These instructions can be referenced as a general guide. I did my best to document as thoroughly as possible on all the steps required to get WebRTC calling to work.
I am using Asterisk 11 with FreePBX 13 on a Raspberry Pi 2, but this guide can be used for non pi installs as well. Configuration is required both through the FreePBX web interface as well as manually editing some config files in Asterisk.
WebRTC / Asterisk requirements
WebRTC requires the use of sRTP (encrypted) via DTLS key exchange. In order for Asterisk to support sRTP, a few things need to be in place:
- res_srtp (res_srtp.so) must be enabled in your Asterisk during compile time (the raspbx image I used does)
You can test this but running
asterisk -rx "module show" | grep "res_srtp"
- Generate TLS keys, typically this can be done via ./ast_tls_cert script, located in "contrib/scripts", but my image, raspbx did not have this so I had to create the keys with openssl shown below
Generate the Certificate Authority Keys
All commands below run were run as root
Generate ca key
mkdir /etc/asterisk/keys
cd /etc/asterisk/keys
openssl genrsa -des3 -out ca.key 4096
ca.crt
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
key.pem
openssl genrsa -out key.pem 1024
csr
openssl req -new -key key.pem -out req-sip_server.csr
openssl x509 -req -days 365 -in req-sip_server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out cert-sip_server.crt
Create pem compatible for Asterisk
cat key.pem > asterisk.pem
cat cert-sip_server.crt >> asterisk.pem
Configure FreePBX / Asterisk Settings
- Nat settings
We need to make sure the Asterisk server can communicate with the outside world. Below we discuss the ports that we'll need to open on the firewall, but we need to configure some Nat settings in FreePBX first. These settings will need to match your specific network, I cannot provide exact details on how it needs to be setup for your specific network, but this can serve as a guide on how I set mine up. Through the FreePBX web interface
Settings > Asterisk SIP Settings > NAT Settings
and click on detect network settings. If your server is connected to the internet, this should auto populate with the proper settings.
Then go to Chan SIP Settings
tab
and configure Nat settings to match your network. My settings are as follows:
Nat: Yes
IP Configuration: Dynamic
Dynamic Host: <my-ddns-name> FQDN is needed, if above is set to Dynamic
Click on Submit
and Apply Config
when finished
- http settings
We need to first enable Asterisk's http server to allow for websocket connections used in WebRTC. Asterisk uses config files in /etc/asterisk directory, so to enable the http server, in a stand-alone Asterisk installation, typically we would edit /etc/asterisk/http.conf, but since we are utilizing FreePBX, if we were to edit this manually, it would be overwritten as FreePBX stores all of it's info in a database and does not read from this file (although Asterisk still does). FreePBX has
http.conf
http_additional.conf
http_custom.conf
It would seem if we can just add our settings to http_custom.conf, as with *custom configs, FreePBX does not edit, but I noticed if in http_additional.conf FreePBX wrote, enabled=no, even when i added enabled=yes in http_custom.conf, the webserver was not enabled, so I decided to make these changes in the FreePBX webgui.
Settings > Advanced Settings > Asterisk Builtin mini-HTTP server
Enable the mini-HTTP Server : Yes
Enable TLS for the mini-HTTP Server : Yes
HTTPS TLS Certificate Location : /etc/asterisk/keys/asterisk.pem
HTTPS TLS Private Key Location : /etc/asterisk/keys/ca.crt
Click on Submit
and Apply Config
when finished
Here's the /etc/asterisk/http_additional.conf that FreePBX wrote (do notedit this file, only shown here as reference)
;--------------------------------------------------------------------------------;
; Do NOT edit this file as it is auto-generated by FreePBX. ;
;--------------------------------------------------------------------------------;
; For information on adding additional paramaters to this file, please visit the ;
; FreePBX.org wiki page, or ask on IRC. This file was created by the new FreePBX ;
; BMO - Big Module Object. Any similarity in naming with BMO from Adventure Time ;
; is totally deliberate. ;
;--------------------------------------------------------------------------------;
[general]
enabled=yes
enablestatic=no
bindaddr=::
bindport=8088
prefix=
tlsenable=yes
tlsbindport=8089
tlsbindaddr=::
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlsprivatekey=/etc/asterisk/keys/ca.crt
- rtp settings
We need to add a STUN server, which assists with NAT transversal through firewalls. Depending on your firewall, you may not need a STUN server, but without it you may run into audio issues. There are numrous public stun servers to use, I chose to use stun.l.google.com:19302. Here is a website you can test the stun servers with https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
Asterisk uses config files in /etc/asterisk directory, so to enable the STUN server, in a stand-alone Asterisk installation, typically we would edit /etc/asterisk/rtp.conf, but since we are utilizing FreePBX, if we were to edit this manually, it would be overwritten as FreePBX stores all of it's info in a database and does not read from this file (although Asterisk still does). FreePBX has
rtp.conf
rtp_additional.conf
rtp_custom.conf
As with the http configuration, I opted to make my additions through the FreePBX interface.
