Another issue about more than 2 peoples

Im trying to install Jisti meet under a DMZ(!) NAT routers infrastructure.

Under Chrome (Firefox failed), if there have 3 particpants, video become black, no audio.

VideoBrigde cant foward anthing, into the log file :

(…)
JVB 2020-05-01 18:34:50.413 INFOS: [134] org.ice4j.ice.Component.log() Update remote candidate for stream.RTP: 192.168.0.20:50697/udp
JVB 2020-05-01 18:34:50.414 INFOS: [134] org.ice4j.ice.Component.log() Not adding duplicate remote candidate: 192.168.0.20:50697/udp
JVB 2020-05-01 18:34:50.414 INFOS: [134] org.ice4j.ice.Component.log() Update remote candidate for stream.RTP: 192.168.0.20:9/tcp
JVB 2020-05-01 18:34:50.414 INFOS: [134] org.ice4j.ice.Component.log() Not adding duplicate remote candidate: 192.168.0.20:9/tcp
JVB 2020-05-01 18:34:50.418 PRÉCIS: [134] org.jitsi.videobridge.xmpp.ComponentImpl.processIQ() (serving component ‘JitsiVideobridge’) Respond$
JVB 2020-05-01 18:34:50.429 INFOS: [198] org.ice4j.ice.ConnectivityCheckClient.log() Pair failed: 192.168.0.144:10000/udp/host -> 192.168.0.2$
JVB 2020-05-01 18:34:50.450 INFOS: [198] org.ice4j.ice.ConnectivityCheckClient.log() Pair failed: 192.168.0.144:4443/tcp/host -> 192.168.0.20$
(…)
JVB 2020-05-01 18:34:51.820 INFOS: [19] org.jitsi.videobridge.Videobridge.log() CAT=stat create_conf,conf_id=1a4282c0bac03d79 conf_name=null, JVB 2020-05-01 18:34:51.831 INFOS: [19] org.jitsi.videobridge.health.Health.log() Performed a successful health check in 11ms. Sticky failure

Under a VM, in dev, with the same environement installed in the working server : all access are founds, Firefox and Chrome working both, with more than 2 participants (like in : meet.jit.si)

In the working server, i suppose thats routers/Firewall blocks all traffics when VideoBrige comes ?

But i open all NAT ports (DMZ), i confugure my iptables, and here is the results on the working Ubuntu 16.04 server :

Image1

And there on the VM :

Image2

My videobrige config with LOCAL and PUBLIC IP :

Image3

I use Lets Encrypt certs files, maybe Lua don’t want accept them ?

Now its really frustrating, three weeks of tests, reinstall… what’s i missed ?

Just i dream about a Jisty Diagnotics netTool …

What install guide did you follow ? I have your same exact setup and just followed QuickInstall instructions.

Please also include OS and version when asking such questions.

Quick Install, a lots of times, i ve read more than 74 topics, 690 posts in community forum, since more than 20 days.
Ubuntu 16.04 LTS.
Thanks for help.
Best.

I don’t see anything obvious that is wrong. Is there any specific reason to keep using Ubuntu 16.04 LTS (other than reaching EOL only next year) ?

In your place I’d try to comment out everything under org.ice4j.ice.* that is not directly linked to the necessary bits to use behind NAT, that is, the NAT_HARVESTER_LOCAL_ADDRESS and NAT_HARVESTER_PUBLIC_ADDRESS
then restart. Keep of course the org.jitsi.videobridge.* generated by the Jitsi install.

Sharing my experience from a very restrictive LAN network.

Below a working JTSI server with three people (and more) under a NAT router,

  • Ubuntu Server 16.04 (yes, still works fine),
  • external letsencypt domain (my own cert and key files),
  • Apache 2.4,
  • last jitsi-meet_2.0.5142-1_all.deb (14-Oct-2020 16:26).

1/ First, make a clean full install - steps by steps - from handbook :

2/ Testing ports forwarding :

  • You needs to stop JVB2 :

sudo service jitsi-videobridge2 stop

  • You need a client to sending packets (from another computer or a VM, for exemple).
  • You need your working JITSI server to receive testing packets.

Testing your 4443 TCP port and 10000 UDP port.
Or, your external TCP/UDP opened ports in your LAN network.
In my server LAN, we can only have these TCP/UDP externals ports opened :
80, 443, 21, 22, 9050 to 9080 (9050:9080)

So, i change for JITSI :

  • 10000 udp port to 9050
  • 4443 tcp port to 9051

Take a while for reading the BBB manual and testing your opened ports with “netcat” commnand tool.
Read carrefuly BBB handbook and change the correct port if needed (jitsi default 4443TCP and 10000/UDP) :

UNDER JITSI SERVER YOU MUST RECEIVE MESSAGE FROM CLIENT

3/ Updating your firewall rules

So i need to open 9050 UDP and 9051 TCP ports.
Change the ports numbers if they are opened from the netcat previous step :

sudo ufw allow 9050/udp
sudo ufw allow 9051/tcp

4/ Append in :
/etc/jitsi/videobridge/sip-communicator.properties

#open UDP port identified by netnat :
org.jitsi.videobridge.TCP_HARVESTER_PORT=9050
#open TCP port identified by netnat :
org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=9051
#Optional :
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true

#internal IP V4 inet adress from command : ifconfig
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=xxx.xxx.xxx.xxx
#Your external IP over the WAN, the same in : /etc/hosts
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=xxx.xxx.xxx.xxx

Comment the line -> STUN (turn server is not needed) :

#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443

5/ Restart JVB2 :

sudo service jitsi-videobridge2 start

Testing from Web client …

1 Like