Re: [asterisk-users] WebRTC - Transport Issues. - Solved
Josh Thank you for the confirmation on this. The captures do confirm that I am using the wss. What was throwing me was I have only udp and wss in the transports and then the Primary once connected was showing the ws. At first I thought I was doing something wrong and the traffic was flowing unencrypted. You confirmed what I had hoped that the wss was just showing the underlying ws transport. A big thanks. We are excited to finally getting our webrtc test application out to some customers. Have a great week. Bryant From: "Joshua Colp" Sent: Sunday, March 12, 2017 7:35 PM On Sat, Mar 11, 2017, at 09:52 PM, Bryant Zimmerman wrote: > Hey all. I have webrtc up and running with asterisk 11. All is going well > with TLS now working. > At least I hope it is using TLS and wss. Based on what I am seeing I > have > UDP, WSS listed in the Allowed transports, but every time I connect the > Primary transport shows WS.. Why is this? Am I actually running ws in > wss > mode? You are using WSS (the Contact line has transport=wss which indicates it). Both WS and WSS will show "WS" for the Primary Transport. Another way to tell is to look at the SIP traffic and check the Via header for WSS. You can also check a packet capture. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] tcpbind and source IP address
Ok, thank you for the assistance! пн, 13 мар. 2017 г. в 16:38, Joshua Colp : > On Mon, Mar 13, 2017, at 10:32 AM, Kseniya Blashchuk wrote: > > Tested with latest Asterisk 14.3.0 on Ubuntu 16 kernel 4.4.0-66-generic > > and > > Centos 7 kernel 3.10.0-514.10.2.el7.x86_64. Absolutely the same behavior. > > Joshua, maybe you can advice what can be done further? > > You can file an issue but chan_sip is a community supported module, so > there is no guarantee of when it would be looked at and resolved. > Ultimately though someone has to spend the time to replicate what is > going on, look into the code, and understand what is going on. > > -- > Joshua Colp > Digium, Inc. | Senior Software Developer > 445 Jan Davis Drive NW - Huntsville, AL 35806 - US > Check us out at: www.digium.com & www.asterisk.org > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] tcpbind and source IP address
On Mon, Mar 13, 2017, at 10:32 AM, Kseniya Blashchuk wrote: > Tested with latest Asterisk 14.3.0 on Ubuntu 16 kernel 4.4.0-66-generic > and > Centos 7 kernel 3.10.0-514.10.2.el7.x86_64. Absolutely the same behavior. > Joshua, maybe you can advice what can be done further? You can file an issue but chan_sip is a community supported module, so there is no guarantee of when it would be looked at and resolved. Ultimately though someone has to spend the time to replicate what is going on, look into the code, and understand what is going on. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] tcpbind and source IP address
Tested with latest Asterisk 14.3.0 on Ubuntu 16 kernel 4.4.0-66-generic and Centos 7 kernel 3.10.0-514.10.2.el7.x86_64. Absolutely the same behavior. Joshua, maybe you can advice what can be done further? пн, 13 мар. 2017 г. в 14:52, Kseniya Blashchuk : > Ah ok, thank you for checking. > I'll maybe also try with the latest asterisk and/or other distro and see > if this behavior is reproduced. > > пн, 13 мар. 2017 г. в 14:46, Joshua Colp : > > On Mon, Mar 13, 2017, at 08:43 AM, Kseniya Blashchuk wrote: > > Mmh sorry I'm afraid I did not understand your last message. Yes the code > > does that but only with UDP, for TCP the source address is 192.168.0.172 > > though it's bound to 192.168.0.177: > > IP 192.168.0.172.47596 > .5061 > > If it was a system/kernel issue, then why is the behavior different for > > TCP > > and UDP? I thought that maybe the application does not request the bound > > address as a source in case of TCP... > > The chan_sip module, from looking at the code, does use the bound > address when connecting. Someone would need to dig deeper to understand > if the problem is somehow in Asterisk or if it is the system somehow > doing it. > > -- > Joshua Colp > Digium, Inc. | Senior Software Developer > 445 Jan Davis Drive NW - Huntsville, AL 35806 - US > Check us out at: www.digium.com & www.asterisk.org > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] tcpbind and source IP address
Ah ok, thank you for checking. I'll maybe also try with the latest asterisk and/or other distro and see if this behavior is reproduced. пн, 13 мар. 2017 г. в 14:46, Joshua Colp : > On Mon, Mar 13, 2017, at 08:43 AM, Kseniya Blashchuk wrote: > > Mmh sorry I'm afraid I did not understand your last message. Yes the code > > does that but only with UDP, for TCP the source address is 192.168.0.172 > > though it's bound to 192.168.0.177: > > IP 192.168.0.172.47596 > .5061 > > If it was a system/kernel issue, then why is the behavior different for > > TCP > > and UDP? I thought that maybe the application does not request the bound > > address as a source in case of TCP... > > The chan_sip module, from looking at the code, does use the bound > address when connecting. Someone would need to dig deeper to understand > if the problem is somehow in Asterisk or if it is the system somehow > doing it. > > -- > Joshua Colp > Digium, Inc. | Senior Software Developer > 445 Jan Davis Drive NW - Huntsville, AL 35806 - US > Check us out at: www.digium.com & www.asterisk.org > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] tcpbind and source IP address
