How can I have Jitsi recognize my WAP (and not VPN) for UDP 10000?

Hi all,

I had Jitsi(via docker container) running on a simple Netgear router. Recently, I switched to pfSense and routed my internet traffic going through a VPN. Unfortunately, now my Jitsi(UDP 10000) traffic is attempting to go though my VPN address and not my actual WAN. Is there a way to set a static IP/dyndns address and disable the STUN server if possible? or is there a port I should open for the STUN server?

Thanks

It’s not documented but you can use org.ice4j.ice.harvest.BLOCKED_ADDRESSES in sip-communicator.properties to block your VPN address. It takes a comma-separated list of IP addresses of local interfaces to exclude from ICE candidates. I don’t think there’s a jvb.conf new-style config equivalent.

You can also disable the STUN harvester: ice4j.harvest.mapping.stun.enabled = false in jvb.conf and set a static mapping (but I think the VPN will still be advertised as a candidate if you only do this).

If your VPN has a private address then just setting videobridge.ice.advertise-private-candidates to false could also be enough.

3 Likes

Thanks for the suggestions.

I made the changes to the org.ice4j.ice.harvest.BLOCKED_ADDRESSES in sip-communicator.properties file, but my my commercial(non-private) VPN IP address still shows. I will keep chugging away at this.