[jitsi-users] Trying to make SIP call, but jitsi doesn't work like a phone


#1

A friend told me today I can call him at sip:blah@blah.com, so I
started looking for a client for my Ubuntu laptop that can do that.
Jitsi seemed an obvious choice, particularly for its zrtp support.
But it won't make such calls for me.

I start it from the "Applications" menu. It comes up with a window
full of social networking services, none of which I am on, nor want to
be on, so I hit "cancel". Then up comes a Jitsi window with a text
box and an "Add contact" button. I tried typing sip:blah@blah.com
into the text box and hitting ENTER but it pops up an error box and
wants me to "Add a contact". But it won't even do that unless I
"Select account" (I don't want or need an account) and "Select group"
(i have no idea what a group is, or why I would need one).

The result is I can't add the contact, nor can I make a call.

I was looking for something that worked more like a phone, like, you
start it, type in the address you're calling, and it connects you.
(For now I don't want to be called back, which I perhaps would require
some kind of setup somewhere. I just want to make calls.)

Clue me in here. How does one make a SIP phone call with this
nonobvious piece of software?

  John Gilmore

PS: It was a pain to install on Ubuntu 11.04. You didn't put it in a
PPA, and requested that people not add the repo manually. So as
instructed, I downloaded the .deb file and added it manually with
"dpkg -i". But it needed a few dependencies, so dpkg couldn't
configure it. I tried adding them with "apt-get install openjdk-6-jre
libxalan2-java jitsi" but that failed. Luckily apt-get suