[Freeswitch-dev] WebRTC and Freeswitch 1.5 using IPv6

Tom Parrott tomp at tomp.co.uk
Mon Jul 28 21:29:03 MSD 2014

Hi Brian,

I've made some progress, after about 5 hours (on and off) digging around 
the source code and trying rebuilds of Freeswitch I found a reference to 
the cert dir in argv, and then found that there is a command line 
parameter in Freeswitch called -certs

Hurrah! A quick modification to my start up script so it looks like this:

freeswitch -certs /etc/freeswitch/certs

And then copying the same combined cert/key/chain file I used for the 
WSS cert into


And now I don't get those cert errors, and I can actually make and 
receive a call (over IPv4 WSS only).

It would be great to put a quick note on the webrtc page about needing 
to configure the certs dir. It would save newbies like me so much time.

I used an /etc/hosts entry on my client machine to allow me to use my 
external domain cert - to bypass the IPv6 issue for the moment.

So now there are only 2 issues remaining:

 1. IPv6 WS/WSS sockets don't stay up more than 3s - shall I open a bug
    for this?
 2. When making or receiving a call, the Firefox client could send audio
    (I heard it on my desk phone), but it could not receive audio (even
    though I could see UDP packets arriving from Freeswitch onto my
    client machine on the correct port negotiated).

Any ideas, presumably this is a codec issue, but I've tried just doing 
the echo test (i.e taking the handset out of the equation) and still no 
luck. Also tried with PCMU and Opus, no difference.


On 27/07/14 14:09, Tom Parrott wrote:
> Hi,
> I am experimenting with WebRTC and am failing quite dismally - mainly 
> due to lack of documentation.
> I realise this is an emerging technology and the standards are moving, 
> but presumably it does work in some scenarios and it would be great if 
> a working setup could be documented.
> Anyway, I think I might have found a bug, but have no way to tell 
> because I've never been able to get WebRTC working with Freeswitch.
> Here's my setup so far:
>   * FreeSWITCH Version 1.5.14b+git~20140725T212415Z~c411f8c7a9~32bit
>     (git c411f8c 2014-07-25 21:24:15Z 32bit)
>   * IPv6 addresses - due to shortage of global IPv4 address, I am
>     forced to use IPv6
>   * SIPJS - http://sipjs.com/
>   * Firefox 31/Fedora 20
>   * Apache 2.4.9/Mod_SSL
>   * Startcom SSL cert (which I have configured with Apache fine)
> What I am able to do:
> If I setup the internal IPv4 profile with ws-binding, I can use SIPJS 
> to register and can successfully see a user registered in Freeswitch 
> from the browser.
> I can then use SIPJS to make a call, and my desk phone rings, however 
> I get no media (UDP packets are being sent but presumably neither side 
> can decode it).
> I also see these errors in the fs_cli debug output though:
> *
> **2014-07-27 13:04:12.108836 [ERR] switch_core_cert.c:210 FP FILE ERR!**
> **2014-07-27 13:04:12.108836 [ERR] switch_core_cert.c:210 FP FILE ERR!**
> **2014-07-27 13:04:12.148104 [ERR] switch_rtp.c:2975 audio DTLS cert 
> err [5]*
> But I can find no proper documentation on what is required for DTLS or 
> where to put the cert files.
> Next up I tried IPv6 in the internal-ipv6 profile:
>     <param name="tls-cert-dir" value="/etc/freeswitch/certs"/>
>     <param name="wss-binding" value=":7443"/>
> I concatenated the cert, key and chain certs together into 
> /etc/freeswitch/certs/wss.pem and can successfully connect using WSS 
> and SIPJS.
> The problem however is that although I can see a register, Freeswitch 
> then kills the registration connection a couple of seconds later.
> It is also showing the registration as using WSS-NAT, how can that be 
> possible on IPv6?
> How can I turn off NAT detection on the IPv6 profile?
> Any guidance would be very much appreciated and I will post my setup 
> to my blog and the Freeswitch wiki if I can get it working, to help 
> people in the future.
> Thanks
> Tom

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20140728/001660d4/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4237 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20140728/001660d4/attachment-0001.bin 

Join us at ClueCon 2014 Aug 4-7, 2014
More information about the FreeSWITCH-dev mailing list