[jitsi-dev] Jitmeet ports and corporate firewalls - grrr


#1

Hi,

I've asked this before but I'll ask again.
Has anyone had success with Jitmeet when clients are connecting behind
restrictive corporate firewalls (usually symmetric)?

In my experience the signalling gets through ok, so we can chat, but no
audio/video goes through.

Even with a turn server, the fw still has to let UDP packets through to the
10000-20000 port range which, in my experience, is highly unlikely.

I know skype is very aggressive at busting through NATs and FWs, but how
can we apply its "lessons" to webRTC? Is the only realistic solution to
"force" admins to open up 10000 udp ports or install a VPN?

I'm sure I'm not the only one having this issue, so I'd love to hear tips
and experiences from others.

Thanks,

Peter


#2

Hi Peter,

···

--------------------------------------------------------
From: Peter Villeneuve <petervnv1@gmail.com>
Sent: Thu, 10 Apr 2014 17:55:49 +0100
To: Jitsi Developers <dev@jitsi.org>
Subject: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr

Hi,

I've asked this before but I'll ask again.
Has anyone had success with Jitmeet when clients are connecting behind
restrictive corporate firewalls (usually symmetric)?

You may not get a reply because perhaps no one else has experience with
corporate firewalls + jitmeet.

In my experience the signalling gets through ok, so we can chat, but no
audio/video goes through.

Have you considered setting up wireshark to see where the traffic dies and
then make adjustment to your firewall based on your results?

Even with a turn server, the fw still has to let UDP packets through to the
10000-20000 port range which, in my experience, is highly unlikely.

I know skype is very aggressive at busting through NATs and FWs, but how
can we apply its "lessons" to webRTC? Is the only realistic solution to
"force" admins to open up 10000 udp ports or install a VPN?

I'm sure I'm not the only one having this issue, so I'd love to hear tips
and experiences from others.

Thanks,

Peter


#3

Hi JB,

I understand Jitmeet is still very new. I'm not complaining at all, just
hoping to start a discussion on an issue that affects webRTC in general,
not just Jitmeet.

The problem with wireshark is that I can't go around sniffing inside remote
corporate LANs. The problem doesn't lie server side, but with clients
connecting from behind restrictive corporate firewalls.
I've tried asking the admins to open up udp 10000-20000 and they look at me
as if I'm nuts. Perhaps I am :wink:

Cheers

···

On Thu, Apr 10, 2014 at 6:00 PM, Jungle Boogie <jungleboogie0@gmail.com>wrote:

Hi Peter,

--------------------------------------------------------
From: Peter Villeneuve <petervnv1@gmail.com>
Sent: Thu, 10 Apr 2014 17:55:49 +0100
To: Jitsi Developers <dev@jitsi.org>
Subject: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
> Hi,
>
> I've asked this before but I'll ask again.
> Has anyone had success with Jitmeet when clients are connecting behind
> restrictive corporate firewalls (usually symmetric)?

You may not get a reply because perhaps no one else has experience with
corporate firewalls + jitmeet.

>
> In my experience the signalling gets through ok, so we can chat, but no
> audio/video goes through.
>

Have you considered setting up wireshark to see where the traffic dies and
then make adjustment to your firewall based on your results?

> Even with a turn server, the fw still has to let UDP packets through to
the
> 10000-20000 port range which, in my experience, is highly unlikely.
>
> I know skype is very aggressive at busting through NATs and FWs, but how
> can we apply its "lessons" to webRTC? Is the only realistic solution to
> "force" admins to open up 10000 udp ports or install a VPN?
>
> I'm sure I'm not the only one having this issue, so I'd love to hear tips
> and experiences from others.
>
> Thanks,
>
> Peter
>
>

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#4

I understand Jitmeet is still very new. I'm not complaining at all, just
hoping to start a discussion on an issue that affects webRTC in general,

not

just Jitmeet.

The problem with wireshark is that I can't go around sniffing inside

remote

corporate LANs. The problem doesn't lie server side, but with clients
connecting from behind restrictive corporate firewalls.
I've tried asking the admins to open up udp 10000-20000 and they look at

me

as if I'm nuts. Perhaps I am :wink:

The firewall needs to allow UDP outbound, not limited to any specific port.
If you asked them to open these ports inbound, then I understand their
reaction :slight_smile:

Cheers

Ingo


#5

Hey,

did you tested with meet.jit.si, is it working for you? It has
configured turn server, using port 80.

Cheers
damencho

···

On Thu, Apr 10, 2014 at 8:10 PM, Peter Villeneuve <petervnv1@gmail.com> wrote:

Hi JB,

I understand Jitmeet is still very new. I'm not complaining at all, just
hoping to start a discussion on an issue that affects webRTC in general, not
just Jitmeet.

The problem with wireshark is that I can't go around sniffing inside remote
corporate LANs. The problem doesn't lie server side, but with clients
connecting from behind restrictive corporate firewalls.
I've tried asking the admins to open up udp 10000-20000 and they look at me
as if I'm nuts. Perhaps I am :wink:

Cheers

On Thu, Apr 10, 2014 at 6:00 PM, Jungle Boogie <jungleboogie0@gmail.com> > wrote:

Hi Peter,

--------------------------------------------------------
From: Peter Villeneuve <petervnv1@gmail.com>
Sent: Thu, 10 Apr 2014 17:55:49 +0100
To: Jitsi Developers <dev@jitsi.org>
Subject: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
> Hi,
>
> I've asked this before but I'll ask again.
> Has anyone had success with Jitmeet when clients are connecting behind
> restrictive corporate firewalls (usually symmetric)?

You may not get a reply because perhaps no one else has experience with
corporate firewalls + jitmeet.

>
> In my experience the signalling gets through ok, so we can chat, but no
> audio/video goes through.
>

Have you considered setting up wireshark to see where the traffic dies and
then make adjustment to your firewall based on your results?

> Even with a turn server, the fw still has to let UDP packets through to
> the
> 10000-20000 port range which, in my experience, is highly unlikely.
>
> I know skype is very aggressive at busting through NATs and FWs, but how
> can we apply its "lessons" to webRTC? Is the only realistic solution to
> "force" admins to open up 10000 udp ports or install a VPN?
>
> I'm sure I'm not the only one having this issue, so I'd love to hear
> tips
> and experiences from others.
>
> Thanks,
>
> Peter
>
>

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#6

Hi Peter,

···

--------------------------------------------------------
From: Peter Villeneuve <petervnv1@gmail.com>
Sent: Thu, 10 Apr 2014 20:23:49 +0100
To: Jitsi Developers <dev@jitsi.org>
Subject: Re: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr

Hey Damian,

I'll test tomorrow with a client behind a very restrictive fw.
I'll keep the list posted.

Yes, I'll be interested in the results too because I'd like to implement
jitmeet over some proprietary video conference solution that my employer may
look at.

Cheers

On Thu, Apr 10, 2014 at 6:41 PM, Damian Minkov <damencho@jitsi.org> wrote:

Hey,

did you tested with meet.jit.si, is it working for you? It has
configured turn server, using port 80.

Cheers
damencho

On Thu, Apr 10, 2014 at 8:10 PM, Peter Villeneuve <petervnv1@gmail.com> >> wrote:

Hi JB,

I understand Jitmeet is still very new. I'm not complaining at all, just
hoping to start a discussion on an issue that affects webRTC in general,

not

just Jitmeet.

The problem with wireshark is that I can't go around sniffing inside

remote

corporate LANs. The problem doesn't lie server side, but with clients
connecting from behind restrictive corporate firewalls.
I've tried asking the admins to open up udp 10000-20000 and they look at

me

as if I'm nuts. Perhaps I am :wink:

Cheers

On Thu, Apr 10, 2014 at 6:00 PM, Jungle Boogie <jungleboogie0@gmail.com> >>> wrote:

Hi Peter,

--------------------------------------------------------
From: Peter Villeneuve <petervnv1@gmail.com>
Sent: Thu, 10 Apr 2014 17:55:49 +0100
To: Jitsi Developers <dev@jitsi.org>
Subject: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr

Hi,

I've asked this before but I'll ask again.
Has anyone had success with Jitmeet when clients are connecting behind
restrictive corporate firewalls (usually symmetric)?

