In this article we are going to talk about how to use STUN and TURN servers in Asterisk

An Overview of Network challenges in VoIP Communication

  • Bandwidth variability: VoIP requires a consistant bandwidth, variability in bandwidth due to network congestion or any other issues leads to a degradation in quality
  • Latency: latency is another factor in VoIP. If you have very high latency it does not feel like real time communication because there is a lot of delay when one person speaks and the other person hears on the other hand.
  • Jitter: Jitter leads to variation in packet arrival time which leads to distruption in voice and video communication
  • Packet Loss: Missing data packets in communication leads to gaps in voice and video transmission
  • NAT and Firewall issues: NAT and firewall rules block direct communication and hence you require TURN servers for Nat traversals

What is Asterisk and STUN and TURN servers

  • Asterisk: Asterisk is an open source PBX private branch exchange. It allows computers to act as VoIP servers and connect calls through the internet
  • STUN ( Session Traversal Utilities for NAT) : This is a protocol that runs on a server called as the STUN server which helps devices that are behind a NAT discover what their public IP address and port number is
  • TURN (Traversal using relays around NAT): It is a protocol and a server that relayes VoIP traffic throgh a server. This is used for direct comunication between devices that are behind NAT

Role of TURN server for Asterisk

  • Reliability: A Robust turn server is a requirement for high quality VoIP calls this is because it establishes and maintains connection through NAT and firewall rules and reduces issues such as latency, jitter and packet loss.
  • Quality: TURN servers reduces issues such as packet loss, jitter and bandwidth variability.
  • Security: TURN servers provide security because TURN server connections are end to end encrypted and so no one and that is not even the turn server provider can access the data passing through the turn servers.
  • Global accessibility: You need a turn server service that has turn server positioned globally this can greatly reduce latency and improve the quality of service of voice and video calls.
Metered TURN Servers

Metered TURN servers

  1. API: TURN server management with powerful API. You can do things like Add/ Remove credentials via the API, Retrieve Per User / Credentials and User metrics via the API, Enable/ Disable credentials via the API, Retrive Usage data by date via the API.
  2. Global Geo-Location targeting: Automatically directs traffic to the nearest servers, for lowest possible latency and highest quality performance. less than 50 ms latency anywhere around the world
  3. Servers in 12 Regions of the world: Toronto, Miami, San Francisco, Amsterdam, London, Frankfurt, Bangalore, Singapore,Sydney, Seoul
  4. Low Latency: less than 50 ms latency, anywhere across the world.
  5. Cost-Effective: pay-as-you-go pricing with bandwidth and volume discounts available.
  6. Easy Administration: Get usage logs, emails when accounts reach threshold limits, billing records and email and phone support.
  7. Standards Compliant: Conforms to RFCs 5389, 5769, 5780, 5766, 6062, 6156, 5245, 5768, 6336, 6544, 5928 over UDP, TCP, TLS, and DTLS.
  8. Multi‑Tenancy: Create multiple credentials and separate the usage by customer, or different apps. Get Usage logs, billing records and threshold alerts.
  9. Enterprise Reliability: 99.999% Uptime with SLA.
  10. Enterprise Scale: With no limit on concurrent traffic or total traffic. Metered TURN Servers provide Enterprise Scalability
  11. 5 GB/mo Free: Get 5 GB every month free TURN server usage with the Free Plan
  12. Runs on port 80 and 443
  13. Support TURNS + SSL to allow connections through deep packet inspection firewalls.
  14. Support STUN
  15. Supports both TCP and UDP
  16. Free Unlimited STUN

Getting STUN TURN creds for Asterisk

You absolutely need a stun and turn server to run Asterisk calls with users that are on the internet.

If you are using asterisk to call users that are within the same local network only then you do not need a stun and turn servers

Here is a how you can configure Asterisk to run with STUN and TURN server.

Need: To connect with users that are behind different NAT routers and firewall rules. That is most of the users that are on the internet.

First you need a TURN server provider in order to get the TURN and STUN credentials

In this article we are going with Metered TURN servers, an another option would be to run your own turn server with the open source turn server project CoTURN

You still bear costs with the open source project because you need to rent a cloud server to run it plus there are costs associated with bandwidth and devops.

Step 1: Go to Metered.ca/stun-turn

Go to the Metered TURN server website and sign up for a free account. You get 5 gb of monthly turn server data and unlimited stun serve usage. this is more than enough for light usage with Asterisk.

Step 2: Create a free account

Click on the get started button to create a free account with metered turn servers.

