WebRTC NoVoice on External Network, works on Local Network

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

WebRTC NoVoice on External Network, works on Local Network

Postby ketan9 » Sat Dec 01, 2018 9:38 am

Hi,

WIth Vicidial 8.1.2 install, on our local network (LAN), the webrtc calls and phone setup is working fine, no issues.

However, when we try to login to vicidial from internet ( external network ), the login agent is not able to hear any voice. Agent can manually dial the call and receive inbound calls, but there is no voice in either direction ( caller to agent or agent to caller ). On LAN, it works without issue.

I read the post viewtopic.php?f=8&t=38057 and still no avail. I have done a Firewall NAT for all ports (1-65000) from Firewall of external ip to the vicidial server ip. I know it is a security risk at present to open the ssh and other ports for the world. But I am not sure at present which ports system would use, so opened all ports, essentially DMZ.


Can you please tell me what more information would you need?

Following Asterisk log (internal lan connection login of agent, working log)
[Dec 1 19:56:24] Asterisk 13.21.1-vici, Copyright (C) 1999 - 2014, Digium, Inc. and others.
[Dec 1 19:56:24] Created by Mark Spencer <markster@digium.com>
[Dec 1 19:56:24] Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
[Dec 1 19:56:24] This is free software, with components licensed under the GNU General Public
[Dec 1 19:56:24] License version 2 and other licenses; you are welcome to redistribute it under
[Dec 1 19:56:24] certain conditions. Type 'core show license' for details.
[Dec 1 19:56:24] =========================================================================
[Dec 1 19:56:24] Connected to Asterisk 13.21.1-vici currently running on call (pid = 2122)
[Dec 1 19:56:29] == WebSocket connection from '192.168.2.33:63082' for protocol 'sip' accepted using version '13'
[Dec 1 19:56:29] -- Registered SIP '8002' at 192.168.2.33:63082
[Dec 1 19:56:35] == Manager 'sendcron' logged on from 127.0.0.1
[Dec 1 19:56:35] == DTLS ECDH initialized (automatic), faster PFS enabled
[Dec 1 19:56:35] == Using SIP RTP CoS mark 5
[Dec 1 19:56:35] -- Called 8002
[Dec 1 19:56:35] -- SIP/8002-00000363 is ringing
[Dec 1 19:56:35] > 0x7f7e94004690 -- Strict RTP learning after remote address set to: 192.168.2.33:59422
[Dec 1 19:56:35] -- SIP/8002-00000363 answered
[Dec 1 19:56:35] -- Executing [8600053@default:1] MeetMe("SIP/8002-00000363", "8600053,F") in new stack
[Dec 1 19:56:35] -- Created MeetMe conference 1023 for conference '8600053'
[Dec 1 19:56:35] -- <SIP/8002-00000363> Playing 'conf-onlyperson.gsm' (language 'en')
[Dec 1 19:56:35] > 0x7f7e94004690 -- Strict RTP learning after ICE completion
[Dec 1 19:56:36] == Manager 'sendcron' logged off from 127.0.0.1
[Dec 1 19:56:36] > 0x7f7e94004690 -- Strict RTP switching to RTP target address 192.168.2.33:59422 as source
[Dec 1 19:56:38] == SRTCP unprotect failed because of authentication failure
[Dec 1 19:56:39] == SRTCP unprotect failed because of authentication failure
[Dec 1 19:56:40] > 0x7f7e94004690 -- Strict RTP learning complete - Locking on source address 192.168.2.33:59422
[Dec 1 19:56:41] == SRTCP unprotect failed because of authentication failure
[Dec 1 19:56:44] == SRTCP unprotect failed because of authentication failure
[Dec 1 19:56:46] == SRTCP unprotect failed because of authentication failure
[Dec 1 19:56:49] == SRTCP unprotect failed because of authentication failure
[Dec 1 19:56:53] == SRTCP unprotect failed because of authentication failure
[Dec 1 19:56:53] == WebSocket connection from '192.168.2.33:63016' forcefully closed due to fatal write error
[Dec 1 19:56:55] == SRTCP unprotect failed because of authentication failure



Following is the log of same agent login from internet ( no voice log ):
[Dec 1 20:00:48] Asterisk 13.21.1-vici, Copyright (C) 1999 - 2014, Digium, Inc. and others.
[Dec 1 20:00:48] Created by Mark Spencer <markster@digium.com>
[Dec 1 20:00:48] Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
[Dec 1 20:00:48] This is free software, with components licensed under the GNU General Public
[Dec 1 20:00:48] License version 2 and other licenses; you are welcome to redistribute it under
[Dec 1 20:00:48] certain conditions. Type 'core show license' for details.
[Dec 1 20:00:48] =========================================================================
[Dec 1 20:00:48] Connected to Asterisk 13.21.1-vici currently running on call (pid = 2122)
[Dec 1 23:30:55] ERROR[2185]: chan_sip.c:4270 __sip_reliable_xmit: Serious Network Trouble; __sip_xmit returns error for pkt data
[Dec 1 20:00:57] == WebSocket connection from '49.34.108.239:38627' for protocol 'sip' accepted using version '13'
[Dec 1 20:00:57] -- Registered SIP '8002' at 49.34.108.239:38627
[Dec 1 23:30:57] ERROR[2185]: tcptls.c:447 tcptls_stream_close: SSL_shutdown() failed: error:00000005:lib(0):func(0):DH lib, Underlying BIO error: Broken pipe
[Dec 1 20:00:57] == WebSocket connection from '49.34.108.239:38547' forcefully closed due to fatal write error
[Dec 1 23:30:57] NOTICE[27667]: chan_sip.c:24639 handle_response_peerpoke: Peer '8002' is now Reachable. (138ms / 2000ms)
[Dec 1 20:01:01] == Manager 'sendcron' logged on from 127.0.0.1
[Dec 1 20:01:01] == Manager 'sendcron' logged off from 127.0.0.1
[Dec 1 20:01:01] == Manager 'sendcron' logged on from 127.0.0.1
[Dec 1 20:01:02] == Manager 'sendcron' logged off from 127.0.0.1
[Dec 1 20:01:06] == Manager 'sendcron' logged on from 127.0.0.1
[Dec 1 20:01:06] == Manager 'sendcron' logged off from 127.0.0.1
[Dec 1 20:01:07] == Manager 'sendcron' logged on from 127.0.0.1
[Dec 1 20:01:07] == DTLS ECDH initialized (automatic), faster PFS enabled
[Dec 1 20:01:07] == Using SIP RTP CoS mark 5
[Dec 1 20:01:07] -- Called 8002
[Dec 1 20:01:08] -- SIP/8002-00000365 is ringing
[Dec 1 20:01:13] -- SIP/8002-00000365 answered
[Dec 1 20:01:13] -- Executing [8600053@default:1] MeetMe("SIP/8002-00000365", "8600053,F") in new stack
[Dec 1 20:01:13] -- Created MeetMe conference 1023 for conference '8600053'
[Dec 1 20:01:13] -- <SIP/8002-00000365> Playing 'conf-onlyperson.gsm' (language 'en')
[Dec 1 20:01:14] == Manager 'sendcron' logged off from 127.0.0.1
[Dec 1 20:01:21] > 0x7f7e9c029e80 -- Strict RTP learning after ICE completion


Based on the external login ( from internet ), there is this "Underlying BIO error: Broken pipe" error, which I am sure is the root cause of the issue, but don't know how to fix it or where to look for it.
ketan9
 
Posts: 6
Joined: Thu Nov 08, 2018 12:28 am

Re: WebRTC NoVoice on External Network, works on Local Netwo

Postby thephaseusa » Sat Dec 01, 2018 2:25 pm

Have a look at this thread to use the new firewall VB-Firewall.pl
viewtopic.php?f=8&t=38741&p=136026&hilit=Open+ports#p136026
thephaseusa
 
Posts: 345
Joined: Tue May 16, 2017 2:23 pm

Re: WebRTC NoVoice on External Network, works on Local Netwo

Postby ketan9 » Mon Dec 03, 2018 10:18 am

Thanks for the post, I looked at that thread. I have not enabled the firewall VB-Firewall.pl, we are using the physical hardware firewall and the NAT and firewall setup is done so that all external ip traffic gets routed to the Vicidial server. Following is the error that occurs when we are dialing from internet and doesn't occur on LAN

[Dec 3 20:45:23] ERROR[24207]: tcptls.c:447 tcptls_stream_close: SSL_shutdown() failed: error:00000005:lib(0):func(0):DH lib, Underlying BIO error: Broken pipe
[Dec 3 20:45:23] == WebSocket connection from '122.170.40.188:52318' forcefully closed due to fatal write error

Are you able to tell what could be the issue?
ketan9
 
Posts: 6
Joined: Thu Nov 08, 2018 12:28 am

Re: WebRTC NoVoice on External Network, works on Local Netwo

Postby thephaseusa » Mon Dec 03, 2018 5:08 pm

Did you use vicibox-certbot to get your certs?
This is an ssl certificate error isnt it?
thephaseusa
 
Posts: 345
Joined: Tue May 16, 2017 2:23 pm

Re: WebRTC NoVoice on External Network, works on Local Netwo

Postby williamconley » Mon Dec 03, 2018 5:19 pm

And what's the NAT setting for the phone(s) in question? SIP doesn't like NAT, but if told nat is in play it tends to be more forgiving. However: If BOTH parties are behind NAT it once again steps back into "doesn't like" mode.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20018
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: WebRTC NoVoice on External Network, works on Local Netwo

Postby ketan9 » Mon Dec 03, 2018 11:07 pm

thephaseusa wrote:Did you use vicibox-certbot to get your certs?
This is an ssl certificate error isnt it?


I generated the certificates manually using letsencrypt and replaced it in all the conf files. Webrtc works fine on local network.

williamconley wrote:And what's the NAT setting for the phone(s) in question? SIP doesn't like NAT, but if told nat is in play it tends to be more forgiving. However: If BOTH parties are behind NAT it once again steps back into "doesn't like" mode.


nat=yes for all phones. On the agent end, the pc is connected to a regular router, with no special setup on a different ISP.

Port 8089 - NAT incoming traffic from internet through the Firewall to Server IP (Vicidial).
ketan9
 
Posts: 6
Joined: Thu Nov 08, 2018 12:28 am

Re: WebRTC NoVoice on External Network, works on Local Netwo

Postby williamconley » Tue Dec 04, 2018 11:02 am

ketan9 wrote:
williamconley wrote:And what's the NAT setting for the phone(s) in question? SIP doesn't like NAT, but if told nat is in play it tends to be more forgiving. However: If BOTH parties are behind NAT it once again steps back into "doesn't like" mode.


nat=yes for all phones. On the agent end, the pc is connected to a regular router, with no special setup on a different ISP.

Port 8089 - NAT incoming traffic from internet through the Firewall to Server IP (Vicidial).

Um ... I think you just said that the Vicidial server AND the agents are both using NAT. This requires special treatment from the router. I don't remember the rest of the thread: Have you tested with a normal SIP phone?
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20018
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: WebRTC NoVoice on External Network, works on Local Netwo

Postby ketan9 » Wed Dec 05, 2018 6:28 am

williamconley wrote:Um ... I think you just said that the Vicidial server AND the agents are both using NAT. This requires special treatment from the router. I don't remember the rest of the thread: Have you tested with a normal SIP phone?

I have created a detailed post on https://github.com/chornyitaras/PBXWebPhone/issues/21 with the detailed logs, configuration and setup scenario as well. I would really appreciate if you could spare some time to review it and help me with the situation.

I tried with normal SIP phone as well but didn't work.
ketan9
 
Posts: 6
Joined: Thu Nov 08, 2018 12:28 am

Re: WebRTC NoVoice on External Network, works on Local Netwo

Postby williamconley » Wed Dec 05, 2018 11:00 am

ketan9 wrote:
williamconley wrote:I tried with normal SIP phone as well but didn't work.

If normal sip phones don't work, your problem is NAT and this is an asterisk (sip) issue unrelated to WebRTC or Vicidial. SIP is not designed to traverse NAT. Many routers now have special methods to allow SIP to traverse NAT.

But: If you're traversing NAT on both sides of the transaction (client and server), now you have NAT twice and that's a different ballgame and not as simple. This battle has been fought hundreds of times and can be resolved in some fashion, but not related to WebRTC.

There are threads here on the Vicidial forum and even more of them on the FreePBX and Asterisk forums for NAT at both ends of the call. Simplest solution is to put your Vicidial server directly on a public IP address, thus removing one of the two NATs. More complex solutions involve modifications to your router, but that can be problematic since every router is different and there are no rules. Even deeper is hiring someone Cisco Certified (or equivalent) who has a deep understanding of the underlying networking principles and (more importantly) also has a deep understanding of SIP protocol. One without the other may not solve your problem.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20018
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: WebRTC NoVoice on External Network, works on Local Netwo

Postby dspaan » Wed Jan 02, 2019 7:41 pm

ketan9 wrote:Thanks for the post, I looked at that thread. I have not enabled the firewall VB-Firewall.pl, we are using the physical hardware firewall and the NAT and firewall setup is done so that all external ip traffic gets routed to the Vicidial server. Following is the error that occurs when we are dialing from internet and doesn't occur on LAN

[Dec 3 20:45:23] ERROR[24207]: tcptls.c:447 tcptls_stream_close: SSL_shutdown() failed: error:00000005:lib(0):func(0):DH lib, Underlying BIO error: Broken pipe
[Dec 3 20:45:23] == WebSocket connection from '122.170.40.188:52318' forcefully closed due to fatal write error

Are you able to tell what could be the issue?


This error is not related to your problem, i get this error too on our servers and we run webRTC over the internet without issues.
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1374
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: WebRTC NoVoice on External Network, works on Local Netwo

Postby ngtechnologies » Wed Jan 02, 2019 11:48 pm

yes, same here. the websocket closed message has always been there for years, but never affected calling for our agents
ngtechnologies
 
Posts: 24
Joined: Mon Mar 27, 2017 11:13 am


Return to Support

Who is online

Users browsing this forum: Google [Bot] and 87 guests