[jitsi-dev] Documentation question: Firewall


#1

When you run Jitsi for the first time on Windows 7, you'll get an alert from Windows Firewall.

It asks whether to allow Jitsi to communicate on
"Private networks, such as my home or work network" [checked by default]
"Public networks, such as those in airports and coffee shops (not recommended because these networks often have little or no security)." [unchecked by default]

What would be your advice and recommendations to first-time users at this point? I'm interested in technical explanations also (such as why you get this warning for Jitsi, but not web browsers or most other IM software).

David


#2

Hey

When you run Jitsi for the first time on Windows 7, you'll get an alert
from Windows Firewall.

It asks whether to allow Jitsi to communicate on
"Private networks, such as my home or work network" [checked by default]
"Public networks, such as those in airports and coffee shops (not
recommended because these networks often have little or no security)."
[unchecked by default]

What would be your advice and recommendations to first-time users at
this point? I'm interested in technical explanations also (such as why
you get this warning for Jitsi, but not web browsers or most other IM
software).

It depends on the use-case:
- The average user simply connecting to an IM or VoIP server can actually
click cancel, thereby denying the rules. Calls still work with the ports
closed as NAT and Firewall traversal techniques are applied.
- Someone who wants to use registrarless SIP accounts needs to open the
ports, so that two clients can directly communicate with each other (as
there is no server involved that could help with NAT/Firewall traversal).

The dialog is currently triggered even without an account to determine the
routing of some addresses. It would be possible to silence it at this point,
but later on the various protocols also start to listen (to receive the
audio/video streams for example). I therefore think it's better to ask at
the very beginning in order not to confuse people later on.

Other clients are probably silent because they either don't support
audio/video or automatically make an entry in the firewall rules during
their setup.

Maybe someone else has some further details...

David

Ingo


#3

The phrase "registrarless SIP accounts" appears to be coined by the Jitsi community (all but one reference on the web seems to refer to Jitsi). Could you walk me through what this is? Does it basically mean that you don't need to sign up for an account with any server, you just need to know the IP address of the person you are communicating with (I'm guessing at this point)?

From a user perspective why might they want to use "registrarless SIP accounts"? Is peer-to-peer communication limited to "registrarless SIP accounts" or does this also happen over VoIP?

I apologize in advance for my newness with SIP and XMPP terminology.

David

···

On 1/10/2013 7:46 AM, Ingo Bauersachs wrote:

It depends on the use-case:
- The average user simply connecting to an IM or VoIP server can actually
click cancel, thereby denying the rules. Calls still work with the ports
closed as NAT and Firewall traversal techniques are applied.
- Someone who wants to use registrarless SIP accounts needs to open the
ports, so that two clients can directly communicate with each other (as
there is no server involved that could help with NAT/Firewall traversal).


#4

It depends on the use-case:
- The average user simply connecting to an IM or VoIP server can actually
click cancel, thereby denying the rules. Calls still work with the ports
closed as NAT and Firewall traversal techniques are applied.
- Someone who wants to use registrarless SIP accounts needs to open the
ports, so that two clients can directly communicate with each other (as
there is no server involved that could help with NAT/Firewall traversal).

The phrase "registrarless SIP accounts" appears to be coined by the
Jitsi community (all but one reference on the web seems to refer to
Jitsi). Could you walk me through what this is? Does it basically mean
that you don't need to sign up for an account with any server, you just
need to know the IP address of the person you are communicating with
(I'm guessing at this point)?

From a user perspective why might they want to use "registrarless SIP
accounts"? Is peer-to-peer communication limited to "registrarless SIP
accounts" or does this also happen over VoIP?

SIP IS a voip protocol. It supports audio, video and text messaging (the
latter is more like an afterthought).
Jitsi, beside these, offers screen sharing too via SIP.

Registrarless SIP accounts means that Jitsi acts both as a basic server
and client. It listens for connections from outside on the standard SIP
port 5060 (default, can be changed).

To communicate via registrarless accounts, one needs:
-the port used for listening to be open in the firewall of the "server"
computer and, if a connection is done via the internet and the
communication passes through a router, the listening port must be
forwarded from the WAN(internet) interface to the "server" computer.
-the "client" to know the ip address/dns name of the "server" computer
(or the reap ip of the router which has the forwardedport)
-the client to know (this might not be a requirement) the account name
of the registrarless account from the "server"
-both sides need to have at least 1 common audio and video codec enabled.

Basically, the setup is like this:

A creates a regitrarless account named accounta, has the ip address
192.168.0.10
B creates a regisstrarless account named accountb 192.168.0.11

A wants to call B -> opens Jitsi and types in the text box
"accountb@192.168.0.10", then presses the green call button, selects the
registrarless account from the list.
or, even better
adds the B's account to the contact list, clicks on it then selects
the initial call method (audio, video, screen sharing etc).
Cameras/screen sharing can be activated runtime.

Notes:
For best feature (encryption, text messaging etc) and codec
compatibility, both parties should use Jitsi.
Although
-This setup in theory should work with audio/video calls with other SIP
clients that support registrarless calls, on the condition that both
clients to have the same audio/video codecs.
-Features such as zrtp may work with other SIP clients that support this
feature.
-Screen sharing is a Jitsi specific feature although if one of the peers
use Jitsi and the other some another SIP client, the Jitsi client can
share its screen to the other, but not viceversa. The remote control
feature (now disabled it seems) will work only if both peers use Jitsi.

···

On 01/11/2013 09:55 AM, David Bolton wrote:

On 1/10/2013 7:46 AM, Ingo Bauersachs wrote:

I apologize in advance for my newness with SIP and XMPP terminology.

David

--
O zi buna,

Kertesz Laszlo