My company is evaluating jitsi with meet.jit.si server, but we have a problem that our corporate network is blocking port 1000, to STUN server. They are asking us for FQDN so they can open the port, but they do not want to open it or all. STUN does not have FQDN, right? It is just an IP on the oracle cloud…
This is our TURN server: meet-jit-si-turnrelay.jitsi.net:443 note the IP addresses behind it might change, so they’d need to keep that mapping up to date.
It did not help. When we opened the firewall for entire oracle cloud IP range (130.61.x.x ) for port 10000, coming from IPs from two test devices, it worked. I got to this IP range from pcap of the traffic. This FQDN did not. Also, its IP and DNS record point to IP in different range, that is on aws, not oracle cloud.
I find the whole thing very strange, what gets messed up is p2p traffic between two local IPs, both machines connected to the same HUB via ethernet cable. If we open that IP range to the outside, it stops blocking this traffic internaly. Error, when it happens, is “ICMP, destination unreachable, port unreachable” error.
It looks like this (replaced real IPs with device_1_ip and device_2_ip):
Did not, how? Did you see connection attempts? Did you open port 443 UDP? Yes it’s on AWS, it’s still part of our infrastructure.
Yes, I have seen some traffic to it, but very little. Most is p2p between two devices. After that to 130.61.x.x, and little bit to AWS.
I re-ran the tests:
UDP 10000 open on 130.61.0.0-130.61.255.255 - everything works fine and is stable.
UDP ports 10000 and 443 open on meet.jit.si and meet-jit-si-turnrelay.jitsi.net, but closed on 130.61.x.x, we get disconnects from the conference several times a minute.
Tx