Jitsi-Meet Firewall config (External network) not working

Dear Team. I have installed Jitsi meet and configired with GoDaddy SSL Certificate. Its working fine when participants join from same network. but when someone join from a different network, we are not able to see the Video or/Audio of that person. As per Firewall team, they have allowed port 10000-20000 for udp communication in the firewall. any additional configurations required ?

You might want to confirm that the port is actually open though. Try:

Tip: how to check UDP/10000 connectivity

Hi @Freddie , sorry for asking again. a bit confused after going through the link. do we need to add any configuration in the jitsi/jvb if participants wants to join from two different network ? or it could be just a firewall issue and using the port forwarding we can manage ?

The link is just to confirm that port 10000/UDP is actually open and accessible in your network. what you’ve described sounds like a firewall issue. First confirm the port is accessible.

Thanks @Freddie I will check this and confirm

@Freddie I have checked the port as you suggested. i can see that the UDP port 10000 was accessible only when i used the Local IP address of that server (in the local network), but using the domain name I was not getting the UDP traffic on server. I’ve also verified for 443(TCP) port and it was accessible using both IP & domain name. Hope there are no specific configurations reauired for UDP in the Jitsi … and we need to discuss with firewall team.

Only from outside to inside the below mentioned port is require to be allowed in firewall.
TCP - 80
TCP - 443
UDP - 10000
UDP - 4443

also need to configure the …/videobridge/sip-communicator.properties file and add 2 lines at the bottom of the page:

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=LocalIP
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=Natted IP(Public IP)

Not true

No longer necessary

That confirms it’s not accessible through the firewall. This needs to be sorted out. Since this affects all users outside your network, it’s not a case where a particular user is behind a firewall and TURNS deployment is necessary. In your case, sorting out the UDP/10000 problem will most likely solve your issue.

why isn’t it necessary anymore?

JVB autodiscovers the values.

how? do i have to setup some discover-url?

STUN_MAPPING_HARVESTER_ADDRESSES is used to discover JVB’s public address when the bridge is started.

can i configure there my own coturn-Server?

Yeah, you can deploy your own TURN (coturn) server, but we’re talking about STUN here, not TURN. If you absolutely don’t want to use Jitsi’s STUN service, you can manually set the public and private addresses using those HARVESTER lines.

okay, thank you!

No, Not Ture, acutally.
As I just diabled this and from outside of my oragnization, I was not able to share my Video. Just before 5 mins back, I added this line and everything is working properly…

No, Not Ture, acutally.
As I just diabled this and from outside of my oragnization, I was not able to share my Video. Just before 5 mins back, I added this line and everything is working properly…

You have something else going on with your deployment. What version of Jitsi are you running?
Share your complete /videobridge/sip-communicator.properties

Jitsi - 2.0.6726-1

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.my-domain.com
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=mypassword
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.mydomain.com
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=3c8c4cb0-9e96-40e6-8bbf-60bd2782d118
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=mylocaladd
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=mypublicadd