I am creating a project based on WebRTC and Asterisk. I'm forced tu use HTTPS, WSS, SRTP & DTLS, because new browser don't support non-secure connections ... etc
Asterisk 12.8.2
SipJS 0.7.3
Centos 6.7
Chrome 48.0.2
Self-signed certificate (for testing only)
Secure socket used between browser and Asterisk (wss://149.56.XX.XX:8089/ws)
Libsrtp (SRTP) & Pjproject installed
Asterisk server Directly connected to the Internet (Public IP)
Browser is behinf NAT
DTLS-SRTP
WebRTC javascript code located in the same server as Asterisk.
IP's:
Asterisk IP: 149.56.XX.XX
Browser Public IP: 67.212.XX.XX
Browser Local IP: 192.168.0.115
The signaling phase is correct, the peer is well connected to the server.
The aim is to listen to a Playback or Saydigits from Asterisk server. When I run the call, I see that all goes well (SIP and RTP), but no sound in the browser (The volume is up).
I searched on Google, in the forums, but no results .... is that it is a SRTP decryption problem?
Anyone tried this before?
SIP.CONF
[1060]
type=friend
username=1060
host=dynamic
secret=lookrtctest
encryption=yes
avpf=yes
icesupport=yes
context=outgoing
directmedia=no
transport=ws,wss
force_avp=yes
disallow=all
allow=ulaw
allow=alaw
dtlsenable=yes
dtlsverify=fingerprint
dtlscertfile=/etc/asterisk/keys/asterisk.pem
dtlscafile=/etc/asterisk/keys/ca.crt
dtlssetup=actpass
nat=yes,force_rport
Extensions.conf:
[outgoing]
exten => _X.,1,Noop(*** Start Call *** )
exten => _X.,n,Answer()
exten => _X.,n,Playback(vm-from)
exten => _X.,n,SayDigits(123456)
exten => _X.,n,Hangup()
RTP.conf:
[general]
rtpstart=10000
rtpend=20000
icesupport=yes
stunaddr=stun.l.google.com:19302
Http.conf:
[general]
enabled=yes
bindaddr=0.0.0.0
tlsenable=yes
tlsbindaddr=0.0.0.0:8089
tlsprivatekey=/etc/asterisk/keys/asterisk.pem
tlscertfile=/etc/asterisk/keys/asterisk.pem
RTP traces
Sip Traces
Wireshark traces
Related
I prepared server ubuntu like from docs. I created SSL cert to my domin and i have open required ports. I installed red5pro in to /usr/local/red5pro/ and server fine. When i will go to http://example.com:5080/ i can see home page red5pro and is ok. But when i click on broadcast i have a info: No suitable Publisher found. WebRTC & Flash not supported. Ok, maybe because is http not https. I decided create test index page in to /var/www/test/index.html and i have basic configuration like:
var config = {
protocol: 'wss',
host: 'example.com',
port: 443,
app: 'live',
streamName: 'abccaccaa',
rtcConfiguration: {
iceServers: [{urls: 'stun:stun2.l.google.com:19302'}],
iceCandidatePoolSize: 2,
bundlePolicy: 'max-bundle'
} // See https://developer.mozilla.org/en-US/docs/Web/API/RTCPeerConnection/RTCPeerConnection#RTCConfiguration_dictionary
};
And now when i try broadcast have an info: WebSocket connection to 'wss://example.com/live/?id=abccaccaa' failed: Error during WebSocket handshake: Unexpected response code: 404
Looks like have no example.com/live and cant figure out what is wrong :( since 2 days. Maybe someone could give me an advice ? Or alternative on other application than red5pro
i've changed my sip providers ip to MY.SIP.PROV.IP and their domain to MYSIPPROVIDER.COM and also my phone number to XXXXXXXXXX....
This is the CLI log. I'm able to dial out but I cannot get inbound routes working... Any help is appreciated.
Main part I'm not understanding:
2016-03-09 22:59:50.981898 [DEBUG] sofia.c:9124 IP MY.SIP.PROV.IP Rejected by acl "domains". Falling back to Digest auth.
Second Part....
2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:2852 Can't find user [#MYSIPPROVIDER.COM] from MY.SIP.PROV.IP
You must define a domain called 'MYSIPPROVIDER.COM' in your directory and add a user with the id="" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:1703 SIP auth failure (INVITE) on sofia profile 'internal' for [XXXXXXXXXX#MYSIPPROVIDER.COM] from ip MY.SIP.PROV.IP
If you look at the vars.xml file (located in /etc/freeswitch/vars.xml if you installed from the FreeSWITCH package) you'll see two relevant settings..
<X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
<X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/>
In short, if a SIP packet is sent to your FreeSWITCH box on port 5080, it get's routed to the /etc/freeswitch/dialplan/public.xml file. Which, if you installed from package, also includes any .xml in /etc/freeswitch/dialplan/public/ using the line..
<X-PRE-PROCESS cmd="include" data="public/*.xml"/>
Otherwise, if you receive a packet on port 5060 of your FreeSWITCH box it gets treated as an 'internal' call. These get treated a little differently. If you're using default/example configuration, one of the differences is the FreeSWITCH ACL or 'Access Control List'.
Basically, any call made to 5060 will be parsed by the ACL. Which you can perceive as a sort of firewall. If it doesn't match a rule in there, FreeSWITCH refuses it with the error.
2016-03-09 22:59:50.981898 [DEBUG] sofia.c:9124 IP MY.SIP.PROV.IP Rejected by acl "domains". Falling back to Digest auth.
And this part...
2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:2852 Can't find user [#MYSIPPROVIDER.COM] from MY.SIP.PROV.IP
You must define a domain called 'MYSIPPROVIDER.COM' in your directory and add a user with the id="" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
...is being generated by this part of the ACL config...
<list name="domains" default="deny">
<node type="allow" domain="$${domain}"/>
</list>
...Take not of the "Allow any SIP packet where the 'domain' (eg the #mysipprovider.com part of the SIP URI) is part of a user defined in the 'FreeSWITCH Directory'.
In short, the ACL is used as an added measure of authenticating INTERNAL DEVICES, in the context where FreeSWITCH is used as an 'internal PBX'.
You have two options..
Ask mysipprovider to route inbound SIP packets to port 5080, and then look at managing inbound calls via the default /etc/freeswitch/dialplan/public/00_inbound_did.xml file
Add a specific line in the ACL to approve calls from mysipprovider. Maybe something like..
..then type..
fs_cli -x 'reloadacl'
..to apply it.
I am developing a hardware device that should be automatically discovered in Windows, so I prefer to do it through SSDP instead of mDNS (Zeroconf, etc.) to avoid to force users to install its support applications.
I just need that the device appears in the network in Windows Explorer, and clicking on it to open the default browser using the device IP address in the URL. I've already made the code (answering in unicast to multicast M-SEARCH requests and sending NOTIFY messages on boot and periodically), I can see the messages in Wireshark on the Windows PC but the device still doesn't appear in the explorer network folder, and I can see there other devices like my printer, TV, media player, etc, and I see their messages also on Wireshark.
I'm searching for some advice in the content of the notify and response messages, and also in the xml file with the device profile for such a simple device - I just want to advertise that the device has a webserver on its IP address.
These are the messages that I'm sending:
In multicast:
NOTIFY * HTTP/1.1
HOST: 239.255.255.250:1900
CACHE-CONTROL: max-age=100
NT: upnp:rootdevice
USN: uuid:c5baf4a1-0c8e-44da-9714-ef0123411223::upnp:rootdevice
NTS: ssdp:alive
SERVER: NodeMCU/20150415 UPnP/1.1 xpto/0.1
Location: http://192.168.3.246/deviceprofile.xml
In unicast as a reply to the M-SEARCH:
HTTP/1.1 200 OK
Cache-Control: max-age=100
EXT:
SERVER: NodeMCU/20150415 UPnP/1.1 xpto/0.1
ST: upnp:rootdevice
USN: uuid:c5baf4a1-0c8e-44da-9714-ef0123411223
Location: http://192.168.3.246/deviceprofile.xml
deviceprofile.xml:
<?xml version='1.0'?>
<root xmlns='urn:schemas-upnp-org:device-1-0'>
<device>
<deviceType>urn:schemas-upnp-org:device:Basic:1</deviceType>
<presentationURL>http://192.168.3.246/</presentationURL>
<friendlyName>Remote control</friendlyName>
<manufacturer>xpto.com</manufacturer>
<manufacturerURL>http://xpto.com/</manufacturerURL>
<serialNumber>10275488</serialNumber>
<UDN>uuid:c5baf4a1-0c8e-44da-9714-ef0123411223</UDN>
<serviceList>
<service>
<serviceType>urn:schemas-upnp-org:service:Basic:1</serviceType>
<serviceId>urn:upnp-org:serviceId:1</serviceId>
</service>
</serviceList>
</device></root>
Anything else needed in order for the device to show up in the windows explorer network folder?
Thanks in advance
Fernando
Your deviceprofile.xml is not well formed according to UPnP Specification.
Other element is needed under<service> tag. Also, urn:schemas-upnp-org:service:Basic:1 is illegal, you need to change to UPnP pre-defined or customise under your own namespace. An example could be:
<service>
<serviceType>urn:schemas-upnp-org:service:XXXX:1</serviceType>
<serviceId>urn:upnp-org:serviceId:1</serviceId>
<SCPDURL>URL to service description.xml</SCPDURL>
<controlURL>URL for control</controlURL>
<eventSubURL>URL for eventing</eventSubURL>
</service>
You can check: Part2.3 of
http://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf
WLS 12.1.2 is running under JDK 1.7_60 on Windows 7
To meet the requirement "Switch to HTTPS, but leave t3" the following steps are performed in admin console for managed server (where the apps reside)
Disable default listen port 7280 (http and t3)
Enable default SSL listen port 7282 (https and t3s)
In order to enable t3, create a custom Channel
Protocol: t3
Port: 7280
“HTTP Enabled for This Protocol“ flag is set to false
After that, we have https and t3s on port 7282 and t3 only on port 7280.
In this case, we have issues with deployment of applications.
The deployer fails to start/stop the apps.
The reason is the deployer still tries to send messages to managed server via http.
I turned on the deployment debugging and see the following messages in admin server log.
…<DeploymentServiceTransportHttp> …<HTTPMessageSender: IOException: java.io.EOFException: Response had end of stream after 0 bytes when making a DeploymentServiceMsg request to URL: http://localhost:7280/bea_wls_deployment_internal/DeploymentService>
… <DeploymentServiceTransportHttp> …<sending message for id '-1' to 'my_srv' using URL 'http://localhost:7280' via http>
If I disable the custom t3 Channel, everything is ok. The deployer sends messages to https://localhost:7282, as expected. But in this case, we have no t3 available.
Any help is much appreciated.
Thanks
My OS is Mac Mountain lion.
My PhpStorm version is 5.0.4.
Here is my php xdebug info:
xdebug.remote_autostart => Off => Off
xdebug.remote_connect_back => Off => Off
xdebug.remote_cookie_expire_time => 3600 => 3600
xdebug.remote_enable => On => On
xdebug.remote_handler => dbgp => dbgp
xdebug.remote_host => 127.0.0.1 => 127.0.0.1
xdebug.remote_log => data/logs/xdebug.log => data/logs/xdebug.log
xdebug.remote_mode => req => req
xdebug.remote_port => 9000 => 9000
xdebug.idekey => no value => no value
I can debug PhpScript Run Type in PhpStorm,It works fine.So I think xdebug configure well.
But after I try follow the "Zero Configure Debug"(Which with Webapplication Run Type),Phpstorm can not connect with the incoming connection.
Here is my step:
Click Start Listion Php Connection.(Toggle the call to green)
Click Run->Break at first line in PhpScript,and set breakpoint at first statement.
Choose My WebApplication Config and click Debug button.Then it launches chrome and link to my phpscript.(with ?XDEBUG_SESSION_START=19869)
In PhpStorm,Debugger shows Waiting for incoming connection with ide key '19869'.
In termial,printlsof -i4TCP:9000.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
webide 288 wangfeng 69u IPv6 0xa83881cdce30c579 0t0 TCP *:cslistener (LISTEN)
Open Chrome's Developer Tool,Select Cookies.
XDEBUG_SESSION 19869 localhost / Wed, 30 Jan 2013 05:27:17 GMT 19
Refresh Chrome.Not able connect with PhpStorm debug connection.
Additional:
My firewall was closed.
My Server is nginx.My phpwebapp and server is all at my local machine.
Does it cause ipv6?
Hopes help!I have try everything,extensions bookmarklets,not work at all.
It's possible that port 9000 is being used by some other process.
In php.ini set xdebug.remote_port=9001 or another unused port of your choosing.
In PHPStorm go to Settings->PHP->Debug and under the Xdebug section set Debug port to 9001.
Restart your web server.
Start debugging.
After checking all the configuration in php.ini file and the IDE, do not forget to add the browser-specific extension that basically communicates via the IDE via IDE Key.
Please refer to this link