You may not get a reply because perhaps no one else has experience with
corporate firewalls + jitmeet.

In my experience the signalling gets through ok, so we can chat, but

no

audio/video goes through.

Have you considered setting up wireshark to see where the traffic dies

and

then make adjustment to your firewall based on your results?

Even with a turn server, the fw still has to let UDP packets through

to

the
10000-20000 port range which, in my experience, is highly unlikely.

I know skype is very aggressive at busting through NATs and FWs, but

how

can we apply its "lessons" to webRTC? Is the only realistic solution

to

"force" admins to open up 10000 udp ports or install a VPN?

I'm sure I'm not the only one having this issue, so I'd love to hear
tips
and experiences from others.

Thanks,

Peter

--
inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp: jungle-boogie@jit.si


#7

Hey Damian,

I'll test tomorrow with a client behind a very restrictive fw.
I'll keep the list posted.

Cheers

···

On Thu, Apr 10, 2014 at 6:41 PM, Damian Minkov <damencho@jitsi.org> wrote:

Hey,

did you tested with meet.jit.si, is it working for you? It has
configured turn server, using port 80.

Cheers
damencho

On Thu, Apr 10, 2014 at 8:10 PM, Peter Villeneuve <petervnv1@gmail.com> > wrote:
> Hi JB,
>
> I understand Jitmeet is still very new. I'm not complaining at all, just
> hoping to start a discussion on an issue that affects webRTC in general,
not
> just Jitmeet.
>
> The problem with wireshark is that I can't go around sniffing inside
remote
> corporate LANs. The problem doesn't lie server side, but with clients
> connecting from behind restrictive corporate firewalls.
> I've tried asking the admins to open up udp 10000-20000 and they look at
me
> as if I'm nuts. Perhaps I am :wink:
>
> Cheers
>
>
> On Thu, Apr 10, 2014 at 6:00 PM, Jungle Boogie <jungleboogie0@gmail.com> > > wrote:
>>
>> Hi Peter,
>>
>> --------------------------------------------------------
>> From: Peter Villeneuve <petervnv1@gmail.com>
>> Sent: Thu, 10 Apr 2014 17:55:49 +0100
>> To: Jitsi Developers <dev@jitsi.org>
>> Subject: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
>> > Hi,
>> >
>> > I've asked this before but I'll ask again.
>> > Has anyone had success with Jitmeet when clients are connecting behind
>> > restrictive corporate firewalls (usually symmetric)?
>>
>> You may not get a reply because perhaps no one else has experience with
>> corporate firewalls + jitmeet.
>>
>> >
>> > In my experience the signalling gets through ok, so we can chat, but
no
>> > audio/video goes through.
>> >
>>
>> Have you considered setting up wireshark to see where the traffic dies
and
>> then make adjustment to your firewall based on your results?
>>
>> > Even with a turn server, the fw still has to let UDP packets through
to
>> > the
>> > 10000-20000 port range which, in my experience, is highly unlikely.
>> >
>> > I know skype is very aggressive at busting through NATs and FWs, but
how
>> > can we apply its "lessons" to webRTC? Is the only realistic solution
to
>> > "force" admins to open up 10000 udp ports or install a VPN?
>> >
>> > I'm sure I'm not the only one having this issue, so I'd love to hear
>> > tips
>> > and experiences from others.
>> >
>> > Thanks,
>> >
>> > Peter
>> >
>> >
>>
>>
>>
>>
>> _______________________________________________
>> dev mailing list
>> dev@jitsi.org
>> Unsubscribe instructions and other list options:
>> http://lists.jitsi.org/mailman/listinfo/dev
>
>
>
> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#8

Well I did some testing with meet.jit.si and results were poor. No
audio/video to/from client behind restrictive corporate firewall ):
Since 443 is open client browser can access the conference and chat, but
can't send or receive media.

I'm hoping that adding TURN TCP/TLS support for relaying might be able to
help media packets punch through.
There was (is?) an interesting discussion regarding this scenario (I
believe the corporate fw only allows TCP 80 and 443) here
https://groups.google.com/forum/m/#!topic/discuss-webrtc/bq2tUi_guE4

And this looks promising if it ever gets implemented
http://tools.ietf.org/id/draft-hutton-rtcweb-nat-firewall-considerations-03.txt

Are there plans to add TCP and TLS relay of media in jitmeet?
Looking through the code I believe it is currently UDP only, but correct me
if I'm wrong.

I think that recent Chrome versions already implement TURN TCP and TLS, so
hopefully we can have a solution for those pesky restrictive firewalls.

Hope these tests help others.

Peter

···

On Thu, Apr 10, 2014 at 8:42 PM, Jungle Boogie <jungleboogie0@gmail.com>wrote:

Hi Peter,

--------------------------------------------------------
From: Peter Villeneuve <petervnv1@gmail.com>
Sent: Thu, 10 Apr 2014 20:23:49 +0100
To: Jitsi Developers <dev@jitsi.org>
Subject: Re: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
> Hey Damian,
>
> I'll test tomorrow with a client behind a very restrictive fw.
> I'll keep the list posted.
>

Yes, I'll be interested in the results too because I'd like to implement
jitmeet over some proprietary video conference solution that my employer
may
look at.

> Cheers
>
>
> On Thu, Apr 10, 2014 at 6:41 PM, Damian Minkov <damencho@jitsi.org> > wrote:
>
>> Hey,
>>
>> did you tested with meet.jit.si, is it working for you? It has
>> configured turn server, using port 80.
>>
>> Cheers
>> damencho
>>
>>
>> On Thu, Apr 10, 2014 at 8:10 PM, Peter Villeneuve <petervnv1@gmail.com> > >> wrote:
>>> Hi JB,
>>>
>>> I understand Jitmeet is still very new. I'm not complaining at all,
just
>>> hoping to start a discussion on an issue that affects webRTC in
general,
>> not
>>> just Jitmeet.
>>>
>>> The problem with wireshark is that I can't go around sniffing inside
>> remote
>>> corporate LANs. The problem doesn't lie server side, but with clients
>>> connecting from behind restrictive corporate firewalls.
>>> I've tried asking the admins to open up udp 10000-20000 and they look
at
>> me
>>> as if I'm nuts. Perhaps I am :wink:
>>>
>>> Cheers
>>>
>>>
>>> On Thu, Apr 10, 2014 at 6:00 PM, Jungle Boogie < > jungleboogie0@gmail.com> > >>> wrote:
>>>>
>>>> Hi Peter,
>>>>
>>>> --------------------------------------------------------
>>>> From: Peter Villeneuve <petervnv1@gmail.com>
>>>> Sent: Thu, 10 Apr 2014 17:55:49 +0100
>>>> To: Jitsi Developers <dev@jitsi.org>
>>>> Subject: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
>>>>> Hi,
>>>>>
>>>>> I've asked this before but I'll ask again.
>>>>> Has anyone had success with Jitmeet when clients are connecting
behind
>>>>> restrictive corporate firewalls (usually symmetric)?
>>>>
>>>> You may not get a reply because perhaps no one else has experience
with
>>>> corporate firewalls + jitmeet.
>>>>
>>>>>
>>>>> In my experience the signalling gets through ok, so we can chat, but
>> no
>>>>> audio/video goes through.
>>>>>
>>>>
>>>> Have you considered setting up wireshark to see where the traffic dies
>> and
>>>> then make adjustment to your firewall based on your results?
>>>>
>>>>> Even with a turn server, the fw still has to let UDP packets through
>> to
>>>>> the
>>>>> 10000-20000 port range which, in my experience, is highly unlikely.
>>>>>
>>>>> I know skype is very aggressive at busting through NATs and FWs, but
>> how
>>>>> can we apply its "lessons" to webRTC? Is the only realistic solution
>> to
>>>>> "force" admins to open up 10000 udp ports or install a VPN?
>>>>>
>>>>> I'm sure I'm not the only one having this issue, so I'd love to hear
>>>>> tips
>>>>> and experiences from others.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Peter
>>>>>
>>>>>
>>>>
>>>>
>>>>

--
inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp:
jungle-boogie@jit.si

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#9

There is already tcp and turn in jitmeet. And it is activated on meet.jit.si,
that's why I asked you to test there.

damencho

--sent from my mobile

···

On Apr 11, 2014 3:41 PM, "Peter Villeneuve" <petervnv1@gmail.com> wrote:

Well I did some testing with meet.jit.si and results were poor. No
audio/video to/from client behind restrictive corporate firewall ):
Since 443 is open client browser can access the conference and chat, but
can't send or receive media.

