Jitsi behind NAT/Firewall (Proxmox, PfSense) - Jibri Problem

Hello,

I am running Jitsi on my dedicated server inside a VM. It has its own IP and all needed ports are forwarded. When I access the VM via VNC and fire up firefox there, I can join with 3 clients in the session and everyone sees each other.
When I join the conference from outside with 3 clients it works for 2, when the third joins the connection lost signal appears for them.

What I did:
I set the Local&Public IP for the Videobridge
Also set the external IP for coturn

Any idea why it doesnt work?

Thanks.

These are not clear.

  • Is “its own IP” the private IP in local network or a public Internet IP?

  • Which ports are forwarded and how did you test them?

  • How did you set JVB IPs?

1 Like

Hey,

right, a public IP.

The ports mentioned there are forwarded to the machine.

As domain in the JVB Config the domain pointed to the public IP of the server is used.

Run the following commands on the Jitsi server

curl ifconfig.me
host your.jitsi.domain.com
hostname -I

Are the IPs same?

1 Like

With curl ifconfig.me it gives me another public IP, all machines on the server output this IP, the domain outputs me the local ip address (euqal to hostname -I).
When I ping the domain manually, it gives me the public IP I assigned to the server where Jitsi is also running on.

apt-get install dnsutils

dig @8.8.8.8 your.jitsi.domain.com

Is this IP the same as the curl result?

1 Like

No, it is not.
But the Server got two public IPs assigned as it is a virtual machine managed on a dedicated server, we bought extra IPs from the hoster. The server is reachable on the IP which is configured in the domain if you think we configured the domain wrong. If I visit the domain, Jitsi is running on it. There are also the ssl certificates issued by certbot, also worked fine as port 80 and 443 are forwarded to the machine too.

And in all configurations the Domain is used

We hit same situation, where our VM server has two IPs, one is floating IP and public IP.

floating IP in the hosts file (/etc/hosts)

10.xxx.xx.xxx meet.domain.com

and
in /etc/jitsi/videobridge/sip-communicator.properties

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=FLOATING_IP
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=PUBLIC_IP

Floating IP starting with 10.xx…
Public IP starting with 2xx…

You can use @Ashiq_Hassan’s solution to force JVB to use the second public IP (which is reserved for Jitsi). Otherwise the participants try to connect to JVB using the first public IP

But the 10.xx IP in my system is the local IP of each VM

So in /etc/hosts, should I place
2xx.xxxx jitsidomain instead?

JVB must publish the local IP for the local clients and the public IP for the remote clients. So, it’s normal to use the local private IP for NAT_HARVESTER_LOCAL_ADDRESS

as LOCAL_ADDRESS I set 10.xxx now and in /etc/hosts I set “10.xx jitsidomain” too now, no success.

If it doesn’t work even though the HARVESTER lines are correctly set in /etc/jitsi/videobridge/sip-communicator.properties then probably there is another issue related with UDP/10000 forwarding too

Can I check that in any way if there is an issue with port 10000?

It just gives back an “ok”, no “it-is-accessible”, means it is configured wrong right?

Indeed it was a port 10000 issue, thank you!

But the problems are stacking. Now I got the problem that Jibri doesnt catch any Audio/video. I checked the logs, no error messages. When I go into the session with 3 tabs I can see myself from all tabs, so the vb is working.

Any ideas? :frowning:

Check the following topic for most common jibri issues