[jitsi-users] ICE for Media


#1

implement code that would only work for users that have been able to
properly route ports. How many would that be? Less than 1%?.

There are frequent threads on the mailinglist about the ICE failed topic,
and people not wanting relays.

Port forwading really is a trivial task with modern routers today: In the web interface,
select the target computer from the list of devices, then add port numbers to the list of
forwarded ports. (Allowing UPNP for this is a network a security hole.)

if this was to be supported, I expect poor understanding of
NAT traversal issues to quickly

Understanding is already poor without support for port forwarding.
Fear not. The issue can be communicated consistently.

Part of it is changing the technical "ICE failed" error message into something useful,
that lets users know their options. For example:

  This call could not connect with the current setup (ICE failed).
  The tests determined that you are located behind a NAT router of the xxx type.
  The simple solution is to use a provider that relays your communication, or,
  either you or the the remote site would have to forward some specific ports
  on the router.
   The ports currently configured for jitsi are:
   x, y, z, ...

I expect this to discourage many more users
from using Jitsi than it would actually help.

"ICE failed" surely discourages many many users (evaluating testers!) already...
Only a fraction of it come seeking for help, not to speak from
understanding the problem.

So again, when using Jitsi: do not bother forwarding ports.

Unfortunately, in any random group of XMPP using people there will probably be
some with "ICE Failed" setups. So, it is really a pitty, that for the average user
(and thus group) that error message currently rather translates into:
Do not bother with Jitsi, it can not be made to work for everybody.
(sorry to say)

Kind regards,
Chris

(only trying to explain the outside view)

PS: Maybe another solution for Jitsi to Jitsi communication could be to support a
protocol like IAX for media, that does not have all these issues with NAT.

···

Emil Ivov <emcho@jitsi.org> wrote:


#2

implement code that would only work for users that have been able to
properly route ports. How many would that be? Less than 1%?.

There are frequent threads on the mailinglist about the ICE failed topic,
and people not wanting relays.

The point is not that it's impossible to do, but:
- Jitsi doesn't support it and we say so
- We have no resources to implement support for things that require manual
port forwarding. If you want to create something that places a custom IP
address in the INVITE SDP, I guess we'll review it.
- We long wanted to change the message "ICE failed" to something like "ICE
failed and no relay found"

The problem with manual port forwarding is that it might at best help one
user, and this only when ICE is supported for the protocol (which is
currently XMPP only). We aim to provide an out-of-the box solution. Now I
realize we aren't there, but contrary to Skype, we are a client and not a
complete network. Our jit.si server however provides a relay to at least
circumvent this a little. If it works there, the network is okay. Which is
the case for almost everyone.

SIP is another topic. ICE will come (to support WebRTC), but until then
p2p-calls will mandatorily fail outside of your LAN. With ICE it might work
with some luck.

Ingo

···

Port forwading really is a trivial task with modern routers today: In
the web interface, select the target computer from the list of devices,
then add port numbers to the list of forwarded ports. (Allowing UPNP for
this is a network a security hole.)

if this was to be supported, I expect poor understanding of
NAT traversal issues to quickly

Understanding is already poor without support for port forwarding.
Fear not. The issue can be communicated consistently.

Part of it is changing the technical "ICE failed" error message into
something useful,
that lets users know their options. For example:

  This call could not connect with the current setup (ICE failed). The
  tests determined that you are located behind a NAT router of the xxx
  type. The simple solution is to use a provider that relays your
  communication, or, either you or the the remote site would have to
  forward some specific ports on the router.
   The ports currently configured for jitsi are:
   x, y, z, ...

I expect this to discourage many more users
from using Jitsi than it would actually help.

"ICE failed" surely discourages many many users (evaluating testers!)
already... Only a fraction of it come seeking for help, not to speak
from understanding the problem.

So again, when using Jitsi: do not bother forwarding ports.

Unfortunately, in any random group of XMPP using people there will
probably be some with "ICE Failed" setups. So, it is really a pitty,
that for the average user (and thus group) that error message currently
rather translates into: Do not bother with Jitsi, it can not be made to
work for everybody. (sorry to say)

Kind regards,
Chris

(only trying to explain the outside view)

PS: Maybe another solution for Jitsi to Jitsi communication could be to
support a
protocol like IAX for media, that does not have all these issues with NAT.

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users