I have a general question regarding connectivity.
We work inside our LAN without direct internet connection. Everything regarding internet have to use a proxy server which is allowed to connect to the internet.
The proxy can proxy HTTP/80 and CONNECT/443 (TLS/HTTPS or any other connection using the CONNECT method).
And we have a DMZ. Inside this, all servers dont have the permission to talk directly to the internet. Again a proxy is used for this. DMZ has a own private IP subnet. So between DMZ and internet NAT is applied.
So - now we installed Jitsi. I learned, that Jitsi uses Port 80/443 for the jitsi-meet webinterface. JVB uses TCP/4443 and UDP/10000. I also learned, that UDP/10000 is preferred, because it actual is a UDP connection (less CPU usage).
We opened a direct port UDP/1000 from LAN -> DMZ and Internet -> DMZ. So we are able to use Jitsi from inside AND with external users together.
So far so good.
Now we got a mail from an external contact, behind a corporate firewall. Their FW does not allow direct internet connection, such as ours. It is not proxy-able, because it is UDP.
Now I searched for the real problem and a possible solution. I want to ask, if I undersood it the right way:
- We split jitsi-meet and JVB, so they are 2 seperate servers. Jitsi-Meet is accessible via meet.out-tld:443 over HTTPS. JVB will then be accessible via jvb.our.tld:443. So almost everything should be able to access the Meeting without any special ports need to be open.
- We use a TURN server, which is accessible over turn.our.tld:443 (TLS) and which is used by our JVB. As I have learned, TURN would act as a relay, so the Video is transferred via TURN and not directly between the two participants, right?