Freepbx WebRTC -> Rejecting secure audio stream without encryption details

Hi All,

I was testing the WebRTC applictation and now I’m running into the following message:
“WARNING[4087][C-0000000d] chan_sip.c: Rejecting secure audio stream without encryption details: audio 54306 RTP/SAVPF 111 103 104 0 8 106 105 13 126”

Does anyone know how to get the WebRTC working?

I was using Google Chrome during my test and the client was registered with the Asterisk.

I’m running the version 5.211.65-14.

Best regards
Christoph

At this time you can’t use the WebRTC module provided by FreePBX.

Hi tm100,

thank you very much for the quick response.
Is there any blog or mailing list which is reporting about the development of the WebRTC feature?

Best regards
Christoph

There are no specific blogs or mailing lists to follow in terms of FreePBX development for just webrtc

@TimmiORG
Run the “Upgrade scripts” to upgade the version to 5.211.65-15. This version includes Asterisk 11.11 which has improvements for WebRTC.

Then apply similar configurations described in SIPJS Configure Asterisk, more specifically the “Setup DTLS Certificates” part and there after. However, since you are on FreePBX environment change the *_custom.conf or related files.

Hi kbeq,

I have updated to the 5.211.65-15 and created the certificates.

I have added the following to the sip.conf

tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1

The error from my first post is gone but now I receive a

SIP/2.0 488 Not Acceptable Here

from my WebRTC client.

Any ideas?

Best regards
Timmi

Not Acceptable Here is a common error returned to the client. Actual problem should be logged in Asterisk. See Asterisk log file with:

tail -300 /var/log/asterisk/full

and search for warnings or errors. Or connect via Asterisk CLI asterisk -rvvvv and check the problem in real time, while trying to call. Increase debug/verbose level and try again.

Which WebRTC client are you using? I have no idea about FreePBX’s webrtc module though.

You need to share the sip debug, maybe there is a codec issue. In the worst case asterisk maybe isn’t compiled with uuid libraries.

Hi guys,

thank you so much for you support.
This is the SIP DEBUG LOG.

192.168.1.5 -> Asterisk
192.168.1.142 -> WebRTC client from FreePBX 2.11.0.0-Beta7

INVITE sip:[email protected];transport=ws SIP/2.0
Via: SIP/2.0/WS 192.168.1.5:5060;branch=z9hG4bK33c515ce;rport
Max-Forwards: 70
From: "SUB A" <sip:[email protected]>;tag=as679eceaf
To: <sip:[email protected];transport=ws>
Contact: <sip:[email protected]:5060;transport=WS>
Call-ID: [email protected]:5060
CSeq: 102 INVITE
User-Agent: FPBX-2.11.0(11.11.0)
Date: Wed, 30 Jul 2014 12:20:20 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 1879

v=0
o=root 2023609872 2023609872 IN IP4 192.168.1.5
s=Asterisk PBX 11.11.0
c=IN IP4 192.168.1.5
b=CT:384
t=0 0
m=audio 10620 RTP/SAVPF 8 9 0 4 111 18 97 3 110 101
a=rtpmap:8 PCMA/8000
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:4 G723/8000
a=fmtp:4 annexa=no
a=rtpmap:111 G726-32/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:97 iLBC/8000
a=fmtp:97 mode=30
a=rtpmap:3 GSM/8000
a=rtpmap:110 speex/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=ice-ufrag:030c7a361619a6ed5977bd4d212778b6
a=ice-pwd:17ebe25b0a181b461ef0c7157a642d2b
a=candidate:Hac1c340b 1 UDP 2130706431 172.28.52.11 10620 typ host
a=candidate:Hc0a80105 1 UDP 2130706431 192.168.1.5 10620 typ host
a=candidate:Hac1c340b 2 UDP 2130706430 172.28.52.11 10621 typ host
a=candidate:Hc0a80105 2 UDP 2130706430 192.168.1.5 10621 typ host
a=connection:new
a=setup:actpass
a=fingerprint:SHA-256 C4:F4:09:68:72:1B:D1:5E:50:68:E1:BE:4B:D1:44:F4:15:26:4B:E4:85:A7:84:C0:5B:AB:2A:2E:ED:63:64:F7
a=sendrecv
m=video 10834 RTP/SAVPF 99 98 34 31
a=ice-ufrag:6919e96b04aa51155e6e55e82c8d2aca
a=ice-pwd:1a099c86180acd2b0f8a7ffd564e7c38
a=candidate:Hac1c340b 1 UDP 2130706431 172.28.52.11 10834 typ host
a=candidate:Hc0a80105 1 UDP 2130706431 192.168.1.5 10834 typ host
a=candidate:Hac1c340b 2 UDP 2130706430 172.28.52.11 10835 typ host
a=candidate:Hc0a80105 2 UDP 2130706430 192.168.1.5 10835 typ host
a=connection:new
a=setup:actpass
a=fingerprint:SHA-256 C4:F4:09:68:72:1B:D1:5E:50:68:E1:BE:4B:D1:44:F4:15:26:4B:E4:85:A7:84:C0:5B:AB:2A:2E:ED:63:64:F7
a=rtpmap:99 H264/90000
a=fmtp:99 redundant-pic-cap=0;parameter-add=0;packetization-mode=0;level-asymmetry-allowed=0
a=rtpmap:98 H263-1998/90000
a=fmtp:98 F=0;I=0;J=0;T=0;K=0;N=0;BPP=0;HRD=0
a=rtpmap:34 H263/90000
a=fmtp:34 F=0;I=0;J=0;T=0;K=0;N=0;BPP=0;HRD=0
a=rtpmap:31 H261/90000
a=sendrecv