I'm hoping that adding TURN TCP/TLS support for relaying might be able to
help media packets punch through.
There was (is?) an interesting discussion regarding this scenario (I
believe the corporate fw only allows TCP 80 and 443) here
https://groups.google.com/forum/m/#!topic/discuss-webrtc/bq2tUi_guE4

And this looks promising if it ever gets implemented
http://tools.ietf.org/id/draft-hutton-rtcweb-nat-firewall-considerations-03.txt

Are there plans to add TCP and TLS relay of media in jitmeet?
Looking through the code I believe it is currently UDP only, but correct
me if I'm wrong.

I think that recent Chrome versions already implement TURN TCP and TLS, so
hopefully we can have a solution for those pesky restrictive firewalls.

Hope these tests help others.

Peter

On Thu, Apr 10, 2014 at 8:42 PM, Jungle Boogie <jungleboogie0@gmail.com>wrote:

Hi Peter,

--------------------------------------------------------
From: Peter Villeneuve <petervnv1@gmail.com>
Sent: Thu, 10 Apr 2014 20:23:49 +0100
To: Jitsi Developers <dev@jitsi.org>
Subject: Re: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
> Hey Damian,
>
> I'll test tomorrow with a client behind a very restrictive fw.
> I'll keep the list posted.
>

Yes, I'll be interested in the results too because I'd like to implement
jitmeet over some proprietary video conference solution that my employer
may
look at.

> Cheers
>
>
> On Thu, Apr 10, 2014 at 6:41 PM, Damian Minkov <damencho@jitsi.org> >> wrote:
>
>> Hey,
>>
>> did you tested with meet.jit.si, is it working for you? It has
>> configured turn server, using port 80.
>>
>> Cheers
>> damencho
>>
>>
>> On Thu, Apr 10, 2014 at 8:10 PM, Peter Villeneuve <petervnv1@gmail.com >> > >> >> wrote:
>>> Hi JB,
>>>
>>> I understand Jitmeet is still very new. I'm not complaining at all,
just
>>> hoping to start a discussion on an issue that affects webRTC in
general,
>> not
>>> just Jitmeet.
>>>
>>> The problem with wireshark is that I can't go around sniffing inside
>> remote
>>> corporate LANs. The problem doesn't lie server side, but with clients
>>> connecting from behind restrictive corporate firewalls.
>>> I've tried asking the admins to open up udp 10000-20000 and they look
at
>> me
>>> as if I'm nuts. Perhaps I am :wink:
>>>
>>> Cheers
>>>
>>>
>>> On Thu, Apr 10, 2014 at 6:00 PM, Jungle Boogie < >> jungleboogie0@gmail.com> >> >>> wrote:
>>>>
>>>> Hi Peter,
>>>>
>>>> --------------------------------------------------------
>>>> From: Peter Villeneuve <petervnv1@gmail.com>
>>>> Sent: Thu, 10 Apr 2014 17:55:49 +0100
>>>> To: Jitsi Developers <dev@jitsi.org>
>>>> Subject: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
>>>>> Hi,
>>>>>
>>>>> I've asked this before but I'll ask again.
>>>>> Has anyone had success with Jitmeet when clients are connecting
behind
>>>>> restrictive corporate firewalls (usually symmetric)?
>>>>
>>>> You may not get a reply because perhaps no one else has experience
with
>>>> corporate firewalls + jitmeet.
>>>>
>>>>>
>>>>> In my experience the signalling gets through ok, so we can chat, but
>> no
>>>>> audio/video goes through.
>>>>>
>>>>
>>>> Have you considered setting up wireshark to see where the traffic
dies
>> and
>>>> then make adjustment to your firewall based on your results?
>>>>
>>>>> Even with a turn server, the fw still has to let UDP packets through
>> to
>>>>> the
>>>>> 10000-20000 port range which, in my experience, is highly unlikely.
>>>>>
>>>>> I know skype is very aggressive at busting through NATs and FWs, but
>> how
>>>>> can we apply its "lessons" to webRTC? Is the only realistic solution
>> to
>>>>> "force" admins to open up 10000 udp ports or install a VPN?
>>>>>
>>>>> I'm sure I'm not the only one having this issue, so I'd love to hear
>>>>> tips
>>>>> and experiences from others.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Peter
>>>>>
>>>>>
>>>>
>>>>
>>>>

--
inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp:
jungle-boogie@jit.si

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#10

Gotcha. Sorry but I couldn't find it in the jitmeet code. I only found udp
relaying when searching through github. Didn't see any code for tcp
relaying. Can you point me in the right direction?

Unfortunately my testing didn't work with meet.jit.si either.

···

On Fri, Apr 11, 2014 at 5:41 PM, Damian Minkov <damencho@jitsi.org> wrote:

There is already tcp and turn in jitmeet. And it is activated on
meet.jit.si, that's why I asked you to test there.

damencho

--sent from my mobile
On Apr 11, 2014 3:41 PM, "Peter Villeneuve" <petervnv1@gmail.com> wrote:

Well I did some testing with meet.jit.si and results were poor. No
audio/video to/from client behind restrictive corporate firewall ):
Since 443 is open client browser can access the conference and chat, but
can't send or receive media.

I'm hoping that adding TURN TCP/TLS support for relaying might be able to
help media packets punch through.
There was (is?) an interesting discussion regarding this scenario (I
believe the corporate fw only allows TCP 80 and 443) here
https://groups.google.com/forum/m/#!topic/discuss-webrtc/bq2tUi_guE4

And this looks promising if it ever gets implemented
http://tools.ietf.org/id/draft-hutton-rtcweb-nat-firewall-considerations-03.txt

Are there plans to add TCP and TLS relay of media in jitmeet?
Looking through the code I believe it is currently UDP only, but correct
me if I'm wrong.

I think that recent Chrome versions already implement TURN TCP and TLS,
so hopefully we can have a solution for those pesky restrictive firewalls.

Hope these tests help others.

Peter

On Thu, Apr 10, 2014 at 8:42 PM, Jungle Boogie <jungleboogie0@gmail.com>wrote:

Hi Peter,

--------------------------------------------------------
From: Peter Villeneuve <petervnv1@gmail.com>
Sent: Thu, 10 Apr 2014 20:23:49 +0100
To: Jitsi Developers <dev@jitsi.org>
Subject: Re: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
> Hey Damian,
>
> I'll test tomorrow with a client behind a very restrictive fw.
> I'll keep the list posted.
>

Yes, I'll be interested in the results too because I'd like to implement
jitmeet over some proprietary video conference solution that my employer
may
look at.

> Cheers
>
>
> On Thu, Apr 10, 2014 at 6:41 PM, Damian Minkov <damencho@jitsi.org> >>> wrote:
>
>> Hey,
>>
>> did you tested with meet.jit.si, is it working for you? It has
>> configured turn server, using port 80.
>>
>> Cheers
>> damencho
>>
>>
>> On Thu, Apr 10, 2014 at 8:10 PM, Peter Villeneuve < >>> petervnv1@gmail.com> >>> >> wrote:
>>> Hi JB,
>>>
>>> I understand Jitmeet is still very new. I'm not complaining at all,
just
>>> hoping to start a discussion on an issue that affects webRTC in
general,
>> not
>>> just Jitmeet.
>>>
>>> The problem with wireshark is that I can't go around sniffing inside
>> remote
>>> corporate LANs. The problem doesn't lie server side, but with clients
>>> connecting from behind restrictive corporate firewalls.
>>> I've tried asking the admins to open up udp 10000-20000 and they
look at
>> me
>>> as if I'm nuts. Perhaps I am :wink:
>>>
>>> Cheers
>>>
>>>
>>> On Thu, Apr 10, 2014 at 6:00 PM, Jungle Boogie < >>> jungleboogie0@gmail.com> >>> >>> wrote:
>>>>
>>>> Hi Peter,
>>>>
>>>> --------------------------------------------------------
>>>> From: Peter Villeneuve <petervnv1@gmail.com>
>>>> Sent: Thu, 10 Apr 2014 17:55:49 +0100
>>>> To: Jitsi Developers <dev@jitsi.org>
>>>> Subject: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
>>>>> Hi,
>>>>>
>>>>> I've asked this before but I'll ask again.
>>>>> Has anyone had success with Jitmeet when clients are connecting
behind
>>>>> restrictive corporate firewalls (usually symmetric)?
>>>>
>>>> You may not get a reply because perhaps no one else has experience
with
>>>> corporate firewalls + jitmeet.
>>>>
>>>>>
>>>>> In my experience the signalling gets through ok, so we can chat,
but
>> no
>>>>> audio/video goes through.
>>>>>
>>>>
>>>> Have you considered setting up wireshark to see where the traffic
dies
>> and
>>>> then make adjustment to your firewall based on your results?
>>>>
>>>>> Even with a turn server, the fw still has to let UDP packets
through
>> to
>>>>> the
>>>>> 10000-20000 port range which, in my experience, is highly unlikely.
>>>>>
>>>>> I know skype is very aggressive at busting through NATs and FWs,
but
>> how
>>>>> can we apply its "lessons" to webRTC? Is the only realistic
solution
>> to
>>>>> "force" admins to open up 10000 udp ports or install a VPN?
>>>>>
>>>>> I'm sure I'm not the only one having this issue, so I'd love to
hear
>>>>> tips
>>>>> and experiences from others.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Peter
>>>>>
>>>>>
>>>>
>>>>
>>>>

--
inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp:
jungle-boogie@jit.si

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#11

Its webrtc in chrome and the candidates generated. You can check jitmeet
logs does it sends relay candidates and which one it tries to use.

--sent from my mobile

···

On Apr 11, 2014 7:59 PM, "Peter Villeneuve" <petervnv1@gmail.com> wrote:

Gotcha. Sorry but I couldn't find it in the jitmeet code. I only found udp
relaying when searching through github. Didn't see any code for tcp
relaying. Can you point me in the right direction?

Unfortunately my testing didn't work with meet.jit.si either.

On Fri, Apr 11, 2014 at 5:41 PM, Damian Minkov <damencho@jitsi.org> wrote:

There is already tcp and turn in jitmeet. And it is activated on
meet.jit.si, that's why I asked you to test there.

damencho

--sent from my mobile
On Apr 11, 2014 3:41 PM, "Peter Villeneuve" <petervnv1@gmail.com> wrote:

Well I did some testing with meet.jit.si and results were poor. No
audio/video to/from client behind restrictive corporate firewall ):
Since 443 is open client browser can access the conference and chat, but
can't send or receive media.

I'm hoping that adding TURN TCP/TLS support for relaying might be able
to help media packets punch through.
There was (is?) an interesting discussion regarding this scenario (I
believe the corporate fw only allows TCP 80 and 443) here
https://groups.google.com/forum/m/#!topic/discuss-webrtc/bq2tUi_guE4

And this looks promising if it ever gets implemented
http://tools.ietf.org/id/draft-hutton-rtcweb-nat-firewall-considerations-03.txt

Are there plans to add TCP and TLS relay of media in jitmeet?
Looking through the code I believe it is currently UDP only, but correct
me if I'm wrong.

I think that recent Chrome versions already implement TURN TCP and TLS,
so hopefully we can have a solution for those pesky restrictive firewalls.

Hope these tests help others.

Peter

On Thu, Apr 10, 2014 at 8:42 PM, Jungle Boogie <jungleboogie0@gmail.com>wrote:

Hi Peter,

--------------------------------------------------------
From: Peter Villeneuve <petervnv1@gmail.com>
Sent: Thu, 10 Apr 2014 20:23:49 +0100
To: Jitsi Developers <dev@jitsi.org>
Subject: Re: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
> Hey Damian,
>
> I'll test tomorrow with a client behind a very restrictive fw.
> I'll keep the list posted.
>

Yes, I'll be interested in the results too because I'd like to implement
jitmeet over some proprietary video conference solution that my
employer may
look at.

> Cheers
>
>
> On Thu, Apr 10, 2014 at 6:41 PM, Damian Minkov <damencho@jitsi.org> >>>> wrote:
>
>> Hey,
>>
>> did you tested with meet.jit.si, is it working for you? It has
>> configured turn server, using port 80.
>>
>> Cheers
>> damencho
>>
>>
>> On Thu, Apr 10, 2014 at 8:10 PM, Peter Villeneuve < >>>> petervnv1@gmail.com> >>>> >> wrote:
>>> Hi JB,
>>>
>>> I understand Jitmeet is still very new. I'm not complaining at all,
just
>>> hoping to start a discussion on an issue that affects webRTC in
general,
>> not
>>> just Jitmeet.
>>>
>>> The problem with wireshark is that I can't go around sniffing inside
>> remote
>>> corporate LANs. The problem doesn't lie server side, but with
clients
>>> connecting from behind restrictive corporate firewalls.
>>> I've tried asking the admins to open up udp 10000-20000 and they
look at
>> me
>>> as if I'm nuts. Perhaps I am :wink:
>>>
>>> Cheers
>>>
>>>
>>> On Thu, Apr 10, 2014 at 6:00 PM, Jungle Boogie < >>>> jungleboogie0@gmail.com> >>>> >>> wrote:
>>>>
>>>> Hi Peter,
>>>>
>>>> --------------------------------------------------------
>>>> From: Peter Villeneuve <petervnv1@gmail.com>
>>>> Sent: Thu, 10 Apr 2014 17:55:49 +0100
>>>> To: Jitsi Developers <dev@jitsi.org>
>>>> Subject: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
>>>>> Hi,
>>>>>
>>>>> I've asked this before but I'll ask again.
>>>>> Has anyone had success with Jitmeet when clients are connecting
behind
>>>>> restrictive corporate firewalls (usually symmetric)?
>>>>
>>>> You may not get a reply because perhaps no one else has experience
with
>>>> corporate firewalls + jitmeet.
>>>>
>>>>>
>>>>> In my experience the signalling gets through ok, so we can chat,
but
>> no
>>>>> audio/video goes through.
>>>>>
>>>>
>>>> Have you considered setting up wireshark to see where the traffic
dies
>> and
>>>> then make adjustment to your firewall based on your results?
>>>>
>>>>> Even with a turn server, the fw still has to let UDP packets
through
>> to
>>>>> the
>>>>> 10000-20000 port range which, in my experience, is highly
unlikely.
>>>>>
>>>>> I know skype is very aggressive at busting through NATs and FWs,
but
>> how
>>>>> can we apply its "lessons" to webRTC? Is the only realistic
solution
>> to
>>>>> "force" admins to open up 10000 udp ports or install a VPN?
>>>>>
>>>>> I'm sure I'm not the only one having this issue, so I'd love to
hear
>>>>> tips
>>>>> and experiences from others.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Peter
>>>>>
>>>>>
>>>>
>>>>
>>>>

--
inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp:
jungle-boogie@jit.si

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#12

Great, will do. Perhaps the chrome version the client was using was
outdated. Will have to investigate.
By the way, how do I enable logging in jitmeet, and can I store them in a
file?

