Jitsi behind NAT Pair failed rtp data and private IP nets

Hello,
I install without pb jitsi meet on a debian 10 system, following this doc:


Everything seems ok exept that data channels (sound and video) doesn’t work.
I installed it on a private network behind a NAT router. I did forwarded ports TCP 443 and UDP/10000 from the NAT router to the jitsi server private IP .
I also followed doc/quick-install.md#advanced-configuration
resulting in adding in /etc/jitsi/videobridge/sip-communicator.properties
org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=192.168.1.8
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=89.63.243.241

and removed
rg.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443

in logs; I see Pair failed messages as in:# tail -f jvb.log

2020-04-06 10:47:40.912 INFOS: [84] [confId=3ff276c4242e843e gid=ffd2ab stats_id=Myron-JVi conf_name=test1 ufrag=6c4791e57ap01o epId=0ee17bc4 local_ufrag=6c4791e57ap01o] ConnectivityCheckClient$PaceMaker.run#922: Pair failed: 192.168.1.8:10000/udp/host -> 192.168.2.83:54210/udp/host (stream-0ee17bc4.RTP)

192.168.1.8 is my jitsi-meet server (behin NAT router, NATed to 89.63.243.241 public address ) , and 192.168.2.83 is my private IP address on the client side, also Nated to it’s own public IP 78.226.5.105

I don’t understand why jitsi server (192.168.1.8) tries to Pair with the private IP of the remote client !? it cannot work , thay are not on the same network
, NAT_HARVESTER_PUBLIC_ADDRESS doesn’t do the job of rewriting ?

for the second client comming in, it’s also strange it’s private IP is selected for pairing in the server logs:

2020-04-06 10:47:56.011 INFOS: [83] [confId=3ff276c4242e843e gid=ffd2ab stats_id=Bethany-Z4s componentId=1 conf_name=test1 ufrag=dnd921e57apdub name=stream-a2cd096b epId=a2cd096b local_ufrag=dnd921e57apdub] Component.updateRemoteCandidates#440: new Pair added: 192.168.1.8:10000/udp/host -> 192.168.43.176:63060/udp/host (stream-a2cd096b.RTP). Local ufrag dnd921e57apdub

shoudn’t I see the Public IP (NATed) of the 2nd client beeing paired !?

detail package version installed :

root@jitsi-meet:/etc/jitsi/videobridge# dpkg -l jitsi-*
ii jitsi-meet 2.0.4384-1 all WebRTC JavaScript video conferences
ii jitsi-meet-prosody 1.0.3969-1 all Prosody configuration for Jitsi Meet
un jitsi-meet-tokens (aucune description n’est disponible)
ii jitsi-meet-turnserver 1.0.3969-1 all Configures coturn to be used with Jitsi Meet
ii jitsi-meet-web 1.0.3969-1 all WebRTC JavaScript video conferences
ii jitsi-meet-web-config 1.0.3969-1 all Configuration for web serving of Jitsi Meet
un jitsi-videobridge (aucune description n’est disponible)
ii jitsi-videobridge2 2.1-164-gfdce823f-1 all WebRTC compatible Selective Forwarding Unit (SFU)

I reply to myself
I double checked my 10000/UDP forward , removed all packages and reinstall everything as mentionned in :

now RTP traffic seems to pass through and public adresses (whitout setting NAT_HARVESTER_PUBLIC_ADDRESS ! ) are beeing used in “paired” server/client.

unfortunalltly now I am facing a pb about conf that fails after less than 1mn with the message
Unfortunately, something went wrong.
We’re trying to fix this. Reconnecting in x sec…

I am investigating the logs, ut cannot see something relevant ,
do you have an idea where en what to look for ?

Thanks .

I concur. Something is wrong with jitsi behind NAT. I am getting same error:
timeout for pair: 192.168.15.9:11000/udp/host -> client_public_ip:35445/udp/prflx (stream-d41f84a4.RTP), failing.
Seems like it is trying to connect internal 15.9 network to out … instead it should be (I guess):
jitsi_server_public_ip:11000/udp/host -> client_public_ip:35445 ?
So in router I have made dst-nat, where all traffic from jitsi_public_ip:11000 (udp) will be forwarded to internal 192.168.15.9:11000 (udp)

Any Ideas? Otherwise internally all works fine. When I am doing VPN video and audio is back, as now PC can talk with internal IP.

Br,
Ints

I did a brand new install this time with Debian 10. Followed this https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-install.md to the letter and by some miracle jitsi works! Now some fine tuning and we are good to go!

Br,
Ints

Was the quick guide alone sufficient? I’m having similar issues with Ubuntu 18.10; I might try a fresh setup with Debian 10.

Yes. Amazingly all went smoothly! Although Debian is not my taste of Linux, it seems to work better than Ubuntu or I had some other issues back then.

I did installation with Apache web server (in Ubuntu I had Nginx). Used FQDN name in installation, did sign my own certificate because my proxy server has “legit” certificate, so no problems there.
As I mentioned my jitsi server is using proxy and operating behind NAT. Proxy server is also Apache. I guess there were some problems with 10000 UDP traffic, TCP side (web serving) worked with Ubuntu too, but something prevented audio/video UDP packages go through before (not using p2p) …

Br,
Ints

Thanks for the quick response!

I tried repeating my steps with Debian 10.3, and viola it worked :smiley:

I was kinda hoping it would be some complex puzzle to solve given how much time I’ve spent on this, but I’m just happy it works now.

Good to know! Same here - I spent hours and hours trying to tune Ubuntu and router (quite nerve wrecking! :slight_smile:).

Sometimes new fresh install helps … I think there may be some issues with Ubuntu and auto deployment entirely, probably some more tests would be needed to confirm that!