WebRTC设置正在本地网络上运行。它已经被转移到主机上,不再工作了。我正在研究SDP,但我对网络和SIP的了解不够有用,无法完全理解错误之处。
日志:
- 完整的Asterisk日志:http://tny.cz/5ace73e9(sip和rtp调试)
- reTURNServer.log:http://tny.cz/3b75ae45
架构:
-
Asterisk PBX 12.6。
- 公共IP:213.xxx.xxx.178
- 私有IP:192.168.xxx.99
- 不在NAT之后。SIP位于5060。它启用了实时,配置了WebRTC,8088/ws上的WebSockets,启用并配置了TLS和SRTP。RTP从49152到65535
- reTURNServer安装在同一Debian实例上,TURN开:3478,TLS开:5349,STUN开:5355
-
Dialogic中的HMP 3运行良好。
- 不在NAT后面。与Asterisk在同一个网络上
- 公共IP:与此处通信无关,因为它使用内部网络与Asterisk通信
- 专用IP:192.168.xxx.100
- SIP为5060。RTP从49152到65535
- 我使用这个PBX从很多SIP电话成功地拨打了电话
-
WebRTC客户端是sipML5,来自他们的演示站点。
- 在NAT后面。与Asterisk或HMP不在同一网络上
- 公共IP:213.xxx.xxx.210
- 私有IP:10.xxxx.xxx.118
- 用户为"mySIPUser",已在ws://213.xxx.xxx.178:8088/ws成功注册
- 浏览器是最新的Chrome浏览器(38)
reTURNServer.config:
TurnPort = 3478
TlsTurnPort = 5349
AltStunPort = 5355
TurnAddress = 213.xxx.xxx.178
AltStunAddress = 213.xxx.xxx.178
AuthenticationMode = 2
AuthenticationRealm = AsteriskREALM
NonceLifetime = 3600
AllocationPortRangeMin = 49152
AllocationPortRangeMax = 65535
DefaultAllocationLifetime = 600
MaxAllocationLifetime = 3600
MaxAllocationsPerUser = 0
TlsServerCertificateFilename = /etc/asterisk/keys/asterisk.pem
TlsTempDhFilename =
# leave blank if key is not encrypted
TlsPrivateKeyPassword = ********
# Logging Type: syslog|cerr|cout|file
LoggingType = file
# Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK
LoggingLevel = DEBUG
LogFilename = /var/log/reTurnServer.log
LogFileMaxLines = 50000
# It is highly recommended that these values are NOT left at their
# default setting
LongTermAuthUsername = MyTURNLogin
LongTermAuthPassword = MyTURNPassword
# Must be true or false, default = false, not supported on Windows
Daemonize = true
# On UNIX it is normal to create a PID file
# if unspecified, no attempt will be made to create a PID file
#PidFile = /var/run/reTurnServer/reTurnServer.pid
防火墙:
*sudo iptables -L*
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:sip
ACCEPT udp -- anywhere anywhere udp dpt:sip
ACCEPT tcp -- anywhere anywhere tcp dpt:sip-tls
ACCEPT udp -- anywhere anywhere udp dpt:sip-tls
ACCEPT tcp -- anywhere anywhere tcp dpt:omniorb
ACCEPT tcp -- anywhere anywhere tcp dpt:3478
ACCEPT udp -- anywhere anywhere udp dpt:3478
ACCEPT tcp -- anywhere anywhere tcp dpt:5349
ACCEPT tcp -- anywhere anywhere tcp dpt:hostmon
ACCEPT udp -- anywhere anywhere udp dpt:hostmon
ACCEPT tcp -- anywhere anywhere multiport dports webmin:20000
ACCEPT udp -- anywhere anywhere multiport dports 10000:20000
ACCEPT udp -- anywhere anywhere multiport dports 49152:65535
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
任何帮助都将不胜感激!
200的SDP部分在上确定,您将看到一堆候选者。现在涉及STUN/ICE协商,其中这些路径中的每一个都由呼叫的每一方进行测试。双方能够相互交谈的路径确保RTP能够通过。
在网络路径的某个地方,数据包没有被适当地映射。您需要获取网络流量并检查STUN数据包以识别数据包流。
检查企业防火墙他们的防火墙规则是什么。通常,企业需要开放以接受来自TURN的流量。试着为WebRTC使用一些公共的谷歌TURN服务器,看看它是否会让事情变得更好。
所以我终于解决了这个问题。TURN服务器需要有2个公共IP。CCD_ 1和CCD_ 2必须是2个不同的IP。因此reTURNServer.config的正确配置是:
TurnAddress = 213.xxx.xxx.178
AltStunAddress = 213.xxx.xxx.179
当然,如果使用JsSIP或Sipml5,客户端脚本必须通过sip_servers
("turn:turnuser@turnip", credentials:"turnpassword"
)反映这些更改。