[jitsi-users] Jitsi meet behind a NAT


#1

Hello,

I'm trying to set up jitsi meet behind a NAT but i'm having some troubles. My setup is the following:

- Installation:

I installed jitsi meet on a debian following the quick setup instructions (https://jitsi.org/Main/InstallJitsiMeetDebianStableRepository).

- Network configuration:

clients --> router --(80/443)--> nginx server --(domain jitsi.mydoman)--> jitsi server
                  \-- (10000-20000 tcp/udp) --> /

(Nginx configuration and port forwarding for udp i guessed from the manual install documentation at: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md. The nginx is necessary to multiplex different subdomains.)
( Also i addedd the org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS and org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS to /etc/jitsi/videobridge/sip-communicator.properties as the manual install mentions for deploying behind a nat)

- Results:
Clients can connect to the site, all participants are shown, the chat works properly, but audio and video do not go through (each client sees it's own feed but non of the others). When more than one client connects to a room the info bubble shows the expected ips and ports and transport udp, but no video or audio goes to the other client nor it's received as expected.
There are no errors or anythng in /var/log/jitsi/jvb.log, only some info messages

Any idea on what could be going wrong or how to figure that out?

Thanks!

Cheers,
Samuele

···

--

--
Samuele Carli
www.csspace.net
--


#2

On your diagram you show ports 10K to 20K go into "domain
jitsi.mydomain" which feels like the nginx. Is this what you are
doing? If so, you need to make sure that they are actually going to
the videobridge.

Also, make sure that messages sent from jvb:10k-20k also get properly
mapped to the exact same port that they were using while leaving the
jvb machine.

Also, have a look at JVBs logs and see if it properly discovers your public IP.

Hope this helps,

Emil

···

On Tue, Jan 24, 2017 at 1:31 PM, Samuele Carli <carlisamuele@csspace.net> wrote:

Hello,

I'm trying to set up jitsi meet behind a NAT but i'm having some troubles. My setup is the following:

- Installation:

I installed jitsi meet on a debian following the quick setup instructions (https://jitsi.org/Main/InstallJitsiMeetDebianStableRepository).

- Network configuration:

clients --> router --(80/443)--> nginx server --(domain jitsi.mydoman)--> jitsi server
                  \-- (10000-20000 tcp/udp) --> /

(Nginx configuration and port forwarding for udp i guessed from the manual install documentation at: https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md. The nginx is necessary to multiplex different subdomains.)
( Also i addedd the org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS and org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS to /etc/jitsi/videobridge/sip-communicator.properties as the manual install mentions for deploying behind a nat)

- Results:
Clients can connect to the site, all participants are shown, the chat works properly, but audio and video do not go through (each client sees it's own feed but non of the others). When more than one client connects to a room the info bubble shows the expected ips and ports and transport udp, but no video or audio goes to the other client nor it's received as expected.
There are no errors or anythng in /var/log/jitsi/jvb.log, only some info messages

Any idea on what could be going wrong or how to figure that out?

Thanks!

Cheers,
Samuele

--
>--
> Samuele Carli
> www.csspace.net
>--

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
https://jitsi.org


#3

On your diagram you show ports 10K to 20K go into "domain
jitsi.mydomain" which feels like the nginx. Is this what you are
doing? If so, you need to make sure that they are actually going to
the videobridge.

ports 10k to 20k are forwarded to the videobridge machine directly from the router, while 80/443 are going through the additional nginx machine.
The final plan would be to forward even the upd through nginx but for the moment that can wait...

Also, make sure that messages sent from jvb:10k-20k also get properly
mapped to the exact same port that they were using while leaving the
jvb machine.

I'm not really sure how to check that; in any case the videobridge machine is routed directly through the router and the router forwards the 10k-20k ports (both tcp and udp just to be sure) directly to the videobridge, so i would guess that mapping should be correct?

Also, have a look at JVBs logs and see if it properly discovers your public IP.

The only mentions of ips in the jvb log are:

JVB 2017-01-24 20:16:04.701 INFO: [15] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize() Using org.ice4j.ice.harvest.MappingCandidateHarvester, face=/10.0.20.10, mask=/87.21.xxx.xxx

JVB 2017-01-24 20:16:04.750 INFO: [1] org.jitsi.impl.configuration.ConfigurationServiceImpl.log() org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=10.0.20.10
JVB 2017-01-24 20:16:04.758 INFO: [1] org.jitsi.impl.configuration.ConfigurationServiceImpl.log() org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=87.21.xxx.xxx

where 87.21.xxx.xxx is the correct public ip, but then

JVB 2017-01-24 20:16:06.945 INFO: [37] org.ice4j.ice.harvest.AbstractUdpListener.<init>() Initialized AbstractUdpListener with address 10.0.20.10:10000/udp. Receive buffer size 106496
JVB 2017-01-24 20:16:06.946 INFO: [37] org.ice4j.ice.harvest.SinglePortUdpHarvester.<init>() Initialized SinglePortUdpHarvester with address 10.0.20.10:10000/udp

so i guess indeed you were right and it's listening on the wrong net? What should i change to hint it in the right direction?

Thank you very much!

Sam

···

On 24/01/17 20:42, Emil Ivov wrote:

--
Samuele Carli
www.csspace.net
--