···

On Fri, Apr 11, 2014 at 6:19 PM, Damian Minkov <damencho@jitsi.org> wrote:

Its webrtc in chrome and the candidates generated. You can check jitmeet
logs does it sends relay candidates and which one it tries to use.

--sent from my mobile
On Apr 11, 2014 7:59 PM, "Peter Villeneuve" <petervnv1@gmail.com> wrote:

Gotcha. Sorry but I couldn't find it in the jitmeet code. I only found
udp relaying when searching through github. Didn't see any code for tcp
relaying. Can you point me in the right direction?

Unfortunately my testing didn't work with meet.jit.si either.

On Fri, Apr 11, 2014 at 5:41 PM, Damian Minkov <damencho@jitsi.org>wrote:

There is already tcp and turn in jitmeet. And it is activated on
meet.jit.si, that's why I asked you to test there.

damencho

--sent from my mobile
On Apr 11, 2014 3:41 PM, "Peter Villeneuve" <petervnv1@gmail.com> wrote:

Well I did some testing with meet.jit.si and results were poor. No
audio/video to/from client behind restrictive corporate firewall ):
Since 443 is open client browser can access the conference and chat,
but can't send or receive media.

I'm hoping that adding TURN TCP/TLS support for relaying might be able
to help media packets punch through.
There was (is?) an interesting discussion regarding this scenario (I
believe the corporate fw only allows TCP 80 and 443) here
https://groups.google.com/forum/m/#!topic/discuss-webrtc/bq2tUi_guE4

And this looks promising if it ever gets implemented
http://tools.ietf.org/id/draft-hutton-rtcweb-nat-firewall-considerations-03.txt

Are there plans to add TCP and TLS relay of media in jitmeet?
Looking through the code I believe it is currently UDP only, but
correct me if I'm wrong.

I think that recent Chrome versions already implement TURN TCP and TLS,
so hopefully we can have a solution for those pesky restrictive firewalls.

Hope these tests help others.

Peter

On Thu, Apr 10, 2014 at 8:42 PM, Jungle Boogie <jungleboogie0@gmail.com >>>> > wrote:

Hi Peter,

--------------------------------------------------------
From: Peter Villeneuve <petervnv1@gmail.com>
Sent: Thu, 10 Apr 2014 20:23:49 +0100
To: Jitsi Developers <dev@jitsi.org>
Subject: Re: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
> Hey Damian,
>
> I'll test tomorrow with a client behind a very restrictive fw.
> I'll keep the list posted.
>

Yes, I'll be interested in the results too because I'd like to
implement
jitmeet over some proprietary video conference solution that my
employer may
look at.

> Cheers
>
>
> On Thu, Apr 10, 2014 at 6:41 PM, Damian Minkov <damencho@jitsi.org> >>>>> wrote:
>
>> Hey,
>>
>> did you tested with meet.jit.si, is it working for you? It has
>> configured turn server, using port 80.
>>
>> Cheers
>> damencho
>>
>>
>> On Thu, Apr 10, 2014 at 8:10 PM, Peter Villeneuve < >>>>> petervnv1@gmail.com> >>>>> >> wrote:
>>> Hi JB,
>>>
>>> I understand Jitmeet is still very new. I'm not complaining at
all, just
>>> hoping to start a discussion on an issue that affects webRTC in
general,
>> not
>>> just Jitmeet.
>>>
>>> The problem with wireshark is that I can't go around sniffing
inside
>> remote
>>> corporate LANs. The problem doesn't lie server side, but with
clients
>>> connecting from behind restrictive corporate firewalls.
>>> I've tried asking the admins to open up udp 10000-20000 and they
look at
>> me
>>> as if I'm nuts. Perhaps I am :wink:
>>>
>>> Cheers
>>>
>>>
>>> On Thu, Apr 10, 2014 at 6:00 PM, Jungle Boogie < >>>>> jungleboogie0@gmail.com> >>>>> >>> wrote:
>>>>
>>>> Hi Peter,
>>>>
>>>> --------------------------------------------------------
>>>> From: Peter Villeneuve <petervnv1@gmail.com>
>>>> Sent: Thu, 10 Apr 2014 17:55:49 +0100
>>>> To: Jitsi Developers <dev@jitsi.org>
>>>> Subject: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
>>>>> Hi,
>>>>>
>>>>> I've asked this before but I'll ask again.
>>>>> Has anyone had success with Jitmeet when clients are connecting
behind
>>>>> restrictive corporate firewalls (usually symmetric)?
>>>>
>>>> You may not get a reply because perhaps no one else has
experience with
>>>> corporate firewalls + jitmeet.
>>>>
>>>>>
>>>>> In my experience the signalling gets through ok, so we can chat,
but
>> no
>>>>> audio/video goes through.
>>>>>
>>>>
>>>> Have you considered setting up wireshark to see where the traffic
dies
>> and
>>>> then make adjustment to your firewall based on your results?
>>>>
>>>>> Even with a turn server, the fw still has to let UDP packets
through
>> to
>>>>> the
>>>>> 10000-20000 port range which, in my experience, is highly
unlikely.
>>>>>
>>>>> I know skype is very aggressive at busting through NATs and FWs,
but
>> how
>>>>> can we apply its "lessons" to webRTC? Is the only realistic
solution
>> to
>>>>> "force" admins to open up 10000 udp ports or install a VPN?
>>>>>
>>>>> I'm sure I'm not the only one having this issue, so I'd love to
hear
>>>>> tips
>>>>> and experiences from others.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Peter
>>>>>
>>>>>
>>>>
>>>>
>>>>

--
inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp:
jungle-boogie@jit.si

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#13

Hi,

It is a link in the bottom left corner and it is downloaded as a file.

Regards
damencho

--sent from my mobile

···

On Apr 11, 2014 8:29 PM, "Peter Villeneuve" <petervnv1@gmail.com> wrote:

Great, will do. Perhaps the chrome version the client was using was
outdated. Will have to investigate.
By the way, how do I enable logging in jitmeet, and can I store them in a
file?

On Fri, Apr 11, 2014 at 6:19 PM, Damian Minkov <damencho@jitsi.org> wrote:

Its webrtc in chrome and the candidates generated. You can check jitmeet
logs does it sends relay candidates and which one it tries to use.

--sent from my mobile
On Apr 11, 2014 7:59 PM, "Peter Villeneuve" <petervnv1@gmail.com> wrote:

Gotcha. Sorry but I couldn't find it in the jitmeet code. I only found
udp relaying when searching through github. Didn't see any code for tcp
relaying. Can you point me in the right direction?

Unfortunately my testing didn't work with meet.jit.si either.

On Fri, Apr 11, 2014 at 5:41 PM, Damian Minkov <damencho@jitsi.org>wrote:

There is already tcp and turn in jitmeet. And it is activated on
meet.jit.si, that's why I asked you to test there.

damencho

--sent from my mobile
On Apr 11, 2014 3:41 PM, "Peter Villeneuve" <petervnv1@gmail.com> >>>> wrote:

Well I did some testing with meet.jit.si and results were poor. No
audio/video to/from client behind restrictive corporate firewall ):
Since 443 is open client browser can access the conference and chat,
but can't send or receive media.

