| Summary: | ASTERISK-30434: Asterisk webrtc | ||
| Reporter: | B.Prathibha (prathibha) | Labels: | webrtc |
| Date Opened: | 2023-02-21 07:43:55.000-0600 | Date Closed: | 2023-02-21 09:44:31.000-0600 |
| Priority: | Minor | Regression? | |
| Status: | Closed/Complete | Components: | Applications/General |
| Versions: | 20.1.0 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | Stun request sent to non standard high port | ||
| Comments: | By: Asterisk Team (asteriskteam) 2023-02-21 07:44:00.313-0600 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur. Please note that by submitting data, code, or documentation to Sangoma through JIRA, you accept the Terms of Use present at [https://www.asterisk.org/terms-of-use/|https://www.asterisk.org/terms-of-use/]. By: Joshua C. Colp (jcolp) 2023-02-21 07:49:14.878-0600 There is nowhere near enough information provided here. You need to be more detailed about what is going on, include configuration, include a packet capture, an Asterisk log. As well if ICE is in use, then STUN can and will be sent to the remote side at whatever ports they provide to us. By: Joshua C. Colp (jcolp) 2023-02-21 07:49:45.968-0600 And also state what the problem actually is. By: B.Prathibha (prathibha) 2023-02-21 07:51:45.047-0600 I've a firewall in place where only outbound port 3478 is opened. But stun request is being forwarded to stun.stunprotocol.org at port 34813. By: B.Prathibha (prathibha) 2023-02-21 07:54:16.988-0600 Is it possible to restrict the port to 3478. By: Joshua C. Colp (jcolp) 2023-02-21 07:54:22.245-0600 That's still not enough information. For example, nowhere in Asterisk is "stun.stunprotocol.org" configured by default. So, have you configured that somewhere? By: B.Prathibha (prathibha) 2023-02-21 07:55:55.459-0600 I've configured it in /etc/astrrisk/rtp.conf By: Joshua C. Colp (jcolp) 2023-02-21 07:57:20.529-0600 Then like I said in my original comment. You need to provide what is asked for. By: B.Prathibha (prathibha) 2023-02-21 07:57:23.026-0600 stunaddr=stunserver.stunprotocol.org:3478 By: B.Prathibha (prathibha) 2023-02-21 08:01:15.825-0600 What other info is required? By: Joshua C. Colp (jcolp) 2023-02-21 08:02:51.140-0600 From my original comment: You need to be more detailed about what is going on, include configuration, include a packet capture, an Asterisk log. By: Joshua C. Colp (jcolp) 2023-02-21 08:05:05.866-0600 And is this https://community.asterisk.org/t/stun-request-timed-out/95699 - which has warning messages in its log? By: B.Prathibha (prathibha) 2023-02-21 08:24:55.792-0600 Yes By: B.Prathibha (prathibha) 2023-02-21 08:28:09.914-0600 I've tried with other stun servers like stun.l.google.com. Got the same error as stun request timed out. By: Joshua C. Colp (jcolp) 2023-02-21 08:30:08.109-0600 Are you sure you haven't firewalled the SOURCE port? If so, there is no guarantee on that port. We won't use 3478. Otherwise the information requested is needed. By: B.Prathibha (prathibha) 2023-02-21 08:34:12.437-0600 stunclient stunserver.stunprotocol.org 3478 showed the MAPPED_ADDRESS. In wireshark, the request is send to 3478. By: B.Prathibha (prathibha) 2023-02-21 08:35:28.995-0600 In firewall the outgoing ports 3478 and 19302 are opened. By: Joshua C. Colp (jcolp) 2023-02-21 08:43:25.567-0600 I don't know what that means. The stunclient application can behave differently than Asterisk when it comes to the source port. That is completely allowed. Asterisk does not have to send STUN traffic FROM port 3478. Right now we are relying on you analyzing all of this information and providing small snippets. Until you provide the raw information so it can be looked at, I don't have anything else to add. By: B.Prathibha (prathibha) 2023-02-21 08:46:08.959-0600 Does asterisk require all outbound ports to be opened? By: Joshua C. Colp (jcolp) 2023-02-21 08:50:51.731-0600 It does. While some stuff is configurable on what will be listened on and used for such traffic, other parts are not configurable and noone has worked on changing that. By: B.Prathibha (prathibha) 2023-02-21 09:02:09.450-0600 Is it possible to control the port no by modifying the asterisk source code if it is not configurable? Which code should be looked at for the ports? By: Joshua C. Colp (jcolp) 2023-02-21 09:11:11.724-0600 Code is code. I don't know off the top of my head. By: B.Prathibha (prathibha) 2023-02-21 09:16:50.514-0600 stun server will be listening on port 3478 or 19302 for the stun requests. How does the request send to other port nos work? By: Joshua C. Colp (jcolp) 2023-02-21 09:21:19.786-0600 I haven't been talking about sending TO. Asterisk can send FROM port 25000 TO port 3478. This works fine. The remote STUN server will send its response back to port 25000, assuming the firewall allows it. By: B.Prathibha (prathibha) 2023-02-21 09:32:36.754-0600 Binding request in wireshark shows for example Source:10.10.10.73 15643 Destination:stunserver.stunprotocol.org Destination port no:34813 By: B.Prathibha (prathibha) 2023-02-21 09:33:33.197-0600 I can share you the wireshark trace tomorow. By: Joshua C. Colp (jcolp) 2023-02-21 09:34:59.590-0600 Then that's exactly as I stated. The SOURCE port is randomized, there is no guarantee on what it will be. You would need to modify the code. By: B.Prathibha (prathibha) 2023-02-21 09:38:25.553-0600 What about the destination port. It is also randomized. By: Asterisk Team (asteriskteam) 2023-02-21 09:38:26.047-0600 This issue has been reopened as a result of your commenting on it as the reporter. It will be triaged once again as applicable. By: B.Prathibha (prathibha) 2023-02-21 09:39:32.683-0600 The destination port no is not 3478. It is some random no as per the wiredhark trace. By: Joshua C. Colp (jcolp) 2023-02-21 09:43:32.245-0600 I'd suggest continuing this on the forum post you originally created. I do not believe this is an issue in Asterisk itself. If after discussion there it is determined to be an issue, then this can be reopened. | ||