[jitsi-dev] jitmeet with restund port range issue


#1

Hi,

I've managed to get jitmeet up and running as per the instructions here
https://github.com/jitsi/jitsi-meet/pull/43/files?short_path=7d442b7&unchanged=collapsed

The only issue left is probably firewall related since audio from the
conference host is not getting out to the other participants (but strangely
video seems fine both ways). Audio and video from invited participants is
fine.

Anyway, looking at the config file for restund turn server, I don't see any
option to set the port range for the relayed UDP traffic, which means I
have to open up the firewall which is obviously not good.

Am I missing something or does restund really not offer the option to set a
port range for UDP relaying?

Also, I can't seem to find any errors in the logs as to why audio from the
organzier isn't reaching the other participants. Any clues as to where I
should look further to debug this one remaining issue?

Thanks


#2

Hi,

I've managed to get jitmeet up and running as per the instructions here
https://github.com/jitsi/jitsi-meet/pull/43/files?short_path=7d442b7&unchanged=collapsed

The only issue left is probably firewall related since audio from the
conference host is not getting out to the other participants (but
strangely video seems fine both ways). Audio and video from invited
participants is fine.

Anyway, looking at the config file for restund turn server, I don't see
any option to set the port range for the relayed UDP traffic, which
means I have to open up the firewall which is obviously not good.

I've always been a proponent to "just let UDP flow" but that's another topic.

Your TURN server only needs to have port 80 open to the world in TCP. It also needs to allow UDP traffic to and from Jitsi Videobridge (ports 10000 to 20000 by default).

Am I missing something or does restund really not offer the option to
set a port range for UDP relaying?

Also, I can't seem to find any errors in the logs as to why audio from
the organzier isn't reaching the other participants. Any clues as to
where I should look further to debug this one remaining issue?

chrome://webrtc-internals might reveal some clues.

Emil

···

On 02.04.14, 17:42, Peter Villeneuve wrote:

Thanks

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
https://jitsi.org


#3

don't think so. You can probably modify the TURN module (alloc.c allocate_request) or ask on the re-devel list.

···

Am 02.04.2014 17:42, schrieb Peter Villeneuve:

Hi,

I've managed to get jitmeet up and running as per the instructions here
https://github.com/jitsi/jitsi-meet/pull/43/files?short_path=7d442b7&unchanged=collapsed

The only issue left is probably firewall related since audio from the
conference host is not getting out to the other participants (but strangely
video seems fine both ways). Audio and video from invited participants is
fine.

Anyway, looking at the config file for restund turn server, I don't see any
option to set the port range for the relayed UDP traffic, which means I
have to open up the firewall which is obviously not good.

Am I missing something or does restund really not offer the option to set a
port range for UDP relaying?


#4

Your TURN server only needs to have port 80 open to the world in TCP. It

also needs to allow UDP traffic to and from Jitsi Videobridge (ports 10000
to 20000 by default).

Thanks Emil. I've got it working now.
Are you sure about those UDP ports? The reason I ask is that I noticed
yesterday problems with people joining the conference without audio and/or
video.
After I looked at the iptables logs I saw clients trying to connect to
ports in the 40000 range directly from the internet. Since those ports
weren't open, obviously media wasn't flowing.

Here's an example:

Apr 4 15:47:56 mymachine kernel: [2524784.462286] iptables: IN=eth0 OUT=
MAC=xx.xx.xx.xx:96:92:1c:df:0f:b1:7d:xx.xx.xx SRC=64.xx.xx.xx
DST=79.xx.xx.xx LEN=71 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=53
DPT=40102 LEN=51

···

On Sat, Apr 5, 2014 at 3:53 PM, Emil Ivov <emcho@jitsi.org> wrote:

On 02.04.14, 17:42, Peter Villeneuve wrote:

Hi,

I've managed to get jitmeet up and running as per the instructions here
https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=collapsed

The only issue left is probably firewall related since audio from the
conference host is not getting out to the other participants (but
strangely video seems fine both ways). Audio and video from invited
participants is fine.

Anyway, looking at the config file for restund turn server, I don't see
any option to set the port range for the relayed UDP traffic, which
means I have to open up the firewall which is obviously not good.

I've always been a proponent to "just let UDP flow" but that's another
topic.

Your TURN server only needs to have port 80 open to the world in TCP. It
also needs to allow UDP traffic to and from Jitsi Videobridge (ports 10000
to 20000 by default).

Am I missing something or does restund really not offer the option to

set a port range for UDP relaying?

Also, I can't seem to find any errors in the logs as to why audio from
the organzier isn't reaching the other participants. Any clues as to
where I should look further to debug this one remaining issue?

chrome://webrtc-internals might reveal some clues.

Emil

Thanks

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
https://jitsi.org

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#5

Thank you Emil and Phillip,

I've got it working now.
The only issue remaining is why the etherpad icon doesn't show up at all.
No errors in the logs either.

Is this likely a Chrome version issue?

···

On Sat, Apr 5, 2014 at 6:35 PM, JJ Janus <janus5005@gmail.com> wrote:

>Your TURN server only needs to have port 80 open to the world in TCP. It
also needs to allow UDP traffic to and from Jitsi Videobridge (ports 10000
to 20000 by default).

Thanks Emil. I've got it working now.
Are you sure about those UDP ports? The reason I ask is that I noticed
yesterday problems with people joining the conference without audio and/or
video.
After I looked at the iptables logs I saw clients trying to connect to
ports in the 40000 range directly from the internet. Since those ports
weren't open, obviously media wasn't flowing.

Here's an example:

Apr 4 15:47:56 mymachine kernel: [2524784.462286] iptables: IN=eth0 OUT=
MAC=xx.xx.xx.xx:96:92:1c:df:0f:b1:7d:xx.xx.xx SRC=64.xx.xx.xx
DST=79.xx.xx.xx LEN=71 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP SPT=53
DPT=40102 LEN=51

On Sat, Apr 5, 2014 at 3:53 PM, Emil Ivov <emcho@jitsi.org> wrote:

On 02.04.14, 17:42, Peter Villeneuve wrote:

Hi,

I've managed to get jitmeet up and running as per the instructions here
https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=collapsed

The only issue left is probably firewall related since audio from the
conference host is not getting out to the other participants (but
strangely video seems fine both ways). Audio and video from invited
participants is fine.

Anyway, looking at the config file for restund turn server, I don't see
any option to set the port range for the relayed UDP traffic, which
means I have to open up the firewall which is obviously not good.

I've always been a proponent to "just let UDP flow" but that's another
topic.

Your TURN server only needs to have port 80 open to the world in TCP. It
also needs to allow UDP traffic to and from Jitsi Videobridge (ports 10000
to 20000 by default).

Am I missing something or does restund really not offer the option to

set a port range for UDP relaying?

Also, I can't seem to find any errors in the logs as to why audio from
the organzier isn't reaching the other participants. Any clues as to
where I should look further to debug this one remaining issue?

chrome://webrtc-internals might reveal some clues.

Emil

Thanks

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
https://jitsi.org

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#6

>Your TURN server only needs to have port 80 open to the world in TCP.
It also needs to allow UDP traffic to and from Jitsi Videobridge (ports
10000 to 20000 by default).

Thanks Emil. I've got it working now.
Are you sure about those UDP ports?

Pretty much, yeah:

https://github.com/jitsi/jitsi-videobridge/blob/master/src/org/jitsi/videobridge/Main.java#L59-L73

You can override those when starting the bridge though.

The reason I ask is that I noticed
yesterday problems with people joining the conference without audio
and/or video.
After I looked at the iptables logs I saw clients trying to connect to
ports in the 40000 range directly from the internet. Since those ports
weren't open, obviously media wasn't flowing.

Here's an example:

Apr 4 15:47:56 mymachine kernel: [2524784.462286] iptables: IN=eth0
OUT= MAC=xx.xx.xx.xx:96:92:1c:df:0f:b1:7d:xx.xx.xx SRC=64.xx.xx.xx
DST=79.xx.xx.xx LEN=71 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP
SPT=53 DPT=40102 LEN=51

This seems to be originating from port 53, which is a bit strange (although it could be just a NAT allocation). Are you sure that this specific packet was sent from a browser running Jitsi Meet?

Emil

···

On 05.04.14, 19:35, JJ Janus wrote:

On Sat, Apr 5, 2014 at 3:53 PM, Emil Ivov <emcho@jitsi.org > <mailto:emcho@jitsi.org>> wrote:

    On 02.04.14, 17:42, Peter Villeneuve wrote:

        Hi,

        I've managed to get jitmeet up and running as per the
        instructions here
        https://github.com/jitsi/__jitsi-meet/pull/43/files?__short_path=7d442b7&unchanged=__collapsed
        <https://github.com/jitsi/jitsi-meet/pull/43/files?short_path=7d442b7&unchanged=collapsed>

        The only issue left is probably firewall related since audio
        from the
        conference host is not getting out to the other participants (but
        strangely video seems fine both ways). Audio and video from invited
        participants is fine.

        Anyway, looking at the config file for restund turn server, I
        don't see
        any option to set the port range for the relayed UDP traffic, which
        means I have to open up the firewall which is obviously not good.

    I've always been a proponent to "just let UDP flow" but that's
    another topic.

    Your TURN server only needs to have port 80 open to the world in
    TCP. It also needs to allow UDP traffic to and from Jitsi
    Videobridge (ports 10000 to 20000 by default).

        Am I missing something or does restund really not offer the
        option to
        set a port range for UDP relaying?

        Also, I can't seem to find any errors in the logs as to why
        audio from
        the organzier isn't reaching the other participants. Any clues as to
        where I should look further to debug this one remaining issue?

    chrome://webrtc-internals might reveal some clues.

    Emil

        Thanks

        _________________________________________________
        dev mailing list
        dev@jitsi.org <mailto:dev@jitsi.org>
        Unsubscribe instructions and other list options:
        http://lists.jitsi.org/__mailman/listinfo/dev
        <http://lists.jitsi.org/mailman/listinfo/dev>

    --
    https://jitsi.org

    _________________________________________________
    dev mailing list
    dev@jitsi.org <mailto:dev@jitsi.org>
    Unsubscribe instructions and other list options:
    http://lists.jitsi.org/__mailman/listinfo/dev
    <http://lists.jitsi.org/mailman/listinfo/dev>

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
https://jitsi.org


#7

>Your TURN server only needs to have port 80 open to the world in TCP.
It also needs to allow UDP traffic to and from Jitsi Videobridge (ports
10000 to 20000 by default).

Thanks Emil. I've got it working now.
Are you sure about those UDP ports?

Pretty much, yeah:

https://github.com/jitsi/jitsi-videobridge/blob/master/
src/org/jitsi/videobridge/Main.java#L59-L73

You can override those when starting the bridge though.

The reason I ask is that I noticed

yesterday problems with people joining the conference without audio
and/or video.
After I looked at the iptables logs I saw clients trying to connect to
ports in the 40000 range directly from the internet. Since those ports
weren't open, obviously media wasn't flowing.

Here's an example:

Apr 4 15:47:56 mymachine kernel: [2524784.462286] iptables: IN=eth0
OUT= MAC=xx.xx.xx.xx:96:92:1c:df:0f:b1:7d:xx.xx.xx SRC=64.xx.xx.xx
DST=79.xx.xx.xx LEN=71 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP
SPT=53 DPT=40102 LEN=51

This seems to be originating from port 53, which is a bit strange
(although it could be just a NAT allocation). Are you sure that this
specific packet was sent from a browser running Jitsi Meet?

Emil

Yeah, I found it pretty strange too although that IP was from a Chrome
browser in a Jitmeet conference and indeed his video wasn't showing up in
the conference at the time.
Anyway, I'll keep a close eye on the iptables logs and see if this pops up
again.

By the way, just watched your Dangerous Demos video and was very impressed.
Congrats on the great work the whole Jitsi community has been doing.

Peter

···

On Sun, Apr 6, 2014 at 9:53 AM, Emil Ivov <emcho@jitsi.org> wrote:

On 05.04.14, 19:35, JJ Janus wrote:

On Sat, Apr 5, 2014 at 3:53 PM, Emil Ivov <emcho@jitsi.org >> <mailto:emcho@jitsi.org>> wrote:

    On 02.04.14, 17:42, Peter Villeneuve wrote:

        Hi,

        I've managed to get jitmeet up and running as per the
        instructions here
        https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=__collapsed

        <https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=collapsed>

        The only issue left is probably firewall related since audio
        from the
        conference host is not getting out to the other participants (but
        strangely video seems fine both ways). Audio and video from
invited
        participants is fine.

        Anyway, looking at the config file for restund turn server, I
        don't see
        any option to set the port range for the relayed UDP traffic,
which
        means I have to open up the firewall which is obviously not good.

    I've always been a proponent to "just let UDP flow" but that's
    another topic.

    Your TURN server only needs to have port 80 open to the world in
    TCP. It also needs to allow UDP traffic to and from Jitsi
    Videobridge (ports 10000 to 20000 by default).

        Am I missing something or does restund really not offer the
        option to
        set a port range for UDP relaying?

        Also, I can't seem to find any errors in the logs as to why
        audio from
        the organzier isn't reaching the other participants. Any clues as
to
        where I should look further to debug this one remaining issue?

    chrome://webrtc-internals might reveal some clues.

    Emil

        Thanks

        _________________________________________________
        dev mailing list
        dev@jitsi.org <mailto:dev@jitsi.org>

        Unsubscribe instructions and other list options:
        http://lists.jitsi.org/__mailman/listinfo/dev

        <http://lists.jitsi.org/mailman/listinfo/dev>

    --
    https://jitsi.org

    _________________________________________________
    dev mailing list
    dev@jitsi.org <mailto:dev@jitsi.org>

    Unsubscribe instructions and other list options:
    http://lists.jitsi.org/__mailman/listinfo/dev
    <http://lists.jitsi.org/mailman/listinfo/dev>

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
https://jitsi.org

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#8

OK, upon further inspection I can confirm that indeed the browser in the
jitmeet session appears to be sending traffic to high udp ports.
Today it happened again that a participant dropped into the jitmeet
conference but there was no audio/video.

Looking at iptables logs, I saw the following, which looks to me like the
client browser, sitting behind NAT, tries to reach my videobridge on UDP
port 45206, which doesn't work because I had only opened ports 10000-20000.
After relaxing the iptables rules to allow UDP from 10000 to 65000, video
and audio suddenly worked fine again.

Also, notice port 3478 in the log printout. That's the STUN/TURN default
port I believe. Not really sure what's going on here.

iptables log printout:

Apr 6 18:34:45 myhost kernel: [2707541.396456] iptables: IN=eth0 OUT=
MAC=xx.xx.xx.d7:96:92:1c:df:0f:b1:7d:xx.xx.xx SRC=75.xx.xx.xx
DST=79.xx.xx.xx LEN=148 TOS=0x00 PREC=0x00 TTL=45 ID=20303 PROTO=ICMP
TYPE=3 CODE=3 [SRC=79.xx.xx.xx DST=192.168.2.13 LEN=120 TOS=0x00 PREC=0x00
TTL=45 ID=47622 DF PROTO=UDP SPT=3478 DPT=45206 LEN=100 ]

···

On Sun, Apr 6, 2014 at 3:19 PM, Peter Villeneuve <petervnv1@gmail.com>wrote:

On Sun, Apr 6, 2014 at 9:53 AM, Emil Ivov <emcho@jitsi.org> wrote:

On 05.04.14, 19:35, JJ Janus wrote:

>Your TURN server only needs to have port 80 open to the world in TCP.
It also needs to allow UDP traffic to and from Jitsi Videobridge (ports
10000 to 20000 by default).

Thanks Emil. I've got it working now.
Are you sure about those UDP ports?

Pretty much, yeah:

https://github.com/jitsi/jitsi-videobridge/blob/master/
src/org/jitsi/videobridge/Main.java#L59-L73

You can override those when starting the bridge though.

The reason I ask is that I noticed

yesterday problems with people joining the conference without audio
and/or video.
After I looked at the iptables logs I saw clients trying to connect to
ports in the 40000 range directly from the internet. Since those ports
weren't open, obviously media wasn't flowing.

Here's an example:

Apr 4 15:47:56 mymachine kernel: [2524784.462286] iptables: IN=eth0
OUT= MAC=xx.xx.xx.xx:96:92:1c:df:0f:b1:7d:xx.xx.xx SRC=64.xx.xx.xx
DST=79.xx.xx.xx LEN=71 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=UDP
SPT=53 DPT=40102 LEN=51

This seems to be originating from port 53, which is a bit strange
(although it could be just a NAT allocation). Are you sure that this
specific packet was sent from a browser running Jitsi Meet?

Emil

Yeah, I found it pretty strange too although that IP was from a Chrome
browser in a Jitmeet conference and indeed his video wasn't showing up in
the conference at the time.
Anyway, I'll keep a close eye on the iptables logs and see if this pops up
again.

By the way, just watched your Dangerous Demos video and was very impressed.
Congrats on the great work the whole Jitsi community has been doing.

Peter

On Sat, Apr 5, 2014 at 3:53 PM, Emil Ivov <emcho@jitsi.org >>> <mailto:emcho@jitsi.org>> wrote:

    On 02.04.14, 17:42, Peter Villeneuve wrote:

        Hi,

        I've managed to get jitmeet up and running as per the
        instructions here
        https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=__collapsed

        <https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=collapsed>

        The only issue left is probably firewall related since audio
        from the
        conference host is not getting out to the other participants (but
        strangely video seems fine both ways). Audio and video from
invited
        participants is fine.

        Anyway, looking at the config file for restund turn server, I
        don't see
        any option to set the port range for the relayed UDP traffic,
which
        means I have to open up the firewall which is obviously not good.

    I've always been a proponent to "just let UDP flow" but that's
    another topic.

    Your TURN server only needs to have port 80 open to the world in
    TCP. It also needs to allow UDP traffic to and from Jitsi
    Videobridge (ports 10000 to 20000 by default).

        Am I missing something or does restund really not offer the
        option to
        set a port range for UDP relaying?

        Also, I can't seem to find any errors in the logs as to why
        audio from
        the organzier isn't reaching the other participants. Any clues
as to
        where I should look further to debug this one remaining issue?

    chrome://webrtc-internals might reveal some clues.

    Emil

        Thanks

        _________________________________________________
        dev mailing list
        dev@jitsi.org <mailto:dev@jitsi.org>

        Unsubscribe instructions and other list options:
        http://lists.jitsi.org/__mailman/listinfo/dev

        <http://lists.jitsi.org/mailman/listinfo/dev>

    --
    https://jitsi.org

    _________________________________________________
    dev mailing list
    dev@jitsi.org <mailto:dev@jitsi.org>

    Unsubscribe instructions and other list options:
    http://lists.jitsi.org/__mailman/listinfo/dev
    <http://lists.jitsi.org/mailman/listinfo/dev>

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
https://jitsi.org

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#9

OK, upon further inspection I can confirm that indeed the browser in the
jitmeet session appears to be sending traffic to high udp ports.
Today it happened again that a participant dropped into the jitmeet
conference but there was no audio/video.

Looking at iptables logs, I saw the following, which looks to me like
the client browser, sitting behind NAT, tries to reach my videobridge on
UDP port 45206, which doesn't work because I had only opened ports
10000-20000.
After relaxing the iptables rules to allow UDP from 10000 to 65000,
video and audio suddenly worked fine again.

Could it be that your Jitsi Videobridge command specifies this range?

Also, notice port 3478 in the log printout. That's the STUN/TURN default
port I believe. Not really sure what's going on here.

Yes, that's the default port and most likely means that the TURN server is either not configured to run on port 80 or is for some reason ignoring that configuration.

Emil

···

On 06.04.14, 22:27, Peter Villeneuve wrote:

iptables log printout:

Apr 6 18:34:45 myhost kernel: [2707541.396456] iptables: IN=eth0 OUT=
MAC=xx.xx.xx.d7:96:92:1c:df:0f:b1:7d:xx.xx.xx SRC=75.xx.xx.xx
DST=79.xx.xx.xx LEN=148 TOS=0x00 PREC=0x00 TTL=45 ID=20303 PROTO=ICMP
TYPE=3 CODE=3 [SRC=79.xx.xx.xx DST=192.168.2.13 LEN=120 TOS=0x00
PREC=0x00 TTL=45 ID=47622 DF PROTO=UDP SPT=3478 DPT=45206 LEN=100 ]

On Sun, Apr 6, 2014 at 3:19 PM, Peter Villeneuve <petervnv1@gmail.com > <mailto:petervnv1@gmail.com>> wrote:

    On Sun, Apr 6, 2014 at 9:53 AM, Emil Ivov <emcho@jitsi.org > <mailto:emcho@jitsi.org>> wrote:

        On 05.04.14, 19:35, JJ Janus wrote:

            >Your TURN server only needs to have port 80 open to the
            world in TCP.
            It also needs to allow UDP traffic to and from Jitsi
            Videobridge (ports
            10000 to 20000 by default).

            Thanks Emil. I've got it working now.
            Are you sure about those UDP ports?

        Pretty much, yeah:

        https://github.com/jitsi/__jitsi-videobridge/blob/master/__src/org/jitsi/videobridge/__Main.java#L59-L73
        <https://github.com/jitsi/jitsi-videobridge/blob/master/src/org/jitsi/videobridge/Main.java#L59-L73>

        You can override those when starting the bridge though.

            The reason I ask is that I noticed
            yesterday problems with people joining the conference
            without audio
            and/or video.
            After I looked at the iptables logs I saw clients trying to
            connect to
            ports in the 40000 range directly from the internet. Since
            those ports
            weren't open, obviously media wasn't flowing.

            Here's an example:

            Apr 4 15:47:56 mymachine kernel: [2524784.462286] iptables:
            IN=eth0
            OUT= MAC=xx.xx.xx.xx:96:92:1c:df:__0f:b1:7d:xx.xx.xx
            SRC=64.xx.xx.xx
            DST=79.xx.xx.xx LEN=71 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF
            PROTO=UDP
            SPT=53 DPT=40102 LEN=51

        This seems to be originating from port 53, which is a bit
        strange (although it could be just a NAT allocation). Are you
        sure that this specific packet was sent from a browser running
        Jitsi Meet?

        Emil

    Yeah, I found it pretty strange too although that IP was from a
    Chrome browser in a Jitmeet conference and indeed his video wasn't
    showing up in the conference at the time.
    Anyway, I'll keep a close eye on the iptables logs and see if this
    pops up again.

    By the way, just watched your Dangerous Demos video and was very
    impressed.
    Congrats on the great work the whole Jitsi community has been doing.

    Peter

            On Sat, Apr 5, 2014 at 3:53 PM, Emil Ivov <emcho@jitsi.org > <mailto:emcho@jitsi.org> > <mailto:emcho@jitsi.org <mailto:emcho@jitsi.org>>> wrote:

                 On 02.04.14, 17:42, Peter Villeneuve wrote:

                     Hi,

                     I've managed to get jitmeet up and running as per the
                     instructions here
            https://github.com/jitsi/____jitsi-meet/pull/43/files?____short_path=7d442b7&unchanged=____collapsed
            <https://github.com/jitsi/__jitsi-meet/pull/43/files?__short_path=7d442b7&unchanged=__collapsed>

            <https://github.com/jitsi/__jitsi-meet/pull/43/files?__short_path=7d442b7&unchanged=__collapsed
            <https://github.com/jitsi/jitsi-meet/pull/43/files?short_path=7d442b7&unchanged=collapsed>>

                     The only issue left is probably firewall related
            since audio
                     from the
                     conference host is not getting out to the other
            participants (but
                     strangely video seems fine both ways). Audio and
            video from invited
                     participants is fine.

                     Anyway, looking at the config file for restund turn
            server, I
                     don't see
                     any option to set the port range for the relayed
            UDP traffic, which
                     means I have to open up the firewall which is
            obviously not good.

                 I've always been a proponent to "just let UDP flow" but
            that's
                 another topic.

                 Your TURN server only needs to have port 80 open to the
            world in
                 TCP. It also needs to allow UDP traffic to and from Jitsi
                 Videobridge (ports 10000 to 20000 by default).

                     Am I missing something or does restund really not
            offer the
                     option to
                     set a port range for UDP relaying?

                     Also, I can't seem to find any errors in the logs
            as to why
                     audio from
                     the organzier isn't reaching the other
            participants. Any clues as to
                     where I should look further to debug this one
            remaining issue?

                 chrome://webrtc-internals might reveal some clues.

                 Emil

                     Thanks

                     ___________________________________________________
                     dev mailing list
            dev@jitsi.org <mailto:dev@jitsi.org> <mailto:dev@jitsi.org
            <mailto:dev@jitsi.org>>

                     Unsubscribe instructions and other list options:
            http://lists.jitsi.org/____mailman/listinfo/dev
            <http://lists.jitsi.org/__mailman/listinfo/dev>

                     <http://lists.jitsi.org/__mailman/listinfo/dev
            <http://lists.jitsi.org/mailman/listinfo/dev>>

                 --
            https://jitsi.org

                 ___________________________________________________
                 dev mailing list
            dev@jitsi.org <mailto:dev@jitsi.org> <mailto:dev@jitsi.org
            <mailto:dev@jitsi.org>>

                 Unsubscribe instructions and other list options:
            http://lists.jitsi.org/____mailman/listinfo/dev
            <http://lists.jitsi.org/__mailman/listinfo/dev>
                 <http://lists.jitsi.org/__mailman/listinfo/dev
            <http://lists.jitsi.org/mailman/listinfo/dev>>

            _________________________________________________
            dev mailing list
            dev@jitsi.org <mailto:dev@jitsi.org>
            Unsubscribe instructions and other list options:
            http://lists.jitsi.org/__mailman/listinfo/dev
            <http://lists.jitsi.org/mailman/listinfo/dev>

        --
        https://jitsi.org

        _________________________________________________
        dev mailing list
        dev@jitsi.org <mailto:dev@jitsi.org>
        Unsubscribe instructions and other list options:
        http://lists.jitsi.org/__mailman/listinfo/dev
        <http://lists.jitsi.org/mailman/listinfo/dev>

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
https://jitsi.org


#10

*Could it be that your Jitsi Videobridge command specifies this range?*

No, I'm sure that I have the correct ports in the start command.

Also, notice port 3478 in the log printout. That's the STUN/TURN default

port I believe. Not really sure what's going on here.

*Yes, that's the default port and most likely means that the TURN server is
either not configured to run on port 80 or is for some reason ignoring that
configuration.*

Now this is likely what's happening.
Say I were running jitmeet behind TLS instead of plain old http as in the
tutorial, would I have to have restund listen on 443 instead of 80? And
same with prosody turncredentials mod config?

Thanks

···

On Sun, Apr 6, 2014 at 9:35 PM, Emil Ivov <emcho@jitsi.org> wrote:

On 06.04.14, 22:27, Peter Villeneuve wrote:

OK, upon further inspection I can confirm that indeed the browser in the
jitmeet session appears to be sending traffic to high udp ports.
Today it happened again that a participant dropped into the jitmeet
conference but there was no audio/video.

Looking at iptables logs, I saw the following, which looks to me like
the client browser, sitting behind NAT, tries to reach my videobridge on
UDP port 45206, which doesn't work because I had only opened ports
10000-20000.
After relaxing the iptables rules to allow UDP from 10000 to 65000,
video and audio suddenly worked fine again.

Could it be that your Jitsi Videobridge command specifies this range?

Also, notice port 3478 in the log printout. That's the STUN/TURN default

port I believe. Not really sure what's going on here.

Yes, that's the default port and most likely means that the TURN server is
either not configured to run on port 80 or is for some reason ignoring that
configuration.

Emil

iptables log printout:

Apr 6 18:34:45 myhost kernel: [2707541.396456] iptables: IN=eth0 OUT=
MAC=xx.xx.xx.d7:96:92:1c:df:0f:b1:7d:xx.xx.xx SRC=75.xx.xx.xx
DST=79.xx.xx.xx LEN=148 TOS=0x00 PREC=0x00 TTL=45 ID=20303 PROTO=ICMP
TYPE=3 CODE=3 [SRC=79.xx.xx.xx DST=192.168.2.13 LEN=120 TOS=0x00
PREC=0x00 TTL=45 ID=47622 DF PROTO=UDP SPT=3478 DPT=45206 LEN=100 ]

On Sun, Apr 6, 2014 at 3:19 PM, Peter Villeneuve <petervnv1@gmail.com >> <mailto:petervnv1@gmail.com>> wrote:

    On Sun, Apr 6, 2014 at 9:53 AM, Emil Ivov <emcho@jitsi.org >> <mailto:emcho@jitsi.org>> wrote:

        On 05.04.14, 19:35, JJ Janus wrote:

            >Your TURN server only needs to have port 80 open to the
            world in TCP.
            It also needs to allow UDP traffic to and from Jitsi
            Videobridge (ports
            10000 to 20000 by default).

            Thanks Emil. I've got it working now.
            Are you sure about those UDP ports?

        Pretty much, yeah:

        https://github.com/jitsi/__jitsi-videobridge/blob/master/
__src/org/jitsi/videobridge/__Main.java#L59-L73

        <https://github.com/jitsi/jitsi-videobridge/blob/master/
src/org/jitsi/videobridge/Main.java#L59-L73>

        You can override those when starting the bridge though.

            The reason I ask is that I noticed
            yesterday problems with people joining the conference
            without audio
            and/or video.
            After I looked at the iptables logs I saw clients trying to
            connect to
            ports in the 40000 range directly from the internet. Since
            those ports
            weren't open, obviously media wasn't flowing.

            Here's an example:

            Apr 4 15:47:56 mymachine kernel: [2524784.462286] iptables:
            IN=eth0
            OUT= MAC=xx.xx.xx.xx:96:92:1c:df:__0f:b1:7d:xx.xx.xx

            SRC=64.xx.xx.xx
            DST=79.xx.xx.xx LEN=71 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF
            PROTO=UDP
            SPT=53 DPT=40102 LEN=51

        This seems to be originating from port 53, which is a bit
        strange (although it could be just a NAT allocation). Are you
        sure that this specific packet was sent from a browser running
        Jitsi Meet?

        Emil

    Yeah, I found it pretty strange too although that IP was from a
    Chrome browser in a Jitmeet conference and indeed his video wasn't
    showing up in the conference at the time.
    Anyway, I'll keep a close eye on the iptables logs and see if this
    pops up again.

    By the way, just watched your Dangerous Demos video and was very
    impressed.
    Congrats on the great work the whole Jitsi community has been doing.

    Peter

            On Sat, Apr 5, 2014 at 3:53 PM, Emil Ivov <emcho@jitsi.org >> <mailto:emcho@jitsi.org> >> <mailto:emcho@jitsi.org <mailto:emcho@jitsi.org>>> wrote:

                 On 02.04.14, 17:42, Peter Villeneuve wrote:

                     Hi,

                     I've managed to get jitmeet up and running as per the
                     instructions here
            https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=____collapsed
            <https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=__collapsed>

            <https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=__collapsed
            <https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=collapsed>>

                     The only issue left is probably firewall related
            since audio
                     from the
                     conference host is not getting out to the other
            participants (but
                     strangely video seems fine both ways). Audio and
            video from invited
                     participants is fine.

                     Anyway, looking at the config file for restund turn
            server, I
                     don't see
                     any option to set the port range for the relayed
            UDP traffic, which
                     means I have to open up the firewall which is
            obviously not good.

                 I've always been a proponent to "just let UDP flow" but
            that's
                 another topic.

                 Your TURN server only needs to have port 80 open to the
            world in
                 TCP. It also needs to allow UDP traffic to and from Jitsi
                 Videobridge (ports 10000 to 20000 by default).

                     Am I missing something or does restund really not
            offer the
                     option to
                     set a port range for UDP relaying?

                     Also, I can't seem to find any errors in the logs
            as to why
                     audio from
                     the organzier isn't reaching the other
            participants. Any clues as to
                     where I should look further to debug this one
            remaining issue?

                 chrome://webrtc-internals might reveal some clues.

                 Emil

                     Thanks

                     ___________________________________________________
                     dev mailing list
            dev@jitsi.org <mailto:dev@jitsi.org> <mailto:dev@jitsi.org

            <mailto:dev@jitsi.org>>

                     Unsubscribe instructions and other list options:
            http://lists.jitsi.org/____mailman/listinfo/dev
            <http://lists.jitsi.org/__mailman/listinfo/dev>

                     <http://lists.jitsi.org/__mailman/listinfo/dev
            <http://lists.jitsi.org/mailman/listinfo/dev>>

                 --
            https://jitsi.org

                 ___________________________________________________
                 dev mailing list
            dev@jitsi.org <mailto:dev@jitsi.org> <mailto:dev@jitsi.org

            <mailto:dev@jitsi.org>>

                 Unsubscribe instructions and other list options:
            http://lists.jitsi.org/____mailman/listinfo/dev
            <http://lists.jitsi.org/__mailman/listinfo/dev>
                 <http://lists.jitsi.org/__mailman/listinfo/dev
            <http://lists.jitsi.org/mailman/listinfo/dev>>

            _________________________________________________
            dev mailing list
            dev@jitsi.org <mailto:dev@jitsi.org>
            Unsubscribe instructions and other list options:
            http://lists.jitsi.org/__mailman/listinfo/dev
            <http://lists.jitsi.org/mailman/listinfo/dev>

        --
        https://jitsi.org

        _________________________________________________
        dev mailing list
        dev@jitsi.org <mailto:dev@jitsi.org>
        Unsubscribe instructions and other list options:
        http://lists.jitsi.org/__mailman/listinfo/dev
        <http://lists.jitsi.org/mailman/listinfo/dev>

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
https://jitsi.org

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#11

OK, I double checked everything and the strange behavior continues.

I've setup restund to listen on port 443, and configured prosody's
turncredentials also on port 443.

I'm sure that I started the videobridge with the correct min and max
relaying ports (10000-20000), yet I still see UDP media from the client
browsers flowing to other ports on the server (like 5014, 5015, etc..).

If I don't open them up, then audio/video fails.

Any thoughts about this?

···

On Sun, Apr 6, 2014 at 9:57 PM, Peter Villeneuve <petervnv1@gmail.com>wrote:

*Could it be that your Jitsi Videobridge command specifies this range?*

No, I'm sure that I have the correct ports in the start command.

Also, notice port 3478 in the log printout. That's the STUN/TURN default

port I believe. Not really sure what's going on here.

*Yes, that's the default port and most likely means that the TURN server
is either not configured to run on port 80 or is for some reason ignoring
that configuration.*

Now this is likely what's happening.
Say I were running jitmeet behind TLS instead of plain old http as in the
tutorial, would I have to have restund listen on 443 instead of 80? And
same with prosody turncredentials mod config?

Thanks

On Sun, Apr 6, 2014 at 9:35 PM, Emil Ivov <emcho@jitsi.org> wrote:

On 06.04.14, 22:27, Peter Villeneuve wrote:

OK, upon further inspection I can confirm that indeed the browser in the
jitmeet session appears to be sending traffic to high udp ports.
Today it happened again that a participant dropped into the jitmeet
conference but there was no audio/video.

Looking at iptables logs, I saw the following, which looks to me like
the client browser, sitting behind NAT, tries to reach my videobridge on
UDP port 45206, which doesn't work because I had only opened ports
10000-20000.
After relaxing the iptables rules to allow UDP from 10000 to 65000,
video and audio suddenly worked fine again.

Could it be that your Jitsi Videobridge command specifies this range?

Also, notice port 3478 in the log printout. That's the STUN/TURN default

port I believe. Not really sure what's going on here.

Yes, that's the default port and most likely means that the TURN server
is either not configured to run on port 80 or is for some reason ignoring
that configuration.

Emil

iptables log printout:

Apr 6 18:34:45 myhost kernel: [2707541.396456] iptables: IN=eth0 OUT=
MAC=xx.xx.xx.d7:96:92:1c:df:0f:b1:7d:xx.xx.xx SRC=75.xx.xx.xx
DST=79.xx.xx.xx LEN=148 TOS=0x00 PREC=0x00 TTL=45 ID=20303 PROTO=ICMP
TYPE=3 CODE=3 [SRC=79.xx.xx.xx DST=192.168.2.13 LEN=120 TOS=0x00
PREC=0x00 TTL=45 ID=47622 DF PROTO=UDP SPT=3478 DPT=45206 LEN=100 ]

On Sun, Apr 6, 2014 at 3:19 PM, Peter Villeneuve <petervnv1@gmail.com >>> <mailto:petervnv1@gmail.com>> wrote:

    On Sun, Apr 6, 2014 at 9:53 AM, Emil Ivov <emcho@jitsi.org >>> <mailto:emcho@jitsi.org>> wrote:

        On 05.04.14, 19:35, JJ Janus wrote:

            >Your TURN server only needs to have port 80 open to the
            world in TCP.
            It also needs to allow UDP traffic to and from Jitsi
            Videobridge (ports
            10000 to 20000 by default).

