Jitsi-meet in a corporate environment is not working

#1

so I have my own jitsi-meet deployment and i also have my coturn setup it works in most corporate network but now I have a bank client who uses some sort of proxy to connect to internet…in this situation we can’t hear or see them…we can only see and hear them when they open udp port 10000 directly to internet…it will be very challenging for them to keep this port open since they are bank and are not very friendly to open port 10000. they said they can only open port 80 and 443. Is it possible to use jvb with port 443 in a separate server? Is there any other way to solve this problem?

#2

Have you tested same network that allow only 80 and 443 with meet.jit.si?
It is configured to use coturn for all tcp connections, and coturn host is using a valid certificate. Coturn proxies tcp traffic to jvb udp.
This is the way to go, the tcp implementation in the bridge is not a real ssl with the certificate and everything compared to the one used by coturn and the later one is more reliable.

#3

I didn’t try meet.jit.si
But my coturn is also using valid cert using letsencrypt

#4

Is it setup to serve both p2p and jvb connections?

p2p: {
        enabled: true,
        useStunTurn: true,
.....
useStunTurn: true

And your coturn server is using port 443 for connections?

#5

We don’t have p2p enabled but yes useStunTurn is enabled for both

#6

And your coturn is listening on port 443?

Do you have something similar on your side:

#7

Could it because, the p2p is disabled? When I use webrtc-internals I could my coturn server name in the iceServers

#8

Firewall information
UDP 10000
TCP 4443
TCP 443
TCP 80
If they have ipv6 open the above ports for ipv6 as well

Question:
Based on ports provided, all of them is going thru via proxy except UDP/10000. I want to know why…
This is what my client asking

#9

Cause those proxies are tcp only, they do not support udp…

#10

But it is the same turns and tcp param, right?

#11

I only have turns no stun or turn

https://my.domain.com/tanvir, { iceServers: [turns:turn.domain.com:443?transport=tcp], iceTransportPolicy: all, bundlePolicy: balanced, rtcpMuxPolicy: require, iceCandidatePoolSize: 0, sdpSemantics: "plan-b" }, {advanced: [{googHighStartBitrate: {exact: 0}}, {googPayloadPadding: {exact: true}}, {googScreencastMinBitrate: {exact: 400}}, {googCpuOveruseDetection: {exact: true}}, {googCpuOveruseEncodeUsage: {exact: true}}, {googCpuUnderuseThreshold: {exact: 55}}, {googCpuOveruseThreshold: {exact: 85}}, {enableIPv6: {exact: true}}]}
#12

So this should do the trick about using port 443 for media in combination with the global useStunTurn: true.

#13

Ok I will try again get back

#14

do i have to add the following globally also,

stunServers: [
            { urls: 'stun:stun.l.google.com:19302' },
            { urls: 'stun:stun1.l.google.com:19302' },
            { urls: 'stun:stun2.l.google.com:19302' }
        ],
#15

These are used for the p2p connection.