I'm hoping that adding TURN TCP/TLS support for relaying might be able
to help media packets punch through.
There was (is?) an interesting discussion regarding this scenario (I
believe the corporate fw only allows TCP 80 and 443) here
https://groups.google.com/forum/m/#!topic/discuss-webrtc/bq2tUi_guE4

And this looks promising if it ever gets implemented
http://tools.ietf.org/id/draft-hutton-rtcweb-nat-firewall-considerations-03.txt

Are there plans to add TCP and TLS relay of media in jitmeet?
Looking through the code I believe it is currently UDP only, but
correct me if I'm wrong.

I think that recent Chrome versions already implement TURN TCP and
TLS, so hopefully we can have a solution for those pesky restrictive
firewalls.

Hope these tests help others.

Peter

On Thu, Apr 10, 2014 at 8:42 PM, Jungle Boogie < >>>>> jungleboogie0@gmail.com> wrote:

Hi Peter,

--------------------------------------------------------
From: Peter Villeneuve <petervnv1@gmail.com>
Sent: Thu, 10 Apr 2014 20:23:49 +0100
To: Jitsi Developers <dev@jitsi.org>
Subject: Re: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
> Hey Damian,
>
> I'll test tomorrow with a client behind a very restrictive fw.
> I'll keep the list posted.
>

Yes, I'll be interested in the results too because I'd like to
implement
jitmeet over some proprietary video conference solution that my
employer may
look at.

> Cheers
>
>
> On Thu, Apr 10, 2014 at 6:41 PM, Damian Minkov <damencho@jitsi.org> >>>>>> wrote:
>
>> Hey,
>>
>> did you tested with meet.jit.si, is it working for you? It has
>> configured turn server, using port 80.
>>
>> Cheers
>> damencho
>>
>>
>> On Thu, Apr 10, 2014 at 8:10 PM, Peter Villeneuve < >>>>>> petervnv1@gmail.com> >>>>>> >> wrote:
>>> Hi JB,
>>>
>>> I understand Jitmeet is still very new. I'm not complaining at
all, just
>>> hoping to start a discussion on an issue that affects webRTC in
general,
>> not
>>> just Jitmeet.
>>>
>>> The problem with wireshark is that I can't go around sniffing
inside
>> remote
>>> corporate LANs. The problem doesn't lie server side, but with
clients
>>> connecting from behind restrictive corporate firewalls.
>>> I've tried asking the admins to open up udp 10000-20000 and they
look at
>> me
>>> as if I'm nuts. Perhaps I am :wink:
>>>
>>> Cheers
>>>
>>>
>>> On Thu, Apr 10, 2014 at 6:00 PM, Jungle Boogie < >>>>>> jungleboogie0@gmail.com> >>>>>> >>> wrote:
>>>>
>>>> Hi Peter,
>>>>
>>>> --------------------------------------------------------
>>>> From: Peter Villeneuve <petervnv1@gmail.com>
>>>> Sent: Thu, 10 Apr 2014 17:55:49 +0100
>>>> To: Jitsi Developers <dev@jitsi.org>
>>>> Subject: [jitsi-dev] Jitmeet ports and corporate firewalls - grrr
>>>>> Hi,
>>>>>
>>>>> I've asked this before but I'll ask again.
>>>>> Has anyone had success with Jitmeet when clients are connecting
behind
>>>>> restrictive corporate firewalls (usually symmetric)?
>>>>
>>>> You may not get a reply because perhaps no one else has
experience with
>>>> corporate firewalls + jitmeet.
>>>>
>>>>>
>>>>> In my experience the signalling gets through ok, so we can
chat, but
>> no
>>>>> audio/video goes through.
>>>>>
>>>>
>>>> Have you considered setting up wireshark to see where the
traffic dies
>> and
>>>> then make adjustment to your firewall based on your results?
>>>>
>>>>> Even with a turn server, the fw still has to let UDP packets
through
>> to
>>>>> the
>>>>> 10000-20000 port range which, in my experience, is highly
unlikely.
>>>>>
>>>>> I know skype is very aggressive at busting through NATs and
FWs, but
>> how
>>>>> can we apply its "lessons" to webRTC? Is the only realistic
solution
>> to
>>>>> "force" admins to open up 10000 udp ports or install a VPN?
>>>>>
>>>>> I'm sure I'm not the only one having this issue, so I'd love to
hear
>>>>> tips
>>>>> and experiences from others.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Peter
>>>>>
>>>>>
>>>>
>>>>
>>>>

--
inum: 883510009027723 sip: jungleboogie@sip2sip.info xmpp:
jungle-boogie@jit.si

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#14

FWIW: Chrome does not currently support sending media over HTTP. Deployments that only authorise HTTP would therefore fail.

As Damian mentioned the meet.jit.si deployment of Jitsi Meet already has TURN/TCP on port 80.

Emil

···

On 12.04.14, 11:35, Damian Minkov wrote:

Hi,

It is a link in the bottom left corner and it is downloaded as a file.

Regards
damencho

--sent from my mobile

On Apr 11, 2014 8:29 PM, "Peter Villeneuve" <petervnv1@gmail.com > <mailto:petervnv1@gmail.com>> wrote:

    Great, will do. Perhaps the chrome version the client was using was
    outdated. Will have to investigate.
    By the way, how do I enable logging in jitmeet, and can I store them
    in a file?

    On Fri, Apr 11, 2014 at 6:19 PM, Damian Minkov <damencho@jitsi.org > <mailto:damencho@jitsi.org>> wrote:

        Its webrtc in chrome and the candidates generated. You can check
        jitmeet logs does it sends relay candidates and which one it
        tries to use.

        --sent from my mobile

        On Apr 11, 2014 7:59 PM, "Peter Villeneuve" <petervnv1@gmail.com > <mailto:petervnv1@gmail.com>> wrote:

            Gotcha. Sorry but I couldn't find it in the jitmeet code. I
            only found udp relaying when searching through github.
            Didn't see any code for tcp relaying. Can you point me in
            the right direction?

            Unfortunately my testing didn't work with meet.jit.si
            <http://meet.jit.si> either.

            On Fri, Apr 11, 2014 at 5:41 PM, Damian Minkov > <damencho@jitsi.org <mailto:damencho@jitsi.org>> wrote:

                There is already tcp and turn in jitmeet. And it is
                activated on meet.jit.si <http://meet.jit.si>, that's
                why I asked you to test there.

                damencho

                --sent from my mobile

                On Apr 11, 2014 3:41 PM, "Peter Villeneuve" > <petervnv1@gmail.com <mailto:petervnv1@gmail.com>> wrote:

                    Well I did some testing with meet.jit.si
                    <http://meet.jit.si> and results were poor. No
                    audio/video to/from client behind restrictive
                    corporate firewall ):
                    Since 443 is open client browser can access the
                    conference and chat, but can't send or receive media.

                    I'm hoping that adding TURN TCP/TLS support for
                    relaying might be able to help media packets punch
                    through.
                    There was (is?) an interesting discussion regarding
                    this scenario (I believe the corporate fw only
                    allows TCP 80 and 443) here
                    https://groups.google.com/forum/m/#!topic/discuss-webrtc/bq2tUi_guE4

                    And this looks promising if it ever gets implemented
                    http://tools.ietf.org/id/draft-hutton-rtcweb-nat-firewall-considerations-03.txt

                    Are there plans to add TCP and TLS relay of media in
                    jitmeet?
                    Looking through the code I believe it is currently
                    UDP only, but correct me if I'm wrong.

                    I think that recent Chrome versions already
                    implement TURN TCP and TLS, so hopefully we can have
                    a solution for those pesky restrictive firewalls.

                    Hope these tests help others.

                    Peter

                    On Thu, Apr 10, 2014 at 8:42 PM, Jungle Boogie > <jungleboogie0@gmail.com > <mailto:jungleboogie0@gmail.com>> wrote:

                        Hi Peter,

                        --------------------------------------------------------
                        From: Peter Villeneuve <petervnv1@gmail.com
                        <mailto:petervnv1@gmail.com>>
                        Sent: Thu, 10 Apr 2014 20:23:49 +0100
                        To: Jitsi Developers <dev@jitsi.org
                        <mailto:dev@jitsi.org>>
                        Subject: Re: [jitsi-dev] Jitmeet ports and
                        corporate firewalls - grrr
                         > Hey Damian,
                         >
                         > I'll test tomorrow with a client behind a
                        very restrictive fw.
                         > I'll keep the list posted.
                         >

                        Yes, I'll be interested in the results too
                        because I'd like to implement
                        jitmeet over some proprietary video conference
                        solution that my employer may
                        look at.

                         > Cheers
                         >
                         > On Thu, Apr 10, 2014 at 6:41 PM, Damian > Minkov <damencho@jitsi.org > <mailto:damencho@jitsi.org>> wrote:
                         >
                         >> Hey,
                         >>
                         >> did you tested with meet.jit.si
                        <http://meet.jit.si>, is it working for you? It has
                         >> configured turn server, using port 80.
                         >>
                         >> Cheers
                         >> damencho
                         >>
                         >> On Thu, Apr 10, 2014 at 8:10 PM, Peter > Villeneuve <petervnv1@gmail.com > <mailto:petervnv1@gmail.com>> > >> wrote:
                         >>> Hi JB,
                         >>>
                         >>> I understand Jitmeet is still very new. I'm
                        not complaining at all, just
                         >>> hoping to start a discussion on an issue
                        that affects webRTC in general,
                         >> not
                         >>> just Jitmeet.
                         >>>
                         >>> The problem with wireshark is that I can't
                        go around sniffing inside
                         >> remote
                         >>> corporate LANs. The problem doesn't lie
                        server side, but with clients
                         >>> connecting from behind restrictive
                        corporate firewalls.
                         >>> I've tried asking the admins to open up udp
                        10000-20000 and they look at
                         >> me
                         >>> as if I'm nuts. Perhaps I am :wink:
                         >>>
                         >>> Cheers
                         >>>
                         >>> On Thu, Apr 10, 2014 at 6:00 PM, Jungle > Boogie <jungleboogie0@gmail.com > <mailto:jungleboogie0@gmail.com>> > >>> wrote:
                         >>>>
                         >>>> Hi Peter,
                         >>>>
                        --------------------------------------------------------
                         >>>> From: Peter Villeneuve
                        <petervnv1@gmail.com <mailto:petervnv1@gmail.com>>
                         >>>> Sent: Thu, 10 Apr 2014 17:55:49 +0100
                         >>>> To: Jitsi Developers <dev@jitsi.org
                        <mailto:dev@jitsi.org>>
                         >>>> Subject: [jitsi-dev] Jitmeet ports and
                        corporate firewalls - grrr
                         >>>>> Hi,
                         >>>>>
                         >>>>> I've asked this before but I'll ask again.
                         >>>>> Has anyone had success with Jitmeet when
                        clients are connecting behind
                         >>>>> restrictive corporate firewalls (usually
                        symmetric)?
                         >>>>
                         >>>> You may not get a reply because perhaps no
                        one else has experience with
                         >>>> corporate firewalls + jitmeet.
                         >>>>
                         >>>>>
                         >>>>> In my experience the signalling gets
                        through ok, so we can chat, but
                         >> no
                         >>>>> audio/video goes through.
                         >>>>>
                         >>>>
                         >>>> Have you considered setting up wireshark
                        to see where the traffic dies
                         >> and
                         >>>> then make adjustment to your firewall
                        based on your results?
                         >>>>
                         >>>>> Even with a turn server, the fw still has
                        to let UDP packets through
                         >> to
                         >>>>> the
                         >>>>> 10000-20000 port range which, in my
                        experience, is highly unlikely.
                         >>>>>
                         >>>>> I know skype is very aggressive at
                        busting through NATs and FWs, but
                         >> how
                         >>>>> can we apply its "lessons" to webRTC? Is
                        the only realistic solution
                         >> to
                         >>>>> "force" admins to open up 10000 udp ports
                        or install a VPN?
                         >>>>>
                         >>>>> I'm sure I'm not the only one having this
                        issue, so I'd love to hear
                         >>>>> tips
                         >>>>> and experiences from others.
                         >>>>>
                         >>>>> Thanks,
                         >>>>>
                         >>>>> Peter
                         >>>>>
                         >>>>

                        --
                        inum: 883510009027723 sip:
                        jungleboogie@sip2sip.info
                        <mailto:jungleboogie@sip2sip.info> xmpp:
                        jungle-boogie@jit.si <mailto:jungle-boogie@jit.si>

                        _______________________________________________
                        dev mailing list
                        dev@jitsi.org <mailto:dev@jitsi.org>
                        Unsubscribe instructions and other list options:
                        http://lists.jitsi.org/mailman/listinfo/dev

                    _______________________________________________
                    dev mailing list
                    dev@jitsi.org <mailto:dev@jitsi.org>
                    Unsubscribe instructions and other list options:
                    http://lists.jitsi.org/mailman/listinfo/dev

                _______________________________________________
                dev mailing list
                dev@jitsi.org <mailto:dev@jitsi.org>
                Unsubscribe instructions and other list options:
                http://lists.jitsi.org/mailman/listinfo/dev

            _______________________________________________
            dev mailing list
            dev@jitsi.org <mailto:dev@jitsi.org>
            Unsubscribe instructions and other list options:
            http://lists.jitsi.org/mailman/listinfo/dev

        _______________________________________________
        dev mailing list
        dev@jitsi.org <mailto:dev@jitsi.org>
        Unsubscribe instructions and other list options:
        http://lists.jitsi.org/mailman/listinfo/dev

    _______________________________________________
    dev mailing list
    dev@jitsi.org <mailto:dev@jitsi.org>
    Unsubscribe instructions and other list options:
    http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
https://jitsi.org


#15

Thanks for clarifying that Emil.
I believe that is where the problem lies in restrictive fw environments.
We'll just have to wait until Chrome starts supporting media over HTTP to
get around those obstacles.

Cheers

···

On Sun, Apr 13, 2014 at 2:53 PM, Emil Ivov <emcho@jitsi.org> wrote:

FWIW: Chrome does not currently support sending media over HTTP.
Deployments that only authorise HTTP would therefore fail.

As Damian mentioned the meet.jit.si deployment of Jitsi Meet already has
TURN/TCP on port 80.

Emil

On 12.04.14, 11:35, Damian Minkov wrote:

Hi,

It is a link in the bottom left corner and it is downloaded as a file.

Regards
damencho

--sent from my mobile

On Apr 11, 2014 8:29 PM, "Peter Villeneuve" <petervnv1@gmail.com >> <mailto:petervnv1@gmail.com>> wrote:

    Great, will do. Perhaps the chrome version the client was using was
    outdated. Will have to investigate.
    By the way, how do I enable logging in jitmeet, and can I store them
    in a file?

    On Fri, Apr 11, 2014 at 6:19 PM, Damian Minkov <damencho@jitsi.org >> <mailto:damencho@jitsi.org>> wrote:

        Its webrtc in chrome and the candidates generated. You can check
        jitmeet logs does it sends relay candidates and which one it
        tries to use.

        --sent from my mobile

        On Apr 11, 2014 7:59 PM, "Peter Villeneuve" <petervnv1@gmail.com >> <mailto:petervnv1@gmail.com>> wrote:

            Gotcha. Sorry but I couldn't find it in the jitmeet code. I
            only found udp relaying when searching through github.
            Didn't see any code for tcp relaying. Can you point me in
            the right direction?

            Unfortunately my testing didn't work with meet.jit.si
            <http://meet.jit.si> either.

            On Fri, Apr 11, 2014 at 5:41 PM, Damian Minkov >> <damencho@jitsi.org <mailto:damencho@jitsi.org>> wrote:

                There is already tcp and turn in jitmeet. And it is
                activated on meet.jit.si <http://meet.jit.si>, that's

                why I asked you to test there.

                damencho

                --sent from my mobile

                On Apr 11, 2014 3:41 PM, "Peter Villeneuve" >> <petervnv1@gmail.com <mailto:petervnv1@gmail.com>> wrote:

                    Well I did some testing with meet.jit.si
                    <http://meet.jit.si> and results were poor. No

                    audio/video to/from client behind restrictive
                    corporate firewall ):
                    Since 443 is open client browser can access the
                    conference and chat, but can't send or receive media.

                    I'm hoping that adding TURN TCP/TLS support for
                    relaying might be able to help media packets punch
                    through.
                    There was (is?) an interesting discussion regarding
                    this scenario (I believe the corporate fw only
                    allows TCP 80 and 443) here
                    https://groups.google.com/forum/m/#!topic/discuss-
webrtc/bq2tUi_guE4

                    And this looks promising if it ever gets implemented
                    http://tools.ietf.org/id/draft-hutton-rtcweb-nat-
firewall-considerations-03.txt

                    Are there plans to add TCP and TLS relay of media in
                    jitmeet?
                    Looking through the code I believe it is currently
                    UDP only, but correct me if I'm wrong.

                    I think that recent Chrome versions already
                    implement TURN TCP and TLS, so hopefully we can have
                    a solution for those pesky restrictive firewalls.

                    Hope these tests help others.

                    Peter

                    On Thu, Apr 10, 2014 at 8:42 PM, Jungle Boogie >> <jungleboogie0@gmail.com >> <mailto:jungleboogie0@gmail.com>> wrote:

                        Hi Peter,

                        ------------------------------
--------------------------
                        From: Peter Villeneuve <petervnv1@gmail.com
                        <mailto:petervnv1@gmail.com>>

                        Sent: Thu, 10 Apr 2014 20:23:49 +0100
                        To: Jitsi Developers <dev@jitsi.org
                        <mailto:dev@jitsi.org>>

                        Subject: Re: [jitsi-dev] Jitmeet ports and
                        corporate firewalls - grrr
                         > Hey Damian,
                         >
                         > I'll test tomorrow with a client behind a
                        very restrictive fw.
                         > I'll keep the list posted.
                         >

                        Yes, I'll be interested in the results too
                        because I'd like to implement
                        jitmeet over some proprietary video conference
                        solution that my employer may
                        look at.

                         > Cheers
                         >
                         >
                         > On Thu, Apr 10, 2014 at 6:41 PM, Damian >> Minkov <damencho@jitsi.org >> <mailto:damencho@jitsi.org>> wrote:
                         >
                         >> Hey,
                         >>
                         >> did you tested with meet.jit.si
                        <http://meet.jit.si>, is it working for you? It
has

                         >> configured turn server, using port 80.
                         >>
                         >> Cheers
                         >> damencho
                         >>
                         >>
                         >> On Thu, Apr 10, 2014 at 8:10 PM, Peter >> Villeneuve <petervnv1@gmail.com >> <mailto:petervnv1@gmail.com>> >> >> >> wrote:
                         >>> Hi JB,
                         >>>
                         >>> I understand Jitmeet is still very new. I'm
                        not complaining at all, just
                         >>> hoping to start a discussion on an issue
                        that affects webRTC in general,
                         >> not
                         >>> just Jitmeet.
                         >>>
                         >>> The problem with wireshark is that I can't
                        go around sniffing inside
                         >> remote
                         >>> corporate LANs. The problem doesn't lie
                        server side, but with clients
                         >>> connecting from behind restrictive
                        corporate firewalls.
                         >>> I've tried asking the admins to open up udp
                        10000-20000 and they look at
                         >> me
                         >>> as if I'm nuts. Perhaps I am :wink:
                         >>>
                         >>> Cheers
                         >>>
                         >>>
                         >>> On Thu, Apr 10, 2014 at 6:00 PM, Jungle >> Boogie <jungleboogie0@gmail.com >> <mailto:jungleboogie0@gmail.com>> >> >> >>> wrote:
                         >>>>
                         >>>> Hi Peter,
                         >>>>
                         >>>>
                        ------------------------------
--------------------------
                         >>>> From: Peter Villeneuve
                        <petervnv1@gmail.com <mailto:petervnv1@gmail.com
>>

                         >>>> Sent: Thu, 10 Apr 2014 17:55:49 +0100
                         >>>> To: Jitsi Developers <dev@jitsi.org
                        <mailto:dev@jitsi.org>>

                         >>>> Subject: [jitsi-dev] Jitmeet ports and
                        corporate firewalls - grrr
                         >>>>> Hi,
                         >>>>>
                         >>>>> I've asked this before but I'll ask again.
                         >>>>> Has anyone had success with Jitmeet when
                        clients are connecting behind
                         >>>>> restrictive corporate firewalls (usually
                        symmetric)?
                         >>>>
                         >>>> You may not get a reply because perhaps no
                        one else has experience with
                         >>>> corporate firewalls + jitmeet.
                         >>>>
                         >>>>>
                         >>>>> In my experience the signalling gets
                        through ok, so we can chat, but
                         >> no
                         >>>>> audio/video goes through.
                         >>>>>
                         >>>>
                         >>>> Have you considered setting up wireshark
                        to see where the traffic dies
                         >> and
                         >>>> then make adjustment to your firewall
                        based on your results?
                         >>>>
                         >>>>> Even with a turn server, the fw still has
                        to let UDP packets through
                         >> to
                         >>>>> the
                         >>>>> 10000-20000 port range which, in my
                        experience, is highly unlikely.
                         >>>>>
                         >>>>> I know skype is very aggressive at
                        busting through NATs and FWs, but
                         >> how
                         >>>>> can we apply its "lessons" to webRTC? Is
                        the only realistic solution
                         >> to
                         >>>>> "force" admins to open up 10000 udp ports
                        or install a VPN?
                         >>>>>
                         >>>>> I'm sure I'm not the only one having this
                        issue, so I'd love to hear
                         >>>>> tips
                         >>>>> and experiences from others.
                         >>>>>
                         >>>>> Thanks,
                         >>>>>
                         >>>>> Peter
                         >>>>>
                         >>>>>
                         >>>>
                         >>>>
                         >>>>

                        --
                        inum: 883510009027723 sip:
                        jungleboogie@sip2sip.info
                        <mailto:jungleboogie@sip2sip.info> xmpp:
                        jungle-boogie@jit.si <mailto:jungle-boogie@jit.si
>

                        _______________________________________________
                        dev mailing list
                        dev@jitsi.org <mailto:dev@jitsi.org>

                        Unsubscribe instructions and other list options:
                        http://lists.jitsi.org/mailman/listinfo/dev

                    _______________________________________________
                    dev mailing list
                    dev@jitsi.org <mailto:dev@jitsi.org>

                    Unsubscribe instructions and other list options:
                    http://lists.jitsi.org/mailman/listinfo/dev

                _______________________________________________
                dev mailing list
                dev@jitsi.org <mailto:dev@jitsi.org>

                Unsubscribe instructions and other list options:
                http://lists.jitsi.org/mailman/listinfo/dev

            _______________________________________________
            dev mailing list
            dev@jitsi.org <mailto:dev@jitsi.org>

            Unsubscribe instructions and other list options:
            http://lists.jitsi.org/mailman/listinfo/dev

        _______________________________________________
        dev mailing list
        dev@jitsi.org <mailto:dev@jitsi.org>

        Unsubscribe instructions and other list options:
        http://lists.jitsi.org/mailman/listinfo/dev

    _______________________________________________
    dev mailing list
    dev@jitsi.org <mailto:dev@jitsi.org>

    Unsubscribe instructions and other list options:
    http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
https://jitsi.org

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev