Differences between revisions 1 and 11 (spanning 10 versions)
Revision 1 as of 2014-01-17 08:00:21
Size: 939
Editor: DanielPocock
Comment:
Revision 11 as of 2014-01-18 08:08:04
Size: 5103
Editor: DanielPocock
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
Line 4: Line 3:
 * To start quickly, just skip below to the client configuration links
Line 7: Line 7:
 * The following services are NOT available yet but are being planned or under consideration
  * XMPP/Jabber server
  * Audio and/or video conference software
   * [[http://packages.debian.org/reconserver|see the reConServer package]]
   * [[https://jitsi.org/videobridge|Jitsi video bridge]] is also cool
Line 8: Line 13:
  * Do not use the same password that you use for any other Debian service. For example, you may want to cache the RTC password in a mobile device where there is a risk that it will be compromised.   * Do not use the same password that you use for any other Debian service. For example, you may want to cache the RTC password in a mobile device where there is a risk that it will be compromised, exposing the password.
Line 16: Line 21:
 * If you are lucky, your client software uses DNS NAPTR and SRV lookups to find the TURN and SIP servers, if not, you can hardcode the following values into your configuration:
  * SIP server: please use a client that finds it using SRV lookups
   * if really necessary, use the value ''vogler.debian.org'' and TLS, port 5061
   /!\ Don't do that. We don't want to couple service names with hosts names! -- zobel
  * TURN server: ''turn.debian.org'' (UDP port 3478)
  * SIP over WebSocket: ''sip-ws.debian.org'' (HTTP port 443)

== Contact and support ==

 * For general questions about individual softphones, please contact the maintainers or upstream mailing lists
 * For general discussion about how to best use SIP as a tool to achieve the wider objectives of the Debian Project, please use ''debian-devel''
 * For specific faults with the service, please contact the [[Teams/DSA|Debian System Administration (DSA)]] team

== NAT traversal ==

 * NAT and firewalls have traditionally been a problem for free RTC software
 * For SIP itself, we only use TLS
  * This is a stream connection that is more likely to get through NAT than UDP
  * It can also potentially be tunnelled through proxies using the HTTP CONNECT method (port 443)
  * Some routers try to mangle SIP packets to help them through NAT, in practice this sometimes makes the problem worse
  * By using TLS, we ensure that no intermediate device will tamper with the packets, we aim to use industry standard ICE and TURN
 * The modern approach to this problem is the use of Internet Connectivity Establishment (ICE) and, as a last resort, relaying traffic through a TURN server
 * Not all SIP clients support TURN
  * Jitsi only supports TURN with Jabber, the SIP-TURN support is coming
  * Empathy only supports TURN through Google's proprietary TURN servers, but the TURN code could use any TURN server if configuration options were available. There is a bug report for this.
  * Only one end of the connection needs a TURN server for it to work though, as long as both support ICE.
 * The [[https://rtc.debian.org|rtc.debian.org]] WebRTC service is based on [[http://jscommunicator.org|JSCommunicator]]. It supports both ICE and TURN and is pre-configured for Debian's TURN servers. Although the UI is very basic, there is a high probability that it can get through NAT in situations where the other SIP clients currently struggle.

== WebRTC status ==

Note:

 * WebRTC users can only interact with other WebRTC users
 * Jitsi and Lumicall users can interact with each other but not with WebRTC users (yet)


== Instructions for various client programs ==

=== Jitsi configuration ===

 * Jitsi is one of the most extensive open source communications tools
 * See the [[UnifiedCommunications/DebianDevelopers/UserGuide/Jitsi|Jitsi screenshots]] for full details

=== Empathy ===

 * Empathy is the default communications client in the Gnome desktop
 * See the [[UnifiedCommunications/DebianDevelopers/UserGuide/Empathy|Empathy screenshots]] for full details