            Thanks Emil. I've got it working now.
            Are you sure about those UDP ports?

        Pretty much, yeah:

        https://github.com/jitsi/__jitsi-videobridge/blob/master/
__src/org/jitsi/videobridge/__Main.java#L59-L73

        <https://github.com/jitsi/jitsi-videobridge/blob/master/
src/org/jitsi/videobridge/Main.java#L59-L73>

        You can override those when starting the bridge though.

            The reason I ask is that I noticed
            yesterday problems with people joining the conference
            without audio
            and/or video.
            After I looked at the iptables logs I saw clients trying to
            connect to
            ports in the 40000 range directly from the internet. Since
            those ports
            weren't open, obviously media wasn't flowing.

            Here's an example:

            Apr 4 15:47:56 mymachine kernel: [2524784.462286] iptables:
            IN=eth0
            OUT= MAC=xx.xx.xx.xx:96:92:1c:df:__0f:b1:7d:xx.xx.xx

            SRC=64.xx.xx.xx
            DST=79.xx.xx.xx LEN=71 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF
            PROTO=UDP
            SPT=53 DPT=40102 LEN=51

        This seems to be originating from port 53, which is a bit
        strange (although it could be just a NAT allocation). Are you
        sure that this specific packet was sent from a browser running
        Jitsi Meet?

        Emil

    Yeah, I found it pretty strange too although that IP was from a
    Chrome browser in a Jitmeet conference and indeed his video wasn't
    showing up in the conference at the time.
    Anyway, I'll keep a close eye on the iptables logs and see if this
    pops up again.

    By the way, just watched your Dangerous Demos video and was very
    impressed.
    Congrats on the great work the whole Jitsi community has been doing.

    Peter

            On Sat, Apr 5, 2014 at 3:53 PM, Emil Ivov <emcho@jitsi.org >>> <mailto:emcho@jitsi.org> >>> <mailto:emcho@jitsi.org <mailto:emcho@jitsi.org>>> wrote:

                 On 02.04.14, 17:42, Peter Villeneuve wrote:

                     Hi,

                     I've managed to get jitmeet up and running as per
the
                     instructions here
            https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=____collapsed
            <https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=__collapsed>

            <https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=__collapsed
            <https://github.com/jitsi/jitsi-meet/pull/43/files?
short_path=7d442b7&unchanged=collapsed>>

                     The only issue left is probably firewall related
            since audio
                     from the
                     conference host is not getting out to the other
            participants (but
                     strangely video seems fine both ways). Audio and
            video from invited
                     participants is fine.

                     Anyway, looking at the config file for restund turn
            server, I
                     don't see
                     any option to set the port range for the relayed
            UDP traffic, which
                     means I have to open up the firewall which is
            obviously not good.

                 I've always been a proponent to "just let UDP flow" but
            that's
                 another topic.

                 Your TURN server only needs to have port 80 open to the
            world in
                 TCP. It also needs to allow UDP traffic to and from
Jitsi
                 Videobridge (ports 10000 to 20000 by default).

                     Am I missing something or does restund really not
            offer the
                     option to
                     set a port range for UDP relaying?

                     Also, I can't seem to find any errors in the logs
            as to why
                     audio from
                     the organzier isn't reaching the other
            participants. Any clues as to
                     where I should look further to debug this one
            remaining issue?

                 chrome://webrtc-internals might reveal some clues.

                 Emil

                     Thanks

                     ___________________________________________________
                     dev mailing list
            dev@jitsi.org <mailto:dev@jitsi.org> <mailto:dev@jitsi.org

            <mailto:dev@jitsi.org>>

                     Unsubscribe instructions and other list options:
            http://lists.jitsi.org/____mailman/listinfo/dev
            <http://lists.jitsi.org/__mailman/listinfo/dev>

                     <http://lists.jitsi.org/__mailman/listinfo/dev
            <http://lists.jitsi.org/mailman/listinfo/dev>>

                 --
            https://jitsi.org

                 ___________________________________________________
                 dev mailing list
            dev@jitsi.org <mailto:dev@jitsi.org> <mailto:dev@jitsi.org

            <mailto:dev@jitsi.org>>

                 Unsubscribe instructions and other list options:
            http://lists.jitsi.org/____mailman/listinfo/dev
            <http://lists.jitsi.org/__mailman/listinfo/dev>
                 <http://lists.jitsi.org/__mailman/listinfo/dev
            <http://lists.jitsi.org/mailman/listinfo/dev>>

            _________________________________________________
            dev mailing list
            dev@jitsi.org <mailto:dev@jitsi.org>
            Unsubscribe instructions and other list options:
            http://lists.jitsi.org/__mailman/listinfo/dev
            <http://lists.jitsi.org/mailman/listinfo/dev>

        --
        https://jitsi.org

        _________________________________________________
        dev mailing list
        dev@jitsi.org <mailto:dev@jitsi.org>
        Unsubscribe instructions and other list options:
        http://lists.jitsi.org/__mailman/listinfo/dev
        <http://lists.jitsi.org/mailman/listinfo/dev>

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev

--
https://jitsi.org

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev