[jitsi-users] Ejabberd with Videobridge on firewall


#1

We have an Ejabberd server configured with STUN that exists on
firewall/router server. It works great when users are at the office or away
when using standard XMPP Messaging. Using Jitsi we can make video calls on a
one to one bases (and conferencing in another, although quality lacks). This
works with both users out of the office or one user in the office and one
out.
I want to use the videobridge to allow for multi party conferences. In
testing, when all users are at the office, it works fine. When all users
are at home, we get ice errors. I captured the logs and it looks as though
something is not configured correctly somewhere. I'm looking for some
guidance from anyone who has a setup that is similar or who is familiar with
this sort of networking.
Firewall/router uses shorewall, ejabberd, jitsi-videobridge. It has one
public IP and one private. At the office, using SRV users use the private
internal side, and external we use SRV to go to the public address. This
works great. The video bride starts and seems to be happy, but I'm sure
there are ports that need to be configured or some kind of routing?

Thanks in advance for any advice or suggestions. Our experience so far with
all of this is great.

Caleb


#2

Hey Caleb,

You would have to deploy the videobridge on a public IP address.

Hope this helps,
Emil

···

On Thu, Feb 13, 2014 at 10:13 PM, Caleb O'Connell <caleb@privacyassociation.org> wrote:

We have an Ejabberd server configured with STUN that exists on
firewall/router server. It works great when users are at the office or away
when using standard XMPP Messaging. Using Jitsi we can make video calls on a
one to one bases (and conferencing in another, although quality lacks). This
works with both users out of the office or one user in the office and one
out.
I want to use the videobridge to allow for multi party conferences. In
testing, when all users are at the office, it works fine. When all users
are at home, we get ice errors. I captured the logs and it looks as though
something is not configured correctly somewhere. I'm looking for some
guidance from anyone who has a setup that is similar or who is familiar with
this sort of networking.
Firewall/router uses shorewall, ejabberd, jitsi-videobridge. It has one
public IP and one private. At the office, using SRV users use the private
internal side, and external we use SRV to go to the public address. This
works great. The video bride starts and seems to be happy, but I'm sure
there are ports that need to be configured or some kind of routing?

Thanks in advance for any advice or suggestions. Our experience so far with
all of this is great.

Caleb

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
https://jitsi.org


#3

Hi,

Got excited with your talk at FOSDEM recently, so I decided to give it a try !

As a complete newbie in the VoIP world, I innocently tried to deploy jitmeet on a machine behind NAT (several layers, one with my ISP router, another one since I'm trying to install the software inside a natted container).
I made my best to follow "at the letter" the steps described at [1].
The videobridge reacts when starting conferencing (when a second user connects to jitmeet), but I also see ICE errors. I see both pairs on the jitmeet interface, can chat, but the audio/video isn't there.
Suspecting the issue comes from NAT, I looked that way and also tried another STUN server [2] which has an "external IP" setting, suggesting it could be deployed behind NAT. So far no luck.

As nothing about NAT setup is described in [1], I'd be grateful if you could clarify a little bit :
- It is impossible to deploy jitmeet on a natted machine ?
- If yes, is it a matter of functionnality missing from jitmeet/videobridge, or is it just complete non-sense and cannot ever work
- If it is partly possible, what services absolutely need to be deployed on a public IP, and what can be safely hidden (videobridge, stun, xmpp, webapp)

Some feedback about the installation notes (newbie point of view) :
- there are some small inconsistencies between what is described in [1] and the content of files in [4] in the prosody config.
- section 6.45, "configure addresses and ports as desired" could be a little more detailed. a sample turn conf file would have been great.
- section 6.46, why port 80 while it seems to me that stun/turn default port is 3478 ?

My final aim is to package jitmeet for Yunohost [5], a self-hosting oriented distribution based on Debian.
Hope there is a chance it can work, cause the app rocks !

Regards,
Julien

[1] https://docs.google.com/document/d/1iMOvIFBDSPSkL1_dfhND_mXvf3luIex9hepeIpTuLkw/pub
[2] https://code.google.com/p/rfc5766-turn-server/
[3] https://code.google.com/p/rfc5766-turn-server/source/browse/trunk/examples/etc/turnserver.conf#120
[4] https://www.dropbox.com/sh/jgp4s8kp6xuyubr/5FACgJmqLD
[5] https://yunohost.org/#/index

···

On 2014-02-13 22:57, Emil Ivov wrote:

Hey Caleb,

You would have to deploy the videobridge on a public IP address.

Hope this helps,
Emil

On Thu, Feb 13, 2014 at 10:13 PM, Caleb O'Connell > <caleb@privacyassociation.org> wrote:

We have an Ejabberd server configured with STUN that exists on
firewall/router server. It works great when users are at the office or away
when using standard XMPP Messaging. Using Jitsi we can make video calls on a
one to one bases (and conferencing in another, although quality lacks). This
works with both users out of the office or one user in the office and one
out.
I want to use the videobridge to allow for multi party conferences. In
testing, when all users are at the office, it works fine. When all users
are at home, we get ice errors. I captured the logs and it looks as though
something is not configured correctly somewhere. I'm looking for some
guidance from anyone who has a setup that is similar or who is familiar with
this sort of networking.
Firewall/router uses shorewall, ejabberd, jitsi-videobridge. It has one
public IP and one private. At the office, using SRV users use the private
internal side, and external we use SRV to go to the public address. This
works great. The video bride starts and seems to be happy, but I'm sure
there are ports that need to be configured or some kind of routing?

