this is a brutally honest and maybe simple question, but: how does a Jitsi-setup work without using a TURN server? I’ve tried some other open source solutions and none of them worked without setting up a turn server. Needing a turn server for clients trying to connect behind a NAT firewall (what actually every client not using a mobile connection these days is) is absolutely reasonable for me but: how / why does Jitsi work without? Where is the magic I don’t see?
Thank you so much
TURN server is not for the server side. It’s needed for the client side who is behind a restricted firewall.
The key point is not “to be behind a NAT”. The problem occurs when the client is behind “a restricted NAT”. That kind of NAT prevents their users to connect to some ports. For example if a client is behind a corporate firewall, most probably she is not allowed to connect to
UDP/10000 whose jitsi is needed and she cannot connect to the meeting if there is no TURN server between the client and the Jitsi server
Thank you for clarification! I do get this, but: e.g. my BBB setup worked for noone using a nat router. I needed to setup a TURN server before anyone was able to connect. I thought the reason was that UDP can’t be routed the way TCP is since there is no established connection but rather just some packages sent and the router does not know where they need to go.
But how does Jitsi work in these scenarios?
A turn server in the ICE terminology is relay server and is used when a connection cannot be established between two peers, normally these are some restricted firewalls. Most of the cases STUN is able to open two way connection and p2p is possible even between to NATed participants.
This is for p2p, when it comes to the conference mode, when there are more than 2 participants we use the videobridge which is also a relay server. So when there are 3 or more participants you always use a relay which is jvb. Everyone sends to jvb and jvb makes smart decisions and knows what to forward and forwards it to the clients.
There is one more case when turn is needed when jvb is used, when the network of the client allows only tcp or only port 443, then clients can connect to the jvb using a turnserver as a relay sending TCP which is then send as udp to the bridge, by the turnserver.
I have no idea how BBB works to be able to say why it needs turn