Configure pfSense (opnSense) to publish Jitsi[solved]

Hi there,
I sent some time to fix all issues what I had during that setup.

what you need:
dedicated public IP address for your Jitsi (port 80,443TCP and if you use UDP range required)
** My thought TCP transport sufficient and more firewall friendly (no delay), and kill p2p.
registered domain name
finalized ACME (letsencrypt) setup, installed certificate

on pfSense
HTTPS
Create NAT rule:#1
Redirect Entry:
Interface: WAN
Protocol: TCP (TCP/UDP if you use)
Destination: your public IP
Dest port range: HTTPS
Redirect target IP. your Jtisi internal IP on your private network
Redirect target port: HTTPS
Nat reflection: Pure NAT

HTTP
Create NAT rule:#2
Redirect Entry:
Interface: WAN
Protocol: TCP (TCP/UDP if you use)
Destination: your public IP
Dest port range: HTTP
Redirect target IP. your Jtisi internal IP on your private network
Redirect target port: HTTP
Nat reflection: Pure NAT

NAT setting on Jitsi (videoridge)
edit: /etc/jitsi/videobridge/sip-communicator.properties
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<xxx.xxx.xxx.xxx your private IP address here>
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<xxx.xxx.xxx.xxx your public IP address here>
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=stun.l.google.com:19302 ,stun1.l.google.com:19302 ,stun2.l.google.com:19302

Finally restart jitsi-videobridge and Jicofo in this order
service jitsi-videobridge restart
service jicofo restart

In addition if you facing some “nat setting not applied properly” issue pe black screen and no audio after restarting your server, it will do the magic.

You can add these restart commads creating a delayed script and add as sudo startup script.
FYI: https://unix.stackexchange.com/questions/439592/automatic-sudo-permissions-for-startup-script

Have fun

Sorry but this did not work for me. :frowning:

I have a slightly different setup. I use jitsi on kubernetes behind a NAT pfsense, after a long work everything works.