Thanks in advance for any advice or suggestions. Our experience so far with
all of this is great.

Caleb

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

Hey there,

Hi,

Got excited with your talk at FOSDEM recently, so I decided to give it a try
!

As a complete newbie in the VoIP world, I innocently tried to deploy jitmeet
on a machine behind NAT (several layers, one with my ISP router, another one
since I'm trying to install the software inside a natted container).
I made my best to follow "at the letter" the steps described at [1].
The videobridge reacts when starting conferencing (when a second user
connects to jitmeet), but I also see ICE errors. I see both pairs on the
jitmeet interface, can chat, but the audio/video isn't there.
Suspecting the issue comes from NAT, I looked that way and also tried
another STUN server [2] which has an "external IP" setting, suggesting it
could be deployed behind NAT. So far no luck.

As nothing about NAT setup is described in [1], I'd be grateful if you could
clarify a little bit :
- It is impossible to deploy jitmeet on a natted machine ?

It can, since recently, run on a server that is fronted by a NAT with
1-to-1 static port mapping policies (that is: all ports on the public
IP redirect traffic to ports on the internal one).

Note that this is different from a residential NAT where port mapping
procedures are optimised for outbound traffic.

- If yes, is it a matter of functionnality missing from jitmeet/videobridge,
or is it just complete non-sense and cannot ever work

Note that Jitsi Videobridge requires significant bandwidth, so while
it could in theory be easily made to run behind most (not all) NATs
this is likely to be of little use as most residential connections
rarely have the capacity to send more than a single video stream.

That is, after all, why Jitsi Videobridge exists in the first place.

- If it is partly possible, what services absolutely need to be deployed on
a public IP, and what can be safely hidden (videobridge, stun, xmpp, webapp)

We don't require STUN for JitMeet. All the others can be run behind a
NAT with static forwarding (but it would be best to run them on a
public IP).

Some feedback about the installation notes (newbie point of view) :
- there are some small inconsistencies between what is described in [1] and
the content of files in [4] in the prosody config.
- section 6.45, "configure addresses and ports as desired" could be a little
more detailed. a sample turn conf file would have been great.

Good point. Can anyone provide one?

- section 6.46, why port 80 while it seems to me that stun/turn default port
is 3478 ?

The point of having TURN at all is to allow clients to connect from
more restrictive networks where port 80 is among the few that are
authorised for outbound traffic. Having TURN run on port 3478 would
provide little benefit over connecting directly to the bridge.

My final aim is to package jitmeet for Yunohost [5], a self-hosting oriented
distribution based on Debian.
Hope there is a chance it can work, cause the app rocks !

Thanks for you kind words! Very glad you like it!

Cheers,
Emil

···

On Fri, Feb 14, 2014 at 10:15 AM, jmalik <julien.malik@paraiso.me> wrote:

Regards,
Julien

[1]
https://docs.google.com/document/d/1iMOvIFBDSPSkL1_dfhND_mXvf3luIex9hepeIpTuLkw/pub
[2] https://code.google.com/p/rfc5766-turn-server/
[3]
https://code.google.com/p/rfc5766-turn-server/source/browse/trunk/examples/etc/turnserver.conf#120
[4] https://www.dropbox.com/sh/jgp4s8kp6xuyubr/5FACgJmqLD
[5] https://yunohost.org/#/index

On 2014-02-13 22:57, Emil Ivov wrote:

Hey Caleb,

You would have to deploy the videobridge on a public IP address.

Hope this helps,
Emil

On Thu, Feb 13, 2014 at 10:13 PM, Caleb O'Connell >> <caleb@privacyassociation.org> wrote:

We have an Ejabberd server configured with STUN that exists on
firewall/router server. It works great when users are at the office or
away
when using standard XMPP Messaging. Using Jitsi we can make video calls
on a
one to one bases (and conferencing in another, although quality lacks).
This
works with both users out of the office or one user in the office and one
out.
I want to use the videobridge to allow for multi party conferences. In
testing, when all users are at the office, it works fine. When all users
are at home, we get ice errors. I captured the logs and it looks as
though
something is not configured correctly somewhere. I'm looking for some
guidance from anyone who has a setup that is similar or who is familiar
with
this sort of networking.
Firewall/router uses shorewall, ejabberd, jitsi-videobridge. It has one
public IP and one private. At the office, using SRV users use the
private
internal side, and external we use SRV to go to the public address. This
works great. The video bride starts and seems to be happy, but I'm sure
there are ports that need to be configured or some kind of routing?

Thanks in advance for any advice or suggestions. Our experience so far
with
all of this is great.

Caleb

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
https://jitsi.org