Settings > Asterisk SIP Settings > RTP Settings
STUN Server Address : stun.l.google.com:19302
Click on Submit
and Apply Config
when finished
Here's the /etc/asterisk/rtp_additional.conf that FreePBX wrote (do not edit this file, only shown here as reference)
;--------------------------------------------------------------------------------;
; Do NOT edit this file as it is auto-generated by FreePBX. ;
;--------------------------------------------------------------------------------;
; For information on adding additional paramaters to this file, please visit the ;
; FreePBX.org wiki page, or ask on IRC. This file was created by the new FreePBX ;
; BMO - Big Module Object. Any similarity in naming with BMO from Adventure Time ;
; is totally deliberate. ;
;--------------------------------------------------------------------------------;
[general]
rtpstart=10000
rtpend=20000
rtpchecksums=yes
strictrtp=yes
stunaddr=stun.l.google.com:19302
- sip settings
We need to modify some SIP settings, including creating extensions.
Asterisk 11 (Asterisk 12 is different and this part will not apply, you will need to look at pjsip.conf, which is beyond this scope) uses config files in /etc/asterisk directory, so to edit these changes in a stand-alone Asterisk installation, typically we would edit /etc/asterisk/sip.conf, but since we are utilizing FreePBX, if we were to edit this manually, it would be overwritten as FreePBX stores all of it's info in a database and does not read from this file (although Asterisk still does). FreePBX has
sip.conf
sip_additional.conf
sip_custom.conf
sip_custom_post.conf
sip_general_additional.conf
sip_general_custom.conf
sip_registrations.conf
sip_registrations_custom.conf
We can manually edit *custom files without being overwritten by FreePBX, but note that anything we add in these configs, will not be shown in the FreePBX interface, so if we add extension 6001 in /etc/asterisk/sip_custom_post.conf, it will not show up in the FreePBX user interface.
For WebRTC extensions, I manually added the information in the config files. Even though we can add extensions through the FreePBX interface, I was missing the fields to add DTLS information for the extension (I'm not sure why), otherwise you can simply add this extension through the FreePBX interface.
We will add extension 6001 for use with WebRTC
nano /etc/asterisk/sip_custom_post.conf
[6001]
deny=0.0.0.0/0.0.0.0
secret=6001
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
sendrpid=no
type=friend
nat=force_rport,comedia
qualify=yes
qualifyfreq=60
transport=udp,ws
avpf=yes
force_avp=yes
icesupport=yes
encryption=yes
callgroup=
pickupgroup=
dial=SIP/6001
permit=0.0.0.0/0.0.0.0
callerid=6001 <6001>
callcounter=yes
faxdetect=no
directmedia=no
disallow=all
allow=ulaw
dtlsenable=yes
dtlsverify=fingerprint
dtlscertfile=/etc/asterisk/keys/asterisk.pem
dtlscafile=/etc/asterisk/keys/ca.crt
dtlssetup=actpass
*Change secret=6001, as this is the password used to register the extension, make it a little more secure than 6001...
- extensions settings
This is where the dialplan is executed. For testing purposes, I usually dial extension *60 (for audio playback of current time) or *43 (for echo test, to test audio to and from), but we can add an additional extension manually for testing. If you only want to use extensions that are already available to you, you can skip over this to section Restart Asterisk below.
There are different ways to go about modifying the extensions, and since we are using FreePBX as our front end, we need to be cautious when manually editing conf files, and keep everything synced. I will show you 2 methods I've used when creating a dial plan. In this example, you only have to do it once, either using Method 1 or Method 2. I feel Method 2 is probably the better way.
- extensions settings Method 1
Typically we would edit /etc/asterisk/extensions.conf, but since we are utilizing FreePBX, if we were to edit this manually, it would be overwritten as FreePBX stores all of it's info in a database and does not read from this file (although Asterisk still does). FreePBX has
extensions.conf
extensions_additional.conf
extensions_custom.conf
extensions_override_freepbx.conf
We can manually edit *custom files without being overwritten by FreePBX, but note that anything we add in these configs, will not be shown in the FreePBX interface. We'll start with our first example, by editing the /etc/asterisk/extensions_custom.conf file
nano /etc/asterisk/extensions_custom.conf
and copy and paste (Ctrl+x
and y
to save file)
[from-internal-custom]
include => play-monkeys
include => web-rtc
include => congrats
[play-monkeys]
exten => 66,1,Answer()
same => n,Playback(tt-monkeys)
same => n,Hangup()
[web-rtc]
exten => 6001,1,Dial(SIP/6001)
same => n,Hangup(16)
[congrats]
exten => 3000,1,Answer()
same => n,Playback(demo-congrats)
same => n,Hangup()
This now gives us 3 new extensions we can call, 66, 6001, and 3000.
We need to reload Asterisk any time we make changes in the config files in order for the changes to take effect.
asterisk -rx "core reload"
Now if we were to dial extension 3000 from a registered device on our Asterisk server, we would get an automated message, saying congratulations!