=== Lumicall ===

 * [[http://www.lumicall.org|Lumicall]] is an open source mobile SIP client for Android.
 * See the [[UnifiedCommunications/DebianDevelopers/UserGuide/Lumicall|Lumicall configuration page]] for full details

=== JSCommunicator ===

 * [[http://jscommunicator.org|JSCommunicator]] is a browser-based WebRTC softphone using HTML5/JavaScript. It requires a modern browser.
 * A live demo customised for the Debian community is at [[https://rtc.debian.org|rtc.debian.org]]
 * See the [[UnifiedCommunications/DebianDevelopers/UserGuide/JSCommunicator|JSCommunicator configuration page]] for full details about how to put it in your own blog or web site

Key details

  • To start quickly, just skip below to the client configuration links
  • Debian Developers have access to the following services

    • SIP Proxy
    • TURN server
  • The following services are NOT available yet but are being planned or under consideration
  • You must create a real-time communications (RTC) password in the LDAP system

    • Do not use the same password that you use for any other Debian service. For example, you may want to cache the RTC password in a mobile device where there is a risk that it will be compromised, exposing the password.
    • Wait 30 minutes for the password to become active.
  • Your debian.org email address is also your SIP address

  • Your SIP software may try to use the user-part of the SIP address for authentication. It will not work.
    • In your SIP settings, look for an authentication username or auth user field. It is often blank by default.

    • Put your full SIP address, e.g. pocock@debian.org in this field

  • The same credentials are used for TURN
  • If you are lucky, your client software uses DNS NAPTR and SRV lookups to find the TURN and SIP servers, if not, you can hardcode the following values into your configuration:
    • SIP server: please use a client that finds it using SRV lookups
      • if really necessary, use the value vogler.debian.org and TLS, port 5061 /!\ Don't do that. We don't want to couple service names with hosts names! -- zobel

    • TURN server: turn.debian.org (UDP port 3478)

    • SIP over ?WebSocket: sip-ws.debian.org (HTTP port 443)

Contact and support

  • For general questions about individual softphones, please contact the maintainers or upstream mailing lists
  • For general discussion about how to best use SIP as a tool to achieve the wider objectives of the Debian Project, please use debian-devel

  • For specific faults with the service, please contact the Debian System Administration (DSA) team

NAT traversal

  • NAT and firewalls have traditionally been a problem for free RTC software
  • For SIP itself, we only use TLS
    • This is a stream connection that is more likely to get through NAT than UDP
    • It can also potentially be tunnelled through proxies using the HTTP CONNECT method (port 443)
    • Some routers try to mangle SIP packets to help them through NAT, in practice this sometimes makes the problem worse
    • By using TLS, we ensure that no intermediate device will tamper with the packets, we aim to use industry standard ICE and TURN
  • The modern approach to this problem is the use of Internet Connectivity Establishment (ICE) and, as a last resort, relaying traffic through a TURN server
  • Not all SIP clients support TURN
    • Jitsi only supports TURN with Jabber, the SIP-TURN support is coming
    • Empathy only supports TURN through Google's proprietary TURN servers, but the TURN code could use any TURN server if configuration options were available. There is a bug report for this.
    • Only one end of the connection needs a TURN server for it to work though, as long as both support ICE.
  • The rtc.debian.org WebRTC service is based on JSCommunicator. It supports both ICE and TURN and is pre-configured for Debian's TURN servers. Although the UI is very basic, there is a high probability that it can get through NAT in situations where the other SIP clients currently struggle.

WebRTC status

Note:

  • WebRTC users can only interact with other WebRTC users
  • Jitsi and Lumicall users can interact with each other but not with WebRTC users (yet)

Instructions for various client programs

Jitsi configuration

  • Jitsi is one of the most extensive open source communications tools
  • See the Jitsi screenshots for full details

Empathy

  • Empathy is the default communications client in the Gnome desktop
  • See the ?Empathy screenshots for full details

Lumicall

JSCommunicator