On Mon, Mar 13, 2017, at 08:43 AM, Kseniya Blashchuk wrote: > Mmh sorry I'm afraid I did not understand your last message. Yes the code > does that but only with UDP, for TCP the source address is 192.168.0.172 > though it's bound to 192.168.0.177: > IP 192.168.0.172.47596 > .5061 > If it was a system/kernel issue, then why is the behavior different for > TCP > and UDP? I thought that maybe the application does not request the bound > address as a source in case of TCP... The chan_sip module, from looking at the code, does use the bound address when connecting. Someone would need to dig deeper to understand if the problem is somehow in Asterisk or if it is the system somehow doing it. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] tcpbind and source IP address
Mmh sorry I'm afraid I did not understand your last message. Yes the code does that but only with UDP, for TCP the source address is 192.168.0.172 though it's bound to 192.168.0.177: IP 192.168.0.172.47596 > .5061 If it was a system/kernel issue, then why is the behavior different for TCP and UDP? I thought that maybe the application does not request the bound address as a source in case of TCP... пн, 13 мар. 2017 г. в 14:37, Joshua Colp : > On Mon, Mar 13, 2017, at 08:31 AM, Kseniya Blashchuk wrote: > > Yes, look: > > netstat -nlp | egrep '506[01]' > > tcp0 0 192.168.0.177:5061 0.0.0.0:* > > LISTEN > > 13255/asterisk > > udp0 0 192.168.0.177:5060 0.0.0.0:* > > 13255/asterisk > > Still, the problem is with *outgoing* *TCP* packets originated from > > asterisk. Source IP is set to the first IP address of the interface only > > when TCP is used. As I understand, the application (chan_sip in this > > case) > > should request kernel to use the specific source IP address (used in bind > > directive) for outgoing packets, however it seems to be done only for > > UDP. > > For outgoing packets on TCP/5061 I see the following: > > IP *192.168.0.172*.47596 > .5061: Flags [S], seq 2529313754 > <(252)%20931-3754>, > > win > > 29200, options [mss 1460,sackOK,TS val 82765588 ecr 0,nop,wscale 7], > > length > > 0 > > And with UDP as transport: > > IP *192.168.0.177*.5060 > .5060: SIP: OPTIONS > > The underlying code does this already. It connects using the bound > socket (which would be bound to the IP address you've provided). This > should have the system use the source IP address as you want, but it's > evidently not. > > -- > Joshua Colp > Digium, Inc. | Senior Software Developer > 445 Jan Davis Drive NW - Huntsville, AL 35806 - US > Check us out at: www.digium.com & www.asterisk.org > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] tcpbind and source IP address
On Mon, Mar 13, 2017, at 08:31 AM, Kseniya Blashchuk wrote: > Yes, look: > netstat -nlp | egrep '506[01]' > tcp0 0 192.168.0.177:5061 0.0.0.0:* > LISTEN > 13255/asterisk > udp0 0 192.168.0.177:5060 0.0.0.0:* > 13255/asterisk > Still, the problem is with *outgoing* *TCP* packets originated from > asterisk. Source IP is set to the first IP address of the interface only > when TCP is used. As I understand, the application (chan_sip in this > case) > should request kernel to use the specific source IP address (used in bind > directive) for outgoing packets, however it seems to be done only for > UDP. > For outgoing packets on TCP/5061 I see the following: > IP *192.168.0.172*.47596 > .5061: Flags [S], seq 2529313754, > win > 29200, options [mss 1460,sackOK,TS val 82765588 ecr 0,nop,wscale 7], > length > 0 > And with UDP as transport: > IP *192.168.0.177*.5060 > .5060: SIP: OPTIONS The underlying code does this already. It connects using the bound socket (which would be bound to the IP address you've provided). This should have the system use the source IP address as you want, but it's evidently not. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] tcpbind and source IP address
Yes, look: netstat -nlp | egrep '506[01]' tcp0 0 192.168.0.177:5061 0.0.0.0:* LISTEN 13255/asterisk udp0 0 192.168.0.177:5060 0.0.0.0:* 13255/asterisk Still, the problem is with *outgoing* *TCP* packets originated from asterisk. Source IP is set to the first IP address of the interface only when TCP is used. As I understand, the application (chan_sip in this case) should request kernel to use the specific source IP address (used in bind directive) for outgoing packets, however it seems to be done only for UDP. For outgoing packets on TCP/5061 I see the following: IP *192.168.0.172*.47596 > .5061: Flags [S], seq 2529313754, win 29200, options [mss 1460,sackOK,TS val 82765588 ecr 0,nop,wscale 7], length 0 And with UDP as transport: IP *192.168.0.177*.5060 > .5060: SIP: OPTIONS пн, 13 мар. 2017 г. в 13:55, Joshua Colp : > On Mon, Mar 13, 2017, at 03:52 AM, Kseniya Blashchuk wrote: > > Hi! > > Attached sip.conf and interface config as well. In this case we use only > > TLS, but I have checked with TCP - same situation, 192.168.0.172 is used > > as > > a source. For UDP 192.168.0.177 is used as expected. > > Does the output of netstat -a confirm that it is bound to only that IP > address? If so, then it seems chan_sip has done its part. > > -- > Joshua Colp > Digium, Inc. | Senior Software Developer > 445 Jan Davis Drive NW - Huntsville, AL 35806 - US > Check us out at: www.digium.com & www.asterisk.org > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] tcpbind and source IP address
On Mon, Mar 13, 2017, at 03:52 AM, Kseniya Blashchuk wrote: > Hi! > Attached sip.conf and interface config as well. In this case we use only > TLS, but I have checked with TCP - same situation, 192.168.0.172 is used > as > a source. For UDP 192.168.0.177 is used as expected. Does the output of netstat -a confirm that it is bound to only that IP address? If so, then it seems chan_sip has done its part. -- Joshua Colp Digium, Inc. | Senior Software Developer 445 Jan Davis Drive NW - Huntsville, AL 35806 - US Check us out at: www.digium.com & www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users