---
[2014-07-30 14:20:20] VERBOSE[31465][C-00000012] chan_sip.c: Reliably Transmitting (NAT) to 192.168.1.142:56658:
INVITE sip:[email protected];transport=ws SIP/2.0
Via: SIP/2.0/WS 192.168.1.5:5060;branch=z9hG4bK33c515ce;rport
Max-Forwards: 70
From: "SUB A" <sip:[email protected]>;tag=as679eceaf
To: <sip:[email protected];transport=ws>
Contact: <sip:[email protected]:5060;transport=WS>
Call-ID: [email protected]:5060
CSeq: 102 INVITE
User-Agent: FPBX-2.11.0(11.11.0)
Date: Wed, 30 Jul 2014 12:20:20 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 1879

v=0
o=root 2023609872 2023609872 IN IP4 192.168.1.5
s=Asterisk PBX 11.11.0
c=IN IP4 192.168.1.5
b=CT:384
t=0 0
m=audio 10620 RTP/SAVPF 8 9 0 4 111 18 97 3 110 101
a=rtpmap:8 PCMA/8000
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:4 G723/8000
a=fmtp:4 annexa=no
a=rtpmap:111 G726-32/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:97 iLBC/8000
a=fmtp:97 mode=30
a=rtpmap:3 GSM/8000
a=rtpmap:110 speex/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=ice-ufrag:030c7a361619a6ed5977bd4d212778b6
a=ice-pwd:17ebe25b0a181b461ef0c7157a642d2b
a=candidate:Hac1c340b 1 UDP 2130706431 172.28.52.11 10620 typ host
a=candidate:Hc0a80105 1 UDP 2130706431 192.168.1.5 10620 typ host
a=candidate:Hac1c340b 2 UDP 2130706430 172.28.52.11 10621 typ host
a=candidate:Hc0a80105 2 UDP 2130706430 192.168.1.5 10621 typ host
a=connection:new
a=setup:actpass
a=fingerprint:SHA-256 C4:F4:09:68:72:1B:D1:5E:50:68:E1:BE:4B:D1:44:F4:15:26:4B:E4:85:A7:84:C0:5B:AB:2A:2E:ED:63:64:F7
a=sendrecv
m=video 10834 RTP/SAVPF 99 98 34 31
a=ice-ufrag:6919e96b04aa51155e6e55e82c8d2aca
a=ice-pwd:1a099c86180acd2b0f8a7ffd564e7c38
a=candidate:Hac1c340b 1 UDP 2130706431 172.28.52.11 10834 typ host
a=candidate:Hc0a80105 1 UDP 2130706431 192.168.1.5 10834 typ host
a=candidate:Hac1c340b 2 UDP 2130706430 172.28.52.11 10835 typ host
a=candidate:Hc0a80105 2 UDP 2130706430 192.168.1.5 10835 typ host
a=connection:new
a=setup:actpass
a=fingerprint:SHA-256 C4:F4:09:68:72:1B:D1:5E:50:68:E1:BE:4B:D1:44:F4:15:26:4B:E4:85:A7:84:C0:5B:AB:2A:2E:ED:63:64:F7
a=rtpmap:99 H264/90000
a=fmtp:99 redundant-pic-cap=0;parameter-add=0;packetization-mode=0;level-asymmetry-allowed=0
a=rtpmap:98 H263-1998/90000
a=fmtp:98 F=0;I=0;J=0;T=0;K=0;N=0;BPP=0;HRD=0
a=rtpmap:34 H263/90000
a=fmtp:34 F=0;I=0;J=0;T=0;K=0;N=0;BPP=0;HRD=0
a=rtpmap:31 H261/90000
a=sendrecv

---
<--- SIP read from WS:192.168.1.142:56658 --->
SIP/2.0 100 Trying
Via: SIP/2.0/WS 192.168.1.5:5060;branch=z9hG4bK33c515ce;rport
To: <sip:[email protected];transport=ws>
From: "SUB A" <sip:[email protected]>;tag=as679eceaf
Call-ID: [email protected]:5060
CSeq: 102 INVITE
Content-Length: 0

<------------->

<--- SIP read from WS:192.168.1.142:56658 --->
SIP/2.0 100 Trying
Via: SIP/2.0/WS 192.168.1.5:5060;branch=z9hG4bK33c515ce;rport
To: <sip:[email protected];transport=ws>
From: "SUB A" <sip:[email protected]>;tag=as679eceaf
Call-ID: [email protected]:5060
CSeq: 102 INVITE
Content-Length: 0

<------------->
<--- SIP read from WS:192.168.1.142:56658 --->
SIP/2.0 488 Not Acceptable Here
Via: SIP/2.0/WS 192.168.1.5:5060;branch=z9hG4bK33c515ce;rport
To: <sip:[email protected];transport=ws>;tag=mo81u90e79
From: "SUB A" <sip:[email protected]>;tag=as679eceaf
Call-ID: [email protected]:5060
CSeq: 102 INVITE
Content-Length: 0

<------------->
<--- SIP read from WS:192.168.1.142:56658 --->
SIP/2.0 488 Not Acceptable Here
Via: SIP/2.0/WS 192.168.1.5:5060;branch=z9hG4bK33c515ce;rport
To: <sip:[email protected];transport=ws>;tag=mo81u90e79
From: "SUB A" <sip:[email protected]>;tag=as679eceaf
Call-ID: [email protected]:5060
CSeq: 102 INVITE
Content-Length: 0

<------------->
ACK sip:[email protected];transport=ws SIP/2.0
Via: SIP/2.0/WS 192.168.1.5:5060;branch=z9hG4bK33c515ce;rport
Max-Forwards: 70
From: "SUB A" <sip:[email protected]>;tag=as679eceaf
To: <sip:[email protected];transport=ws>;tag=mo81u90e79
Contact: <sip:[email protected]:5060;transport=WS>
Call-ID: [email protected]:5060
CSeq: 102 ACK
User-Agent: FPBX-2.11.0(11.11.0)
Content-Length: 0


---
ACK sip:[email protected];transport=ws SIP/2.0
Via: SIP/2.0/WS 192.168.1.5:5060;branch=z9hG4bK33c515ce;rport
Max-Forwards: 70
From: "SUB A" <sip:[email protected]>;tag=as679eceaf
To: <sip:[email protected];transport=ws>;tag=mo81u90e79
Contact: <sip:[email protected]:5060;transport=WS>
Call-ID: [email protected]:5060
CSeq: 102 ACK
User-Agent: FPBX-2.11.0(11.11.0)
Content-Length: 0


---

Best regards
Timmi

I didn’t compile asterisk. This is from the freepbxdistro.org repository.

We have a solution coming in the next few weeks for freepbx 12. Setting up tls is wrong. You need to setup dtls for each extension

1 Like

I set up below case .
sipml5 >> webrtc2sip >> asterisk

I find if you use chrome version 34 , it is working .
But if you use chrome 40 , then the error Rejecting secure audio stream without encryption details: audio 9 UDP/TLS/RTP/SAVPF 109 9 0 8 101

will be seen in asterisk debug .
The version of chrome will related o this error …

Thank
Regard/chui king man

Chrome 34 still use SDES, above that version Chrome use DTLS-SRTP. If you want to use Chrome >34 then you need to configure your asterisk to use DTLS-SRTP and its fully supported.

1 Like

WebRTC in 12 supports Chrome 36 and higher.

any update on this? still the same issue

What update are you looking for?

What was the resolution of this issue? Upgrade to Asterisk 12?

The resolution of the issue was upgrade to FreePBX 12