WebRTC Issues - Is this the right way to go?

I am running Asterisk 13.9.1, FreePBX, WebRTC Phone Stable Track…

I have been waiting a while for WebRTC as a way to temporarily scale up some callers (at home, on demand) when needed. I have been using a fairly reliable IAX2 web client but would like to abandon it due to it’s security problems, compatibility and setup issues.

WebRTC looked like a perfect replacement years ago, then months ago, then lately… each time I revisit, it seems to get a little closer and a few steps backwards. It seems like there are compatibility inconsistencies when I try to get it running (Firefox vs Chrome)… My hope was to use Chrome on Windows/MacOS but I can’t even get the WebRTC dialer to show in the drop down menu… but in Firefox, it is there… and I can make calls! Yeah!.. but, I can’t receive calls? odd…

Anyways, I realize that WebRTC has been a b*tch to implement and has gone through a lot of stages… and the web browsers have been moving targets in trying to keep things running, reliably/consistently… I very seriously tip my hat to the folks fighting this battle…

I imagine that I am doing something wrong, in which case I will start a thread asking questions, but I have to ask if WebRTC on FreePBX is going to be a constant battle? Are others using this with dedicated callers remotely using a web browser and headset? What browser(s)/OS? Good / bad?

I use it daily with no issues. Sounds like you are not using UCP with SSL. For WebRTC you need to setup your UCP to use a non self signed SSL cert

Thanks for response. Can you confirm the browser and OS you are using?
When I log into my UCP, it is using https with Cert from Let’s Encrypt.

Chrome and OS doesn’t matter. Are you connecting on LAN or WAN. If WAN you need to make sure ports for webrtc are opened.

1 Like

Hi guys, just leaving this here to take in consideration:

Using WAN
Firewall has WebRTC TCP Ports: 8088, 8089
I do have Legacy SIP (chan_sip) disabled in the firewall.
I did have WebRTC Services set to disabled, I have enabled it.
I am using pjsip for the extensions I am testing with (all extensions are pjsip)
I just created a sip extension and have the same results… except fast busy signal for the new extension (no other phones using that extension).

To clarify, Firefox - I have the menu and dialer and can make a call… so it is working. Inbound calls are not.
However using Chrome, there is no menu option for the dialer at all. It’s not there.

After the firewall change, I rebooted the server and restarted browsers and am getting the same results. I disabled the firewall completely, and got the same results.

Is this something that should be entered into FreePBX bug tracker? Or do they already know about it?.. this is the thing that I keep scratching my head about… stuff keeps breaking.

I seem to be getting this on the inbound calls going to the WebRTC extension…

[2017-01-26 01:05:30] VERBOSE[1524][C-00000054] pbx.c: Executing [[email protected]:51] Dial(“Local/[email protected];2”, “PJSIP/222/sip:[email protected]:5060&SIP/99222,67,trM(auto-blkvm)Ib(func-apply-sipheaders^s^1)”) in new stack
[2017-01-26 01:05:30] WARNING[1524][C-00000054] app_dial.c: Unable to create channel of type ‘SIP’ (cause 20 - Subscriber absent)

I do not have those problems. Unless you can give us reproducible steps a bug ticket won’t go anywhere. Maybe someone else here can help out but I am out of ideas.

First, there is a User Management bug regarding webrtc here:

You want a valid TLS cert set up and set to default in Cert Management. The userman bug might mean that the TLS cert shown for webrtc in userman may not be the cert written to sip_additional.conf file. By checking the content of /etc/asterisk/sip_additional.conf, you want to ensure all webrtc extensions (regular extensions prefixed with 99) have lines that look like this:


where the domain shown corresponds to your TLS cert. You want to ensure that none were created using the self signed cert on the system. To fix, disable webrtc for the user, and re-enable with the correct certificate.

Browse to UCP using https and chrome, make sure there are no https or cert errors. You should see the webrtc phone. Audio issues may require a STUN server be set up in Settings, Asterisk SIP Settings.

We already know about this.

I investigated the cert bug and yes, in fact, I was having that problem with the test extension in question. It has been fixed.

I’m not sure if I did something prior to this or not, but now Firefox isn’t loading the dialer (nor is Chrome).

The certs seem fine in both (https/Green and the proper cert from LetsEncrypt), but in Chrome, the debug console indicates:
HTTPS is not enabled for Asterisk
(anonymous) @ jsphp_e0d0c0a….js:129
dispatch @ jquery-1.11.3.min.js:4
r.handle @ jquery-1.11.3.min.js:4
trigger @ jquery-1.11.3.min.js:4
(anonymous) @ jquery-1.11.3.min.js:4
each @ jquery-1.11.3.min.js:2
each @ jquery-1.11.3.min.js:2
trigger @ jquery-1.11.3.min.js:4
(anonymous) @ jsphpg_ec08c25….js:1546
j @ jquery-1.11.3.min.js:2
fireWith @ jquery-1.11.3.min.js:2
x @ jquery-1.11.3.min.js:5
b @ jquery-1.11.3.min.js:5

Making some headway… reset https port settings so UCP is on port 1543.

Opened Web on that port and now Chrome is showing the dialer (RED) with
WebSocket connection to ‘wss://freepbx-xunity.xunity.com:8089/ws’ failed: Error in connection establishment: net::ERR_CONNECTION_REFUSED

The port (8089) is not opened or “Enable the mini-HTTP Server” is disabled or “Enable TLS for the mini-HTTP Server” is disabled in Advanced Settings

Got it working… changed the certs for the mini-http to same as webrtc… dialing in/out works. Will see if I can get this done in a video or something helpful to others.

You should not be changing that manually. It gets updated when you set the certificate to default in certificate manager.

Unfortunately, it did not change automatically… I also rebooted to see if that would resolve the issue.
As soon as I changed the cert around, it worked.

It was set to:

I changed it to:

I can change it back and see if it will automatically switch if I switch the default cert back to old and back to new…

Should also say, I noted some issue with password changes in user manager… I had to use the password icon at the user listing for it to stick.

The integration is correct. When you select default it copies freepbx.domain.com.crt to /integration/certificate.pem

This is how it’s working for everyone else.

What you should do is delete everything in /etc/asterisk/keys/integration

and then reset your default certificate


I am not sure if this topic is still open or not, but I would just like to get some help with WebRTC.

I have a valid cert and the WebRTC module is installed, but I dont see WebRTC options under
Admin > User Manager > UCP

Only an option for Phone. Which just gives me dialer to dial out with, which connects but does not work.