Step 3: Create your first STUN and TURN credential

After you have signed up then click on the "Add credential" button to create a stun and turn credential

Create a turn server credential

You can also choose the region where you want the turn server to be located or you can choose the Global auto routing for automatically routing the calls to the server nearest to the user

After you have created a turn server credential then click on the "Instruction" button to get the STUN and TURN credentials

get the stun turn credential

lastly click on teh instructions button to get the ICE server array. The Ice server array changes automatically when you choose turn servers from different regions of the world

Step 4: Test the TURN server (optional)

You can also test your newly created credential

  1. By creating a live meeting on : TURN server demo meeting
  2. Putting in your turn credentials in the ICE test: Turn Server Testing Tool

Step By Step How to add STUN and TURN Servers to Asterisk

Step 1: Prerequisites

Ensure that you have admin prevelages to the Asterisk server

Step 2 Configuring STUN In Asterisk

Edit the sip.conf file. the file is located in /etc/asterisk/. This file configures the SIP protocol settings

  1. Open the sip.conf
sudo nano /etc/asterisk/sip.conf

2. Go to the general section and add the following to configure your STUN server

stunaddr=stun.relay.metered.ca:80

save and close the file

Step 3: Configure TURN in Asterisk

Open the sip.conf file and add the turn server configuration like

add the following settings under the [general] section

turnaddr=global.relay.metered.ca:80
turnusername=a7cc1fecf1784345cb9fb734
turnpassword=71iOW24PSSwH5jXC

turn server credentials

also search for icesupport = yes and set it to yes.

save and close

the sample general file would look something like this

[general]

stunaddr=stun.relay.metered.ca:80
turnaddr=global.relay.metered.ca:80
turnusername=a7cc1fecf1784345cb9fb734
turnpassword=71iOW24PSSwH5jXC

context=public                  ; Default context for incoming calls. Defaults to 'default'
;allowguest=no                  ; Allow or reject guest calls (default is yes)
				; If your Asterisk is connected to the Internet
				; and you have allowguest=yes
				; you want to check which services you offer everyone
				; out there, by enabling them in the default context (see below).
;match_auth_username=yes        ; if available, match user entry using the
                                ; 'username' field from the authentication line
                                ; instead of the From: field.
allowoverlap=no                 ; Disable overlap dialing support. (Default is yes)
;allowoverlap=yes               ; Enable RFC3578 overlap dialing support.
                                ; Can use the Incomplete application to collect the
                                ; needed digits from an ambiguous dialplan match.
;allowoverlap=dtmf              ; Enable overlap dialing support using DTMF delivery
                                ; methods (inband, RFC2833, SIP INFO) in the early
                                ; media phase.  Uses the Incomplete application to
                                ; collect the needed digits.
;allowtransfer=no               ; Disable all transfers (unless enabled in peers or users)
                                ; Default is enabled. The Dial() options 't' and 'T' are not
                                ; related as to whether SIP transfers are allowed or not.
;realm=mydomain.tld             ; Realm for digest authentication
                                ; defaults to "asterisk". If you set a system name in
                                ; asterisk.conf, it defaults to that system name
                                ; Realms MUST be globally unique according to RFC 3261
                                ; Set this to your host name or domain name
;domainsasrealm=no              ; Use domains list as realms
                                ; You can serve multiple Realms specifying several
                                ; 'domain=...' directives (see below). 
                                ; In this case Realm will be based on request 'From'/'To' header
                                ; and should match one of domain names.
                                ; Otherwise default 'realm=...' will be used.
;recordonfeature=automixmon	; Default feature to use when receiving 'Record: on' header
				; from an INFO message. Defaults to 'automon'. Works with
				; dynamic features. Feature must be usable on requesting
				; channel for it to work. Setting this value to a blank
				; will disable it.
;recordofffeature=automixmon	; Default feature to use when receiving 'Record: off' header
				; from an INFO message. Defaults to 'automon'. Works with
				; dynamic features. Feature must be usable on requesting
				; channel for it to work. Setting this value to a blank
				; will disable it.

sip.conf file sample

Step 4: Configure the RTP and Media Settings

Edit the rtp.conf file to define the RTP port ranges and specify TURN server for media traffic

Open the rtp.conf file

sudo nano ./etc/asterisk/rtp.conf

rtp.conf

set the port number available for rtp. this should be under the [general] section

rtpstart=10000
rtpend=20000

setting port number

Specify the TURN server for media. Search for icesupport=yes and under that add the following

icesupport=yes
stunaddr=stun.relay.metered.ca:80
turnaddr=global.relay.metered.ca:443
turnusername=a7cc1fecf1784345cb9fb734
turnpassword=71iOW24PSSwH5jXC

adding turn server in rtp.conf

save and close

Here is what the sample file looks like

;
; RTP Configuration
;
[general]
;
; RTP start and RTP end configure start and end addresses
;
; Defaults are rtpstart=5000 and rtpend=31000
;
rtpstart=10000
rtpend=20000
;
; Whether to enable or disable UDP checksums on RTP traffic
;
;rtpchecksums=no
;
; The amount of time a DTMF digit with no 'end' marker should be
; allowed to continue (in 'samples', 1/8000 of a second)
;
;dtmftimeout=3000
; rtcpinterval = 5000 	; Milliseconds between rtcp reports
			;(min 500, max 60000, default 5000)
;
; Enable strict RTP protection. This will drop RTP packets that
; do not come from the source of the RTP stream. This option is
; enabled by default.
; strictrtp=yes
;
; Number of packets containing consecutive sequence values needed
; to change the RTP source socket address. This option only comes
; into play while using strictrtp=yes. Consider changing this value
; if rtp packets are dropped from one or both ends after a call is
; connected. This option is set to 4 by default.
; probation=8
;
; Whether to enable or disable ICE support. This option is disabled by default.
; icesupport=true
;
; Hostname or address for the STUN server used when determining the external
; IP address and port an RTP session can be reached at. The port number is
; optional. If omitted the default value of 3478 will be used. This option is
; disabled by default.
;
;
;
;IMPORTANT
stunaddr=stun.relay.metered.ca:80
;
; Hostname or address for the TURN server to be used as a relay. The port
; number is optional. If omitted the default value of 3478 will be used.
; This option is disabled by default.
;
;
;
;IMPORTANT
turnaddr=global.relay.metered.ca:443
;
;IMPORTANT
; Username used to authenticate with TURN relay server.
turnusername=a7cc1fecf1784345cb9fb734
;
;IMPORTANT
; Password used to authenticate with TURN relay server.
turnpassword=71iOW24PSSwH5jXC

rtp.conf

save and close

Step 5 Restart Asterisk

after saving the files restart the asterisk

sudo systemctl restart asterisk

Restart Asterisk

Benefits of Integrating TURN server with Asterisk

In this section we explore the benefits of adding Metered turn server with Asterisk.

  1. Improved NAT traversal: TURN servers relay traffic from one device to another through the server thus bypassing NAT and firewall rules that block direct connections
  2. Enhanced call quality: Because TURN servers relays the connection, various issues such as jitter, latency and packet loss are overcome.
  3. Global Low Latency: With Metered TURN servers you get ultra low latency connections. Metered TURN servers have servers all around the world and hence they ensure at most 50 ms latency from any where around the world
  4. Reliability and Uptime: Metered TURN servers provide 99.999% Uptime reliability. You need this type of uptime if you are running a business. So that the turn servers are always working
  5. Scalability: Metered TURN servers are infinitely scalable thus even if you are an enterpirse the Metered TURN servers are a good fit for you.
  6. Security: All the traffic that transmits through Metered TURN servers is end to end encrypted. So that no one, not even the Metered TURN server corporation has access to any data that is being transmitted through Metered TURN servers

Step by Step Guide to installing Asterisk.

Step 1: Getting essential tools and software

  • Operating system: You need a linux distribution most preferably debian or ubuntu these are known for stability and support
  • VoIP Software: Download the Asterisk from its website
  • Network tools: You will need familiarity with network tools such as iptables and wireshark for network management
  • Development tools: You need familiraity with installtion tools like GCC, make and other tools that are used for compiling nad installing Asterisk

Step 2: Installing Asterisk in your system

In this section we are going to look at installing Asterisk in your system. We are using debian linux for our demonstration purposes.

After installing debian in your computer, follow through the below steps

  1. Update your system: Update and upgrade your linux packages before installing the system
  2. Install dependencies: Install the libraries and dependencies that are required to install Asterisk
  3. Download Asterisk: Download the latest version of Asterisk from its website
  4. Compile Asterisk: Run the script to compile and configure the Asterisk
  5. Install Asterisk: After compilation is done installed the compiled program and its modules on your system
  6. Configure Asterisk: After installation is done edit the config file to add user accounts and set up the basic PBX features.
  7. Start Asterisk: Lastly run the Asterisk service and check the status to see that it is properly running or not

Step 3: Selecting a TURN server provider for Asterisk

Here are some of the considerations when choosing a TURN server for Asterisk

  • Global reach: With servers in all the regions of the world the Metered TURN servers provide low latency transmission of data
  • Reliability: With 99.999% Uptime Metered turn servers come with enterprise reliability. That is 5 nine reliability the absolute best in the industry.
  • Scalability: Metered TURN servers are infinitely scalable and can be scaled as much as needed
  • Security: All the traffic going through Metered turn servers are end to end encrypted so that no one and not even the Metered TURN servers can access the data that is being transmitted through its servers.
  • Cost: Metered comes with cost effective plans that becomes cheaper as you scale.

You can consider reading some of our other articles