WSS Transport
NethVoice on NethServer 8 supports WebSocket Secure (WSS) transport for extensions. Each NethVoice instance exposes a specific WSS port dedicated to WebSocket connections.
This configuration relies on direct connectivity and does not work behind NAT. Ensure that NethVoice has direct network visibility to the client endpoints.
Service Configuration
The WSS port assigned to the specific NethVoice instance is dynamically defined.
- Variable:
ASTERISK_WSS_PORT - Location: Within the module's environment variables.
Clients connecting to NethVoice via WebRTC or other WebSocket-based protocols must target this specific port.
Extension Setup
To use WSS, the extension must be configured within the Advanced Interface (FreePBX).
Prerequisites
- Create a new Custom Device or modify an existing one.
- Access the Advanced Interface.
Transport Settings
Modify the Advanced settings of the extension with the following parameters to enable secure WebSocket transport:
- Outbound Proxy: Remove proxy configurations for this specific extension.
- Transport: Set to
0.0.0.0-wss. - Enable AVPF: Set to
Yes. - Enable ICE Support: Set to
Yes. - Enable rtcp Mux: Set to
Yes. - Media Encryption: Set to
DTLS. - Enable WebRTC Defaults: Enable this setting to apply standard WebRTC optimizations.
Client Configuration
Configure your client with the following settings. Ensure that the client device has network access to the NethVoice instance.
| Parameter | Value / Instruction |
|---|---|
| SIP Server / Domain | The FQDN of your NethVoice instance. |
| SIP Proxy | (Leave empty). |
| Transport Protocol | WSS (Secure WebSocket). |
| Port | The value of ASTERISK_WSS_PORT (check the module's environment variables). |
| Path | /ws (Default WebSocket path for Asterisk). |
| Username / Extension | The extension number (e.g., 1001). |
| Password / Secret | The extension's secret defined in FreePBX. |
| Media Encryption | DTLS (Mandatory for WebRTC/WSS). |
| AVPF | Enabled / Yes. |
| ICE Support | Enabled / Yes. |
WSS requires a valid SSL certificate. If using a self-signed certificate, the client device (or browser) must explicitly trust the Certificate Authority (CA) before the connection can be established.