If we are using FreePBX as part of our installation, at this point we want to log into the interface and update this information about extensions 66, 6001, and 3000 that we added, to its database. Because FreePBX does not read these custom configs, we tell it that extension 3000 is in use, so to avoid conflicts down the road.
Log into the FreePBX web admin page http://<your-ip-of server>/admini (In my case it's http://raspbx/admin)
Click on Admin > Custom Extensions
and fill in the fields, this only documents the addition we made in /etc/asterisk/extensions_custom.conf, it does not add an extension. When your finished click Submit
and Apply Config
.
- extensions settings Method 2
Do this only if you chose NOT to use extensions settings Method 1. I feel this is the more proper way of adding to our dial plan. We will manually edit /etc/asterisk/extensions_custom.conf but we will do it a little differently, utilizing a module in FreePBX called Misc Applications. It was not installed on my installation, so we will first install the module, Misc Applications. Go to the FreePBX web browser, click on Admin > Module Admin
then click on Check Online
.
This will load up available modules that we can install into our FreePBX server. Scroll down to Applications
and locate the module labelled Misc Applications and click Download and Install
and scroll down and Process
.
Copy and paste the following into /etc/asterisk/extensions_custom.conf
nano /etc/asterisk/extensions_custom.conf
[from-internal-custom]
include => play-monkeys
include => web-rtc
include => congrats
[play-monkeys]
exten => s,1,Answer()
exten => s,n,Playback(tt-monkeys)
exten => s,n,Hangup()
[web-rtc]
exten => s,1,Dial(SIP/s)
exten => s,n,Hangup(16)
[congrats]
exten => s,1,Answer()
exten => s,n,Playback(demo-congrats)
exten => s,n,Hangup()
Then go to your FreePBX admin interface and click Admin > Custom Destinations
and Add Destination
- Target: play-monkeys,s,1
- Description: Monkeys
Click Submit
Click
Applications > Misc Applications
- Decription: Monkey Sounds
- Feature Code: <any extension you want> 67
- Destination > Custom Destinations > Monkeys
Click Submit
and Apply Config
and now when you dial 67 you will hear the monkeys. Do this for any other extensions you manually set up in /etc/asterisk/extensions_custom.conf
Restart Asterisk
Since we made many changes, I like to restart the Asterisk service
asterisk -rx "core restart now"
To test to see if the asterisk web server is running go to, (change raspbx to the IP/hostname of your Asterix server)
Configure your Firewall
You'll need to open up / port forward some ports from the outside WAN interface to the inside Lan IP of your Asterisk server. You will need to forward
5060 / tcp&udp (99% of the time it is only udp, but signalling can use tcp, so I always open both)
8088 / tcp (used for websocket for WebRTC)
and depending on your firewall you may also need to open the entire rtp range
10000:20000 / udp (used for rtp data stream)
You will need to consult your router/firewall documentation on how to do this, as every manufacturer is different.
WebRTC Test
You can use a HTML5 simML5 web client located at http://www.doubango.org/sipml5/ You will need to change the followng fields:
- Display Name: 6001
- Private Identity: 6001
- Public Identity: sip:6001@<your-public-ip-address>
- Password: <secret-set-in-/etc/asterisk/sip_custom_post.conf>
- Realm: <your-public-ip-address>
Then click on
Expert Mode?
and edit the following fields
- Disable Video: Check
- Enable RTCWeb Breaker: Un-Check
- Websocket Server Url: ws://<your-public-ip>:8088/ws
- ICE Servers: [url: 'stun.l.google.com:19302']
- Check the rest of the boxes
Then we will register to our SIP server by clicking Login
Then under Call Control, dial an extension/test extension, I dial *60 or *43 for testing.
Conclusion
WebRTC is an great way to merge technologies together, and being able to dial from your browseer, through the internet and reach your Raspberry Pi VoIP server, and stream your audio, to me is pretty neat!! This guide is very specific on Asterisk and FreePBX versions, so if you are running different versions, some of the information may need to be changed to match your specific installation. My next project is to utilize WebRTC and create a web based conference room to monitor and display audio levels from all parties.
Good Luck and if you have any suggestions or comments, I'd love to get your feedback!
Now we can install SIPml5 on our server - SIPml5 Installed on Raspberry Pi 2 Asterisk Server
References:
Raspberry Pi Model:
Raspberry Pi 2 Model B
Raspberry Pi Image:
Raspbx Beta raspbx-25-01-2016
cat /etc/*-release:
Raspbian GNU/Linux 8 (jessie)
Kernel:
4.1.15-v7+ GNU/Linux
Asterisk:
Asterisk 11.21.0
FreePbx:
FreePBX 13.0.51
https://wiki.asterisk.org/wiki/display/AST/WebRTC+tutorial+using+SIPML5
http://remiphilippe.fr/sips-on-asterisk-sip-security-with-tls/
https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
http://www.doubango.org/sipml5
http://pbxinaflash.com/community/threads/freepbx-extension-registry-how-to.3164/