Video doesn't work when running Asterisk15.2.2 on AWS EC2 instance

Hello, last week I setup an EC2 t2.micro instance with Asterisk 15.2.2 installed. Tested with PJSIP softphones, audio worked well, video gave a green window though. I guess the EC2 inbound rules are ok since audio is working, so there might be something wrong/missing in my pjsip.conf. Here is how it looks like, please advise, appreciated.

[transport-udp-nat]
type=transport
protocol=udp
bind=0.0.0.0
local_net=172.12.34.56/32 ;private ip of ec2 instance
local_net=10.0.1.0/24 ;private ip of endpoints
external_media_address=34.123.456.789 ;public ip of ec2 instance
external_signaling_address=34.123.456.789 ;public ip of ec2 instance

endpoint_internal
type=endpoint
context=from-internal
force_rport=yes
rtp_symmetric=yes
direct_media=no
disallow=all
allow=ulaw,h264

auth_userpass
type=auth
auth_type=userpass

aor_dynamic
type=aor
max_contacts=1

demo-alice
auth=demo-alice
aors=demo-alice
demo-alice
password=unsecurepassword ; put a strong, unique password here instead
username=demo-alice
demo-alice

demo-bob
auth=demo-bob
aors=demo-bob
demo-bob
password=unsecurepassword ; put a strong, unique password here instead
username=demo-bob
demo-bob

Have you done a packet capture or used “rtp set debug on” to see if media is actually flowing for video or looked at the signaling to confirm that addresses are as they should be?

@jcolp Thanks for the guidance, I’m new and first time use “rtp set debug on”, found video type RTP packets had been sent to my private IP instead of public IP.

The scenario was A invited B for audio/video but A disabled its own video TX since it’s an unidirectional video from B to A.

It went well after two-way video were enabled though. Is it because that’s when rtp_symmetric kicked in, so that Asterisk could find A’s public media IP?

If I want to keep unidirectional video, setting up a “stunaddr” in rtp.conf should be the way to go?

Thanks.

Yes, because your device is behind NAT we don’t know its public IP address and port until we receive traffic from it. There’s nothing on the Asterisk side to change this unless the remote client supports ICE, which may help.