incoming SDP offers when the remote party sends
;                                    ; actpass
; dtlsfingerprint = sha-1            ; The hash to use for the fingerprint in SDP (valid options are sha-1 and sha-256)
4

I changed my sip.conf as follows; but still getting the same error

;------------------------------------------------------------------------------ ; DTLS-SRTP CONFIGURATION ; ; DTLS-SRTP support is available if the underlying RTP engine in use supports it. ; dtlsenable = yes ; Enable or disable DTLS-SRTP support dtlsverify = no ; Verify that provided peer certificate and fingerprint are valid ; ; A value of 'yes' will perform both certificate and fingerprint verification ; ; A value of 'no' will perform no certificate or fingerprint verification ; ; A value of 'fingerprint' will perform ONLY fingerprint verification ; ; A value of 'certificate' will perform ONLY certficiate verification dtlsrekey = 60 ; Interval at which to renegotiate the TLS session and rekey the SRTP session ; ; If this is not set or the value provided is 0 rekeying will be disabled dtlscertfile = /etc/asterisk/keys/asterisk.crt ; Path to certificate file to present dtlsprivatekey =/etc/asterisk/keys/asterisk.key ; Path to private key for certificate file dtlscipher = ALL ; Cipher to use for TLS negotiation ; ; A list of valid SSL cipher strings can be found at: ; ; http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS ; dtlscafile =/etc/asterisk/keys/ ; Path to certificate authority certificate dtlscapath = /etc/asterisk/keys/ ; Path to a directory containing certificate authority certificates dtlssetup = actpass ; Whether we are willing to accept connections, connect to the other party, or both. ; ; Valid options are active (we want to connect to the other party), passive (we want to ; ; accept connections only), and actpass (we will do both). This value will be used in ; ; the outgoing SDP when offering and for incoming SDP offers when the remote party sends ; ; actpass dtlsfingerprint = sha-1 ; The hash to use for the fingerprint in SDP (valid options are sha-1 and sha-256)

5

Seriously? You can’t see the sticky posts in this forum about webrtc?

Gosh…

6

Thanks a lot… I have gone through all the steps mentioned in

viewtopic.php?f=1&t=90167
forums.asterisk.org/viewtopic.php?f=1&t=91007

But now im getting,

[Aug 12 17:29:45] ERROR[26246][C-00000005]: chan_sip.c:5847 dialog_initialize_dtls_srtp: No SRTP module loaded, can't setup SRTP session. [Aug 12 17:29:45] NOTICE[26246][C-00000005]: chan_sip.c:25679 handle_request_invite: Failed to authenticate device "Alice"<sip:alice@192.168.146.129>;tag=sS0oCEVSqtMLXmLhfD9y

Any idea why this is happening ?

7

You didn’t installed the libsrtp library in order to compile the srtp module for Asterisk. Check the asterisk wiki to get the how to.

8

It worked!!! thanks a lot …