Internet and Intranet config


We’re trying to configure jitsi to work with both internet and intranet users. So far only internet works.
Jitsi is “stable-5142” docker image running in k8s cluster.

The scheme of how critical components are deployed is below.

And here’s the problem.

With current configuration INTERNET users can use jitsi just fine. INTRANET users, on the other hand, cannot. Looking at UDP dump I can say that INTRANET clients try to establish connection to JVB using either NAT IP (firewalled) or JBV K8S pod IP; both fail obviously.

We also have DNS servers in INTRANET and INTERNET, which point to Load Balancer IPs or NAT IPs respectively.

Critical sections of configs/envs are below.


            - name: JVB_STUN_SERVERS
              value: STUN_DN:3478
            - name: LOCAL_ADDRESS
              value: LOAD_BALANCER_JVB_IP
            - name: DOCKER_HOST_ADDRESS
              value: NAT_JVB_IP

WEB config.js

useStunTurn: true,
stunServers: [
      { urls: "stun:STUN_DN:3478" },
      { urls: "turn:STUN_DN:3478"},

Prosody jitsi-meet.cfg.lua

turncredentials = {
      { type = "stun", host = "STUN_DN", port = "3478", transport = "udp" },
      { type = "turn", host = "STUN_DN", port = "3478", transport = "udp" }

What are you implying? This is not a question of scalability.