| Summary: | ASTERISK-27605: ICE: Not configurable by FQDN for externhost (chan_sip) / external_media_address (chan_pjsip). | ||
| Reporter: | Alexander Traud (traud) | Labels: | pjsip |
| Date Opened: | 2018-01-21 09:56:01.000-0600 | Date Closed: | |
| Priority: | Critical | Regression? | |
| Status: | Open/New | Components: | Channels/chan_pjsip Channels/chan_sip/Interoperability |
| Versions: | 13.19.0 15.2.0 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | IPv6 | Attachments: | |
| Description: | In Asterisk, ICE candidates are determined automatically, after setting
* {{icesupport=yes}} in the configuration file _sip.conf_ for the SIP channel driver _chan_sip_ * {{ice_support=yes}} in the configuration file _pjsip.conf_ for the SIP channel driver _chan_pjsip_ Furthermore, Asterisk allows * {{externhost=example.com}} (sip.conf) * {{external_media_address=example.com}} (pjsip.conf) to set a fully-qualified domain-name (FQDN). With this, Asterisk can be used with a dynamic IP address, Asterisk resolves its global IPv4 address via DNS-A and this FQDN. To use ICE in that case, one could go for a public STUN server in _rtp.conf_, like {code}[general] stunaddr=stun.l.google.com:19302{code} However, this has two drawbacks: # the NAT internal IPv4 address is mentioned in SDP as host ICE candidate # the result of the STUN server is a server-reflexive ICE candidate (srflx) Some user-agent clients (UACs; namely Linphone) pick the srflx even if a IPv6 based host ICE candidate is available. That can lead to IPv6 on the signaling layer (SIP) and IPv4 on the media layer (RTP). In such a case, Asterisk uses IPv6 on SIP and RTP. The UAC sends its media via IPv6 and expects to receive media via IPv4. Therefore, the UAC did not punch a possible NAT and all RTP packets from Asterisk are dropped by the NAT; a one-way audio scenario. Another alternative is to blacklist all local IP addresses in _rtp.conf_: {code}[general] ice_blacklist = 192.168.0.0/16 ice_blacklist = 172.16.0.0/12 ice_blacklist = 10.0.0.0/8 ice_blacklist = fe80::/10{code}However, this has one drawback: Asterisk does not determine srflx at all and only IPv6 are advertised. Some UACs (namely pjsua of PJProject) think that the Asterisk is not reachable via IPv4 (on the RTP layer) at all; the call is not established. Another alternative is to override/replace the advertised IPv4 based host candidate: {code}[ice_host_candidates] 192.168.0.2 => 76.164.171.238{code}However, this has one drawback: Because the IPv4 changes dynamically, one would like to specify the FQDN as replacement here. This is not supported by Asterisk, only IP addresses work as replacement. | ||
| Comments: | By: George Joseph (gjoseph) 2018-01-22 07:03:46.232-0600 Alexander, are you planning on working this one? By: Alexander Traud (traud) 2018-01-22 09:13:03.143-0600 No, not planned because I dirty-fixed for me already. That solution cannot be merged. I have no idea, how to code that correctly (get externhost there, use PJProject with a FQDN, …). A lot of architecture things are involved, I do not have the proper overview. | ||