WebRTC tutorial using SIPML5

mkdir /etc/asterisk/keys/
cd  /usr/src/asterisk-13.0.0/contrib/scripts


./ast_tls_cert -C 65.181.118.52 -O "My Super Company" -d /etc/asterisk/keys -o asterisk

Asterisk 11 Tutorial Overview

The idea for this tutorial is to demonstrate very basic WebRTC support and functionality in Asterisk 11. We will configure Asterisk to support a remote WebRTC client, and then make calls from said client (SIPML5) to Asterisk. ICE and STUN will be used for NAT traversal, and SIP will use a WebSocket transport.

Icon

It is hard to design a tutorial that applies to every environment, so remember the following:
This tutorial written using Debian Squeeze 6.0.5, Asterisk 11.8.0-rc1 and Asterisk's chan_sip channel driver.
We assume you are a little familiar with Asterisk, and have an Asterisk installation available via a public IP address, and control of the firewall in front of it. (you do have it fire-walled right?)
The SIPML5 client will be accessed via Chrome and is assumed to be behind NAT.

Icon

In newer versions of Chrome and Firefox (and others) DTLS-SRTP is mandatory. This means you must generate certificates for Asterisk to be able to use WebRTC. See: Secure Calling Tutorial

Get dependencies

Install a variety of essential dependencies to make sure we get them. Plus install the uuid-dev package that isn't included in the Asterisk 11 install_prereq script.

sudo apt-get install build-essential libncurses5-dev libxml2-dev libsqlite3-dev libssl-dev libsrtp0-dev uuid-dev

Then go to your Asterisk source /contrib/scripts directory and run the install_prereq script to get everything else that is needed.

sudo ./install_prereq install
sudo ./install_prereq install-unpackaged

Build Asterisk with support for WebRTC

 Using menuselect make sure Asterisk will build with res_http_websocket, res_crypto and chan_sip.
In the Asterisk source directory:

./configure && make menuselect

 After verifying things are as needed in menuselect, then build and install Asterisk

make && make install && make samples

Configure Asterisk

Now we need to configure the various Asterisk components necessary for WebRTC support.
I always recommend backing up your current .conf files and using clean, blank text files for trying out a tutorial like this. Especially if you are new to Asterisk.

Configure http.conf

[general]
enabled=yes
bindaddr=0.0.0.0
bindport=8088

You need to configure Asterisk's builtin HTTP server. You could use whatever bindport or bindaddr you want, but make sure you adjust the other configurations to match. This is the port and address that res_http_websocket and chan_sip will talk over when using a WebSocket transport.

Configure rtp.conf

[general]
rtpstart=10000
rtpend=20000
icesupport=true
stunaddr=stun.l.google.com:19302

Configure the range of ports to use for RTP media, and we can set icesupport=yes (although the default in recent versions of 11 is now "yes") to enable support for the ICE protocol in general. We also set the address of the STUN server to use here. We use Google's STUN server which should work for just about everyone.

Configure sip.conf

[general]
udpbindaddr=0.0.0.0
realm=123.123.123.123 ;replace with your Asterisk server public IP address or host
transport=udp,ws
icesupport=yes

directmedia=no
qualify=yes
trustrpid=yes
generaterpid=yes
sendrpid=yes
realm=60.11.118.232 ;replace with your Asterisk server public IP address or host
icesupport=yes
media_address=60.11.118.232 ;replace with your Asterisk server public IP address or host
nat=force_rport,comedia
qualifyfreq=60
keepalive=60
bindport=5060
context=default

[phone](!)
host=dynamic
type=friend
context=internal
callcounter=yes  ;trabaja en conjunto con device state
disallow=all
allow=ulaw
allow=alaw
callgroup = 1
pickupgroup = 1
dtmfmode=rfc2833
;contactdeny=0.0.0.0/0.0.0.0           ; Use contactpermit and contactdeny to
;contactpermit=172.16.0.0/255.255.0.0  ; restrict at what IPs your users may
callerid=phone
nat=force_rport,comedia
directmedia=no
icesupport=yes

[3100](phone)
username=3100
secret=11@ambiorix@34
callerid=Webrtc
disallow=all
allow=ulaw
allow=alaw
avpf=yes
force_avp=yes
icesupport=yes
directmedia=no
dtlsenable=yes
dtlsverify=fingerprint
dtlscertfile=/etc/asterisk/keys/asterisk.pem
dtlscafile=/etc/asterisk/keys/ca.crt
dtlssetup=actpass
context=webrtc
nat=force_rport,comedia
allow=h263
allow=h263p
allow=vp8
videosupport=no

[3101](phone)
username=3101
secret=11@ambiorix@34
callerid=Webrtc1
disallow=all
allow=ulaw
allow=alaw
avpf=yes
force_avp=yes
icesupport=yes
directmedia=no
dtlsenable=yes
dtlsverify=fingerprint
dtlscertfile=/etc/asterisk/keys/asterisk.pem
dtlscafile=/etc/asterisk/keys/ca.crt
dtlssetup=actpass
context=webrtc
nat=force_rport,comedia
allow=h263
allow=h263p
allow=vp8
videosupport=no
context=internal

There is already a lot of content on the wiki and in the sip.conf sample file that explain the options here. The key options for WebRTC support and ICE support are explained at this link for WebRTC and this one for ICE.

Icon

Though this page is written to Asterisk 11 and chan_sip, an example for setting up a PJSIP endpoint in Asterisk 12 is below.

Configure pjsip.conf

[transport-ws]
type=transport
protocol=ws
bind=0.0.0.0
 
[101]
type=aor
max_contacts=2
remove_existing=yes
 
[101]
type=auth
auth_type=userpass
password=101
username=101
 
[101]
type=endpoint
disallow=all
allow=ulaw
context=default
auth=101
aors=101
media_encryption=dtls
dtls_verify=fingerprint
dtls_cert_file=/etc/asterisk/keys/asterisk.pem
dtls_ca_file=/etc/asterisk/keys/ca.crt
dtls_setup=actpass
use_avpf=yes
ice_support=yes
media_use_received_transport=yes

Configure extensions.conf

We'll make a simple dialplan for receiving a test call from the SIPML5 client.

[default]
[from-internal]
exten => 1000,1,Answer()
same => n,Playback(demo-congrats)
same => n,Hangup()

If you haven't written dialplan before; this is just instructing Asterisk to answer the call and playback the sound file "demo-congrats".

Configure the firewall in front of Asterisk

Firewall configuration is outside the scope of the tutorial, however here is the output from my Uncomplicated FireWall service to show you what you may need to open:

To                         Action      From
--                         ------      ----
5060                       ALLOW IN    Anywhere
8088/tcp                   ALLOW IN    Anywhere
10000:20000/udp            ALLOW IN    Anywhere

You may wish to reconfigure your services to non-standard ports, or narrow the possible source addresses for additional security.
5060: This is the port configured in sip.conf
8088: This is the port configured in http.conf
10000:20000: This is the port range configured in rtp.conf

Configure SIPML5

Goto http://sipml5.org/ in your Chrome browser and use the live demo.
On the registration page use the following configuration, replacing the IP addresses with your public IP for the Asterisk server.

Open the "Expert mode" settings page and use the following details, still replacing the IP of course:

Be sure to hit save! Just leave that tab open, or close it and go back to the main tab to make a test call.

Make a test call

Restart Asterisk, or start Asterisk if you haven't already.
Click "Login" with the SIPML5 client. On the Asterisk CLI you should see:

  == WebSocket connection from 'X.X.X.X:46723' for protocol 'sip' accepted using version '13'
    -- Registered SIP '6001' at X.X.X.X:46723
       > Saved useragent "IM-client/OMA1.0 sipML5-v1.2014.01.27" for peer 6001

Dial extension 1000 from your SIPML5 client and you should see CLI output:

  == Using SIP RTP CoS mark 5
    -- Executing [1000@from-internal:1] Answer("SIP/6001-00000000", "") in new stack
       > 0x28057f0 -- Probation passed - setting RTP source address to X.X.X.X:9177
    -- Executing [1000@from-internal:2] Playback("SIP/6001-00000000", "demo-congrats") in new stack
    -- <SIP/6001-00000000> Playing 'demo-congrats.gsm' (language 'en')

If you don't have VERBOSE messages going to the console, and verbosity turned up at least to 3 then you may not see these messages.

Icon

When you attempt the call, Chrome may ask you for access to your microphone or camera. Be sure to say yes!

You should hear audio coming from your speakers or headphone! Congrats on making your first call via WebRTC using Asterisk!

Icon

If you attempt to use WSS instead of WS as your transport, note that Chrome and Firefox will not allow you, by default, to connect, using WSS, to a server with a self-signed or otherwise invalid certificate. Rather, you'll have to install a signed certificate into Asterisk or import the server's self-signed/invalid certificate into your browser's keychain, which is outside of the scope of this Wiki. As a workaround with Firefox only, for testing or development, you can open a separate browser tab and point it to Asterisk's HTTP server's TLS port, e.g. https://[your asterisk server]:8089/ws, and confirm the security exception.


cd /var/www
svn checkout http://sipml5.googlecode.com/svn/trunk/ sipml5-read-only
 cd sipml5-read-only
http://my-server-ip/sipml5-read-only/call.htm#

 https://wiki.asterisk.org/wiki/display/AST/WebRTC+tutorial+using+SIPML5
http://sipjs.com/guides/server-configuration/asterisk/
https://wiki.asterisk.org/wiki/display/AST/Asterisk+WebRTC+Support