Jibri and videobridge both behind NAT

Hi,
I have a videobridge and a jibri instance on separate VMs behind NAT, videobridge announces external IP with

org.jitsi.videobridge.TCP_HARVESTER_PORT={{ served_domains[item].jvb_port }}
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS={{ ansible_default_ipv4['address'] }}
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS={{ served_domains[item].vbr_ip }}

so I have a situation that jibri cannot access videobridge

  • turns is not working anymore (I use latest git of js-front), iceServers: is always empty no matter what I do;
  • videobridge’s external ip is not reachable from LAN;

How do I tell jibri to look for the videobridge on a local ip?

Could you try to enabling org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES and setting the local IP for org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS?

And adding the videobridge address to /etc/hosts on the Jibri VM…

I have jitsi’s fqdn in /etc/hosts on jibri VM,

enabling org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES as a third-party service is not on the table for now

I tested the same situation, it works without any issue.

  • JMS and Jibri on the same local network
  • External IP for NAT_HARVESTER_PUBLIC_ADDRESS
  • STURN disabled

emrah,

turn filtering in js-front is fixed, https://github.com/jitsi/lib-jitsi-meet/commit/62f0bba807c3799c4f75ee4403f78079511b56c5

tried setting
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
peers from internet cannot connect to videobridge

Is public address in your network reachable from local addresses?

No, it’s not reachable. I deleted the gateway of Jibri too. When I ping the public IP from Jibri, I get Network is unreachable

There is no turn server in my setup as a difference.

Are you sure jibri is not kicked in a while as it cannot connect to the videobridge?
In my network if I disable public address announcement, jibri is working fine, but no external client can join, so I test with local clients.
If I allow public address announcement, external clients can connect, and jibri recorder also starts well, but in a minute it gets kicked.

I have recorded a 10 min video, no problem…

In my setup (GCE), I just put the simple hostname (not fqdn) of jitsi host in xmpp_server_hosts in Jibri’s config.json.

This works because GCE has an internal DNS which maps simple hostnames to private IP addresses, but it should work the same for you if you add such info (simple hostnames and private addresses) to /etc/hosts where appropriate.

I don’t understand what you are trying to say, but thank you anyway )

My test case looks like this:
I start JVB w/o specific ip options, I get local address announced, my test clients connect from inside directly and from outside via turn, I start recording, then I stop recording and watch the mp4 file. It has video and audio inside.

I restart JVB, having changed ip options, I get global address announced, my test clients cannot connect from inside, and from outside they connect directly, I start recording, in a short time recording stops with error, and I watch the mp4 file. It has no video and no audio inside, only empty client boxes, then I see recorder drops from conference.

Pretty clear where the problem is.

Ok, the issue is: Why do you tell jibri to connect to jitsi using external IP when you can tell it to do it using local (LAN) IP and presumably have them to communicate at each other no matter what?

they do always connect locally fine as I have set up jitsi’s local ip address in jibri config. the problem comes when recorder is looking for the videobridge.
that’s what I am asking: how to tell jibri the local address of the videobridge if it only announces global ip, which is unreachable from LAN. Also jibri does not even try to reach videobridge via turn, although clients receive array of turn credentials and use turns to reach the videobridge if its ports are unreachable

where did I say that? I do not.

Sorry, maybe I misunderstood what you said here:

I understood that the fqdn of jitsi machine in DNS points to the public IP of the instance, the one which is on the Internet, not to the local (LAN) IP.

it is, and to make jibri’s work possible at all I (just in case) used /etc/hosts on jibri VM to point to jitsi/jvb local ip, so in my case I make mo changes to the system, but comment or uncomment these two lines:

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS={{ ansible_default_ipv4['address'] }}
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS={{ served_domains[item].vbr_ip }}