Freepbx Webrtc One Way Audio Behind Nat

Hello,

I have been configuring a freepbx server with webrtc behind nat
i have a problem that when i dial from a webrtc client to a webrtc or dial from a sip to a webrtc client
not able to hear audio on one side
it’s caller can’t hear the callee
while the callee can hear the caller.

this is link to pjsip logs

one issue i see here is that in sdp
c
o
is pointing to internal ip
not sure how to change this

as ice candidates are correctly set internal ip → external ip

and when dialing to sip endpoint the
o
c
are configured with external ip while invite packet is sent

pjsip logs

this is my current configuration of webrtc client

[1000]
type=endpoint
aors=1000
auth=1000-auth
tos_audio=ef
tos_video=af41
cos_audio=5
cos_video=4
allow=ulaw,alaw,gsm,g726,g722,opus
context=from-internal
callerid=1000 <1000>

dtmf_mode=rfc4733
direct_media=no
aggregate_mwi=yes
use_avpf=yes
rtcp_mux=yes
max_audio_streams=1
max_video_streams=1
bundle=yes
ice_support=yes
media_use_received_transport=no
trust_id_inbound=yes
user_eq_phone=no
send_connected_line=yes
media_encryption=dtls
timers=yes
timers_min_se=90
media_encryption_optimistic=yes
refer_blind_progress=yes
rtp_timeout=30
rtp_timeout_hold=300
rtp_keepalive=0
send_pai=yes
rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes
language=en
one_touch_recording=on
record_on_feature=apprecord
record_off_feature=apprecord
dtls_verify=no
dtls_setup=actpass
dtls_rekey=0
dtls_auto_generate_cert=yes

any help would be much appreciated

one thing to mention that calls from webrtc to sip work properly
but any call made to webrtc to webrtc endpoint there is always muting
the caller can’t here the callee always

my rtp.conf configuration

[general]
rtpstart=10000
rtpend=20000
rtpchecksums=no
strictrtp=no

[ice_host_candidates]
192.168.90.144 => 198.233.100.74

I also have the issue the ssl error is showing up when ever user registers

[2024-12-12 13:36:20] ERROR[765830]: iostream.c:663 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0)::reason(1), Internal SSL error
[2024-12-12 13:36:20] ERROR[765830]: tcptls.c:179 handle_tcptls_connection: Unable to set up ssl connection with peer ‘149.88.23.116:33322’
[2024-12-12 13:36:20] ERROR[765830]: iostream.c:563 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0)::reason(1), Internal SSL error

even though i have generated the certificate from let’s encrypt and had it configured on freepbx server
while the certificate is accepted on the browser

one other issue i am seeing with webrtc

while the muting issue still remains

Okay So I finally figured it out had to do a lot of different things
i am sharing my configuration here so it helps somebody else some day

this is my pjsip.endpoint.conf

[1000]
type=endpoint
aors=1000
auth=1000-auth
tos_audio=ef
tos_video=af41
cos_audio=5
cos_video=4
allow=ulaw,alaw,gsm,g726,g722,opus
context=from-internal
callerid=1000 <1000>

dtmf_mode=rfc4733
direct_media=no
aggregate_mwi=yes
use_avpf=yes
rtcp_mux=yes
max_audio_streams=1
max_video_streams=1
bundle=yes
ice_support=yes
media_use_received_transport=yes
trust_id_inbound=yes
user_eq_phone=no
send_connected_line=yes
media_encryption=dtls
timers=yes
timers_min_se=90
media_encryption_optimistic=yes
refer_blind_progress=yes
rtp_timeout=30
rtp_timeout_hold=300
rtp_keepalive=0
send_pai=yes
rtp_symmetric=yes
rewrite_contact=yes
force_rport=yes
language=en
one_touch_recording=on
record_on_feature=apprecord
record_off_feature=apprecord
dtls_verify=fingerprint
dtls_setup=actpass
dtls_rekey=0
dtls_auto_generate_cert=yes

my rtp.conf

[general]
rtpstart=10000
rtpend=20000
rtpchecksums=no
strictrtp=no

[ice_host_candidates]
internal => external

most of my configurations were correct
issue was with the web client i was using
shifted to

now two way audio works for both parties webrtc to webrtc,
sip to webrtc

in freepbx advanced settings changed the directory for certificates for https
pointed them to the
let encrypt certificates

but still had to do
https://ip:8089/ws
on the browser once
which did solve the ssl error on the server.

that was pretty much it but took a lot of time to figure but i think my main issue was
with the web client i was using

hope this helps some one else