Jitsi Meet working well internally but no video through firewall for external users

I’ve used the setup guides and am still having issues. I’ve looked at this form and tried some different steps, but I’m afraid to do too many different things. I feel like it is my firewall, however with the added ports being forwarded there are still issues. I’m hopeful you might be able to make sense of my log files.
General Summary - all works really well on the LAN. Going to LTE on cell outside of LAN connects, I see them, chat works, but no video. I’m sure this has been covered, I just couldn’t find anything that worked for me. Home install - dynamic IP with certificate. Thanks in advance!

This is normally firewall blocking udp 10000, not working port forwarding of udp 10000 or missing public and private address in jvb config. Latest packages configure a stun surver to auto-discover public and private address, which requires outgoing udp 443. You can check grep -i harvest /var/log/jitsi/jvb/log do you see your public address?

Hi damencho - I am struggling with this as well.

`grep -i harvest /var/log/jitsi/jvb.log" (note path change) returns another address for me not my external.
Why would that be? I used google stun this time, used jitsi as per JVB2 installed yesterday.
Internal address all fine.

2020-04-06 19:55:33.090 INFO: [29] org.ice4j.ice.harvest.StunMappingCandidateHarvester.discover: Discovered public address from STUN server using local address This is NOT the local address but must be an upstream provider from our DMZ.

2020-04-06 19:55:33.091 INFO: [20] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Using org.ice4j.ice.harvest.StunMappingCandidateHarvester, face=/, mask=/

Thanks for the quick response. Makes me feel like I can get this to work at some point :slight_smile: The grep of that log file returned some entries with my local and some with my public ip addresses. There is also a line that says - Initialize: Initialized mapping harvesters (delay=30ms). stunDiscoveryFailed=false If failure is false, then I guess it isn’t an issue, but wanted to pass that along.

Isn’t this your public address?

@mowtheairif you see your public address. Maybe the problem is firewall or port forwarding not working … Maybe through the LTE they are dropping udp …

@damencho - I’m forwarding tcp 443, tcp 80 and udp 10000 to my Jitsi Server . Allowing all of those at firewall. outbound unrestricted (NAT)

Have you tried through that LTE same experiment with meet.jit.si? Does it work? Are you runninng the turnserver?

Works well with video over LTE to the meet.jit.si - just tested. As for the turnserver, if it wasn’t part of setup I don’t know that I have it running. I can try to check. - I see “coturn” in init.d - not sure if that helps. Can’t speak to the config or if it is working. - update to this, looking at the turnserver.conf, it shows my external FQDN instead of external IP and tls listening port of 4445 (which probably isn’t opened or forwarded) along with listening port 443

Fresh install… all good as of now! Thanks @damencho

No. Ping meet.wonthaggisc.vic.edu.au… 203.113. 208.59.
Behind department of education firewall, they have allocated that IP address. We have opened all ports between that and the internal. Stun says a different address. What can I tell the central people? Got me stymied.