WebRTC / Asterisk 11 / FreePBX testing

These instructions can be referenced as a general guide.  I did my best to document as thoroughly as possible on all the steps required to get WebRTC calling to work.

I am using Asterisk 11 with FreePBX 13 on a Raspberry Pi 2, but this guide can be used for non pi installs as well.  Configuration is required both through the FreePBX web interface as well as manually editing some config files in Asterisk.

 

WebRTC / Asterisk requirements

WebRTC requires the use of sRTP (encrypted) via DTLS key exchange.  In order for Asterisk to support sRTP, a few things need to be in place:

• res_srtp (res_srtp.so) must be enabled in your Asterisk during compile time (the raspbx image I used does)

You can test this but running

asterisk -rx "module show" | grep "res_srtp"

• Generate TLS keys, typically this can be done via ./ast_tls_cert script, located in "contrib/scripts", but my image, raspbx did not have this so I had to create the keys with openssl shown below

 

Generate the Certificate Authority Keys

All commands below run were run as root

Generate ca key

mkdir /etc/asterisk/keys
cd /etc/asterisk/keys

openssl genrsa -des3 -out ca.key 4096

 

ca.crt

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

key.pem

openssl genrsa -out key.pem 1024

csr

openssl req -new -key key.pem -out req-sip_server.csr

crt

openssl x509 -req -days 365 -in req-sip_server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out cert-sip_server.crt

Create pem compatible for Asterisk

cat key.pem > asterisk.pem
cat cert-sip_server.crt >> asterisk.pem

Configure FreePBX / Asterisk Settings

- Nat settings

We need to make sure the Asterisk server can communicate with the outside world.  Below we discuss the ports that we'll need to open on the firewall, but we need to configure some Nat settings in FreePBX first.  These settings will need to match your specific network, I cannot provide exact details on how it needs to be setup for your specific network, but this can serve as a guide on how I set mine up.  Through the FreePBX web interface

Settings > Asterisk SIP Settings > NAT Settings

and click on detect network settings.  If your server is connected to the internet, this should auto populate with the proper settings.

Then go to Chan SIP Settings tab

and configure Nat settings to match your network.  My settings are as follows:

Nat: Yes

IP Configuration: Dynamic

Dynamic Host: <my-ddns-name> FQDN is needed, if above is set to Dynamic

Click on Submit and Apply Config when finished

 

- http settings

We need to first enable Asterisk's http server to allow for websocket connections used in WebRTC.  Asterisk uses config files in /etc/asterisk directory, so to enable the http server, in a stand-alone Asterisk installation, typically we would edit /etc/asterisk/http.conf, but since we are utilizing FreePBX, if we were to edit this manually, it would be overwritten as FreePBX stores all of it's info in a database and does not read from this file (although Asterisk still does).  FreePBX has

http.conf

http_additional.conf

http_custom.conf

It would seem if we can just add our settings to http_custom.conf, as with *custom configs, FreePBX does not edit, but I noticed if in http_additional.conf FreePBX wrote, enabled=no, even when i added enabled=yes in http_custom.conf, the webserver was not enabled, so I decided to make these changes in the FreePBX webgui.

Settings > Advanced Settings > Asterisk Builtin mini-HTTP server

Enable the mini-HTTP Server : Yes

Enable TLS for the mini-HTTP Server : Yes

HTTPS TLS Certificate Location : /etc/asterisk/keys/asterisk.pem

HTTPS TLS Private Key Location : /etc/asterisk/keys/ca.crt

Click on Submit and Apply Config when finished

Here's the /etc/asterisk/http_additional.conf that FreePBX wrote (do notedit this file, only shown here as reference)

;--------------------------------------------------------------------------------;
;          Do NOT edit this file as it is auto-generated by FreePBX.             ;
;--------------------------------------------------------------------------------;
; For information on adding additional paramaters to this file, please visit the ;
; FreePBX.org wiki page, or ask on IRC. This file was created by the new FreePBX ;
; BMO - Big Module Object. Any similarity in naming with BMO from Adventure Time ;
; is totally deliberate.                                                         ;
;--------------------------------------------------------------------------------;
[general]
enabled=yes
enablestatic=no
bindaddr=::
bindport=8088
prefix=
tlsenable=yes
tlsbindport=8089
tlsbindaddr=::
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlsprivatekey=/etc/asterisk/keys/ca.crt

 

- rtp settings

We need to add a STUN server, which assists with NAT transversal through firewalls.  Depending on your firewall, you may not need a STUN server, but without it you may run into audio issues.  There are numrous public stun servers to use, I chose to use stun.l.google.com:19302.  Here is a website you can test the stun servers with https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/

Asterisk uses config files in /etc/asterisk directory, so to enable the STUN server, in a stand-alone Asterisk installation, typically we would edit /etc/asterisk/rtp.conf, but since we are utilizing FreePBX, if we were to edit this manually, it would be overwritten as FreePBX stores all of it's info in a database and does not read from this file (although Asterisk still does).  FreePBX has

rtp.conf

rtp_additional.conf

rtp_custom.conf

As with the http configuration, I opted to make my additions through the FreePBX interface.

 

Settings > Asterisk SIP Settings > RTP Settings

STUN Server Address : stun.l.google.com:19302

Click on Submit and Apply Config when finished

Here's the /etc/asterisk/rtp_additional.conf that FreePBX wrote (do not edit this file, only shown here as reference)

;--------------------------------------------------------------------------------;
;          Do NOT edit this file as it is auto-generated by FreePBX.             ;
;--------------------------------------------------------------------------------;
; For information on adding additional paramaters to this file, please visit the ;
; FreePBX.org wiki page, or ask on IRC. This file was created by the new FreePBX ;
; BMO - Big Module Object. Any similarity in naming with BMO from Adventure Time ;
; is totally deliberate.                                                         ;
;--------------------------------------------------------------------------------;

[general]
rtpstart=10000
rtpend=20000
rtpchecksums=yes
strictrtp=yes
stunaddr=stun.l.google.com:19302

 

- sip settings

We need to modify some SIP settings, including creating extensions. 

Asterisk 11 (Asterisk 12 is different and this part will not apply, you will need to look at pjsip.conf, which is beyond this scope) uses config files in /etc/asterisk directory, so to edit these changes in a stand-alone Asterisk installation, typically we would edit /etc/asterisk/sip.conf, but since we are utilizing FreePBX, if we were to edit this manually, it would be overwritten as FreePBX stores all of it's info in a database and does not read from this file (although Asterisk still does).  FreePBX has

sip.conf

sip_additional.conf

sip_custom.conf

sip_custom_post.conf

sip_general_additional.conf

sip_general_custom.conf

sip_registrations.conf

sip_registrations_custom.conf

We can manually edit *custom files without being overwritten by FreePBX, but note that anything we add in these configs, will not be shown in the FreePBX interface, so if we add extension 6001 in /etc/asterisk/sip_custom_post.conf, it will not show up in the FreePBX user interface.

For WebRTC extensions, I manually added the information in the config files.  Even though we can add extensions through the FreePBX interface, I was missing the fields to add DTLS information for the extension (I'm not sure why), otherwise you can simply add this extension through the FreePBX interface.

We will add extension 6001 for use with WebRTC

nano /etc/asterisk/sip_custom_post.conf

[6001]
deny=0.0.0.0/0.0.0.0
secret=6001
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
sendrpid=no
type=friend
nat=force_rport,comedia
qualify=yes
qualifyfreq=60
transport=udp,ws
avpf=yes
force_avp=yes
icesupport=yes
encryption=yes
callgroup=
pickupgroup=
dial=SIP/6001
permit=0.0.0.0/0.0.0.0
callerid=6001 <6001>
callcounter=yes
faxdetect=no
directmedia=no
disallow=all
allow=ulaw
dtlsenable=yes
dtlsverify=fingerprint
dtlscertfile=/etc/asterisk/keys/asterisk.pem
dtlscafile=/etc/asterisk/keys/ca.crt
dtlssetup=actpass

*Change secret=6001, as this is the password used to register the extension, make it a little more secure than 6001...

 

- extensions settings

This is where the dialplan is executed.  For testing purposes, I usually dial extension *60 (for audio playback of current time) or *43 (for echo test, to test audio to and from), but we can add an additional extension manually for testing.  If you only want to use extensions that are already available to you, you can skip over this to section Restart Asterisk below.

There are different ways to go about modifying the extensions, and since we are using FreePBX as our front end, we need to be cautious when manually editing conf files, and keep everything synced.  I will show you 2 methods I've used when creating a dial plan.  In this example, you only have to do it once, either using Method 1 or Method 2.  I feel Method 2 is probably the better way.

 

- extensions settings Method 1

Typically we would edit /etc/asterisk/extensions.conf, but since we are utilizing FreePBX, if we were to edit this manually, it would be overwritten as FreePBX stores all of it's info in a database and does not read from this file (although Asterisk still does).  FreePBX has

extensions.conf

extensions_additional.conf

extensions_custom.conf

extensions_override_freepbx.conf

We can manually edit *custom files without being overwritten by FreePBX, but note that anything we add in these configs, will not be shown in the FreePBX interface.  We'll start with our first example, by editing the /etc/asterisk/extensions_custom.conf file

nano /etc/asterisk/extensions_custom.conf

and copy and paste (Ctrl+x and y to save file)

[from-internal-custom]
include => play-monkeys
include => web-rtc
include => congrats

[play-monkeys]
exten => 66,1,Answer()
same => n,Playback(tt-monkeys)
same => n,Hangup()

[web-rtc]
exten => 6001,1,Dial(SIP/6001)
same => n,Hangup(16)

[congrats]
exten => 3000,1,Answer()
same => n,Playback(demo-congrats)
same => n,Hangup()

This now gives us 3 new extensions we can call, 66, 6001, and 3000.

 

We need to reload Asterisk any time we make changes in the config files in order for the changes to take effect.

asterisk -rx "core reload"

Now if we were to dial extension 3000 from a registered device on our Asterisk server, we would get an automated message, saying congratulations!

 

If we are using FreePBX as part of our installation, at this point we want to log into the interface and update this information about extensions 66, 6001, and 3000 that we added, to its database.  Because FreePBX does not read these custom configs, we tell it that extension 3000 is in use, so to avoid conflicts down the road.

Log into the FreePBX web admin page http://<your-ip-of server>/admini (In my  case it's http://raspbx/admin)

Click on Admin > Custom Extensions

and fill in the fields, this only documents the addition we made in /etc/asterisk/extensions_custom.conf, it does not add an extension.  When your finished click Submit and Apply Config.

- extensions settings Method 2

Do this only if you chose NOT to use extensions settings Method 1.  I feel this is the more proper way of adding to our dial plan.  We will manually edit /etc/asterisk/extensions_custom.conf but we will do it a little differently, utilizing a module in FreePBX called Misc Applications.  It was not installed on my installation, so we will first install the module, Misc Applications.  Go to the FreePBX web browser, click on Admin > Module Admin then click on Check Online.

This will load up available modules that we can install into our FreePBX server.  Scroll down to Applications and locate the module labelled Misc Applications and click Download and Install and scroll down and Process.

Copy and paste the following into /etc/asterisk/extensions_custom.conf

nano /etc/asterisk/extensions_custom.conf

[from-internal-custom]
include => play-monkeys
include => web-rtc
include => congrats

[play-monkeys]
exten => s,1,Answer()
exten => s,n,Playback(tt-monkeys)
exten => s,n,Hangup()

[web-rtc]
exten => s,1,Dial(SIP/s)
exten => s,n,Hangup(16)

[congrats]
exten => s,1,Answer()
exten => s,n,Playback(demo-congrats)
exten => s,n,Hangup()

 

Then go to your FreePBX admin interface and click Admin > Custom Destinations and Add Destination

• Target: play-monkeys,s,1
• Description: Monkeys

Click Submit

Click Applications > Misc Applications

• Decription: Monkey Sounds
• Feature Code: <any extension you want> 67
• Destination > Custom Destinations > Monkeys

Click Submit and Apply Config

and now when you dial 67 you will hear the monkeys.  Do this for any other extensions you manually set up in /etc/asterisk/extensions_custom.conf

 

Restart Asterisk

Since we made many changes, I like to restart the Asterisk service

asterisk -rx "core restart now"

 

To test to see if the asterisk web server is running go to, (change raspbx to the IP/hostname of your Asterix server)

http://raspbx:8088/httpstatus

 

Configure your Firewall

You'll need to open up / port forward some ports from the outside WAN interface to the inside Lan IP of your Asterisk server.  You will need to forward

5060 / tcp&udp (99% of the time it is only udp, but signalling can use tcp, so I always open both)

8088 / tcp (used for websocket for WebRTC)

and depending on your firewall you may also need to open the entire rtp range

10000:20000 / udp (used for rtp data stream)

You will need to consult your router/firewall documentation on how to do this, as every manufacturer is different.

 

WebRTC Test

You can use a HTML5 simML5 web client located at http://www.doubango.org/sipml5/ You will need to change the followng fields:

• Display Name: 6001
• Private Identity: 6001
• Public Identity: sip:6001@<your-public-ip-address>
• Password: <secret-set-in-/etc/asterisk/sip_custom_post.conf>
• Realm: <your-public-ip-address>

Then click on Expert Mode? and edit the following fields

• Disable Video: Check
• Enable RTCWeb Breaker: Un-Check
• Websocket Server Url: ws://<your-public-ip>:8088/ws
• ICE Servers: [url: 'stun.l.google.com:19302']
• Check the rest of the boxes

Click Save

 

Then we will register to our SIP server by clicking Login

Then under Call Control, dial an extension/test extension, I dial *60 or *43 for testing.

 

Conclusion

WebRTC is an great way to merge technologies together, and being able to dial from your browseer, through the internet and reach your Raspberry Pi VoIP server, and stream your audio, to me is pretty neat!! This guide is very specific on Asterisk and FreePBX versions, so if you are running different versions, some of the information may need to be changed to match your specific installation.  My next project is to utilize WebRTC and create a web based conference room to monitor and display audio levels from all parties.

Good Luck and if you have any suggestions or comments, I'd love to get your feedback!

 

Now we can install SIPml5 on our server - SIPml5 Installed on Raspberry Pi 2 Asterisk Server

 

References:

Raspberry Pi Model:

Raspberry Pi 2 Model B

Raspberry Pi Image:

Raspbx Beta raspbx-25-01-2016

cat /etc/*-release:

Raspbian GNU/Linux 8 (jessie)

Kernel:

4.1.15-v7+ GNU/Linux

Asterisk:

Asterisk 11.21.0

FreePbx:

FreePBX 13.0.51

 

https://wiki.asterisk.org/wiki/display/AST/WebRTC+tutorial+using+SIPML5

http://remiphilippe.fr/sips-on-asterisk-sip-security-with-tls/

https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/

http://www.doubango.org/sipml5

http://pbxinaflash.com/community/threads/freepbx-extension-registry-how-to.3164/