[jitsi-users] ICE Failed error during voice call in private APN network


#1

Hi,
I would like deploy Openfire/Jitsi over a private APN (access point name) network. Server and client are between routers that are connected by private GSM network (no access to internet).

Connecting server and client using public APN (with internet access), IM and voice calls works. The necessary port forwarding for Openfire has been configured.
Connecting server and client using private APN, IM works. voice call will fail with "ICE failed and no relay found" error. I tried to configure STUN server with Openfire STUN plugin but the same error occurs.
Does anyone knows what is the criteria to establish voice call successfully in a private GSM network environment? i guess this is different from LAN because there is NAT traversal but i am not sure what are the additional services needed for voice call to be established through NAT traversal.
One more question: if this private GSM network contains a IPv6 DHCP server. Openfire server and jitsi clients are assigned an IPv6 address. Will i be able to establish voice call successfully?
Thanks and Best Regards,FH


#2

I would like deploy Openfire/Jitsi over a private APN (access point name)
network. Server and client are between routers that are connected by private
GSM network (no access to internet).

Connecting server and client using public APN (with internet access), IM
and voice calls works. The necessary port forwarding for Openfire has
been configured.

Connecting server and client using private APN, IM works. voice call will
fail with "ICE failed and no relay found" error. I tried to configure STUN
server with Openfire STUN plugin but the same error occurs.

I don't think STUN is going to help if you don't have a public connection at all. The ICE failure means that there was no pair of IP addresses that was capable of establishing a connection.

Does anyone knows what is the criteria to establish voice call successfully
in a private GSM network environment?

The clients must be able to reach each other with any of the available IP addresses.

i guess this is different from LAN
because there is NAT traversal but i am not sure what are the additional
services needed for voice call to be established through NAT traversal.

One more question: if this private GSM network contains a IPv6 DHCP server.
Openfire server and jitsi clients are assigned an IPv6 address. Will i be
able to establish voice call successfully?

This is possible as long as there's no firewall between the clients that would prevent traffic.

Thanks and Best Regards,
FH

Ingo


#3

Hi Ingo,
Thank alot for your response.

From what i understand from your reply. Jitsi voice call requires public internet connection (clients and servers behind NAT routers). Jitsi will also work in a private LAN environment (no NAT routers, no internet access)

Do you think setting up a peer to peer VPN connection will solve the voice call issue?
Best Regards,FH

···

From: Ingo Bauersachs <ingo@jitsi.org>
To: 'Lim Fei Huang' <feih@ymail.com>; 'Jitsi Users' <users@jitsi.org>
Sent: Wednesday, 25 January 2017, 6:41
Subject: RE: [jitsi-users] ICE Failed error during voice call in private APN network
   

I would like deploy Openfire/Jitsi over a private APN (access point name)
network. Server and client are between routers that are connected by private
GSM network (no access to internet).

Connecting server and client using public APN (with internet access), IM
and voice calls works. The necessary port forwarding for Openfire has
been configured.

Connecting server and client using private APN, IM works. voice call will
fail with "ICE failed and no relay found" error. I tried to configure STUN
server with Openfire STUN plugin but the same error occurs.

I don't think STUN is going to help if you don't have a public connection at all. The ICE failure means that there was no pair of IP addresses that was capable of establishing a connection.

Does anyone knows what is the criteria to establish voice call successfully
in a private GSM network environment?

The clients must be able to reach each other with any of the available IP addresses.

i guess this is different from LAN
because there is NAT traversal but i am not sure what are the additional
services needed for voice call to be established through NAT traversal.

One more question: if this private GSM network contains a IPv6 DHCP server.
Openfire server and jitsi clients are assigned an IPv6 address. Will i be
able to establish voice call successfully?

This is possible as long as there's no firewall between the clients that would prevent traffic.

Thanks and Best Regards,
FH

Ingo


#4

Thank alot for your response.

From what i understand from your reply. Jitsi voice call requires public
internet connection (clients and servers behind NAT routers).

Not necessarily public internet. I'm not familiar enough with how STUN behaves without it though.

Jitsi will also
work in a private LAN environment (no NAT routers, no internet access)

Do you think setting up a peer to peer VPN connection will solve the voice
call issue?

There are a couple of options:
- Have a STUN server (pre)configured that returns the client's "public" address (i.e. the one in front of the NAT)
- Install Jingle Nodes on your Openfire server [1]
- Open a VPN between the clients

If the traffic of the VPN would pass through a central server (as opposed to a peer-2-peer connection), you're better off with the Jingle Nodes plugin to relay the voice traffic.

Best Regards,
FH

Ingo

[1] https://www.igniterealtime.org/projects/openfire/plugins.jsp


#5

Hi Ingo,
For your info. i managed to implement a peer to peer connection and the voice call manage to work correctly. A problem now is that the establishment of voice call takes almost 30 secs. how can i improve the timing.
under jitsi-Account- ICE tab, i have untick all options.(i was getting 2 minutes connection time when "use ICE" option was ticked.
Thanks for your help!
Regards,FH

···

From: Ingo Bauersachs <ingo@jitsi.org>
To: 'Jitsi Users' <users@jitsi.org>
Cc: 'Lim Fei Huang' <feih@ymail.com>
Sent: Friday, 27 January 2017, 7:00
Subject: RE: [jitsi-users] ICE Failed error during voice call in private APN network
   

Thank alot for your response.

From what i understand from your reply. Jitsi voice call requires public
internet connection (clients and servers behind NAT routers).

Not necessarily public internet. I'm not familiar enough with how STUN behaves without it though.

Jitsi will also
work in a private LAN environment (no NAT routers, no internet access)

Do you think setting up a peer to peer VPN connection will solve the voice
call issue?

There are a couple of options:
- Have a STUN server (pre)configured that returns the client's "public" address (i.e. the one in front of the NAT)
- Install Jingle Nodes on your Openfire server [1]
- Open a VPN between the clients

If the traffic of the VPN would pass through a central server (as opposed to a peer-2-peer connection), you're better off with the Jingle Nodes plugin to relay the voice traffic.

Best Regards,
FH

Ingo

[1] https://www.igniterealtime.org/projects/openfire/plugins.jsp


#6

For your info. i managed to implement a peer to peer connection and the voice
call manage to work correctly. A problem now is that the establishment of
voice call takes almost 30 secs. how can i improve the timing.

I don't think there's a configurable timeout for the ICE agents in Jitsi. The best bet would probably be to configure the network in a way that allows fast resolution of a connection.

under jitsi-Account- ICE tab, i have untick all options.(i was getting 2
minutes connection time when "use ICE" option was ticked.

Thanks for your help!

Regards,
FH

Ingo


#7

Hi Ingo,
thank you so much for the valuable advice so far.
As a update: In a peer to peer VPN connection, voice call between clients managed to connect immediately after disabling 'user ICE" option as well as 'Enabling parallel DNS resolving" option inside Advanced->DNS-> Parallel DNS tab.
Best Regards,FH

···

From: Ingo Bauersachs <ingo@jitsi.org>
To: 'Jitsi Users' <users@jitsi.org>
Cc: 'Lim Fei Huang' <feih@ymail.com>
Sent: Wednesday, 15 February 2017, 3:48
Subject: RE: [jitsi-users] ICE Failed error during voice call in private APN network
   

For your info. i managed to implement a peer to peer connection and the voice
call manage to work correctly. A problem now is that the establishment of
voice call takes almost 30 secs. how can i improve the timing.

I don't think there's a configurable timeout for the ICE agents in Jitsi. The best bet would probably be to configure the network in a way that allows fast resolution of a connection.

under jitsi-Account- ICE tab, i have untick all options.(i was getting 2
minutes connection time when "use ICE" option was ticked.

Thanks for your help!

Regards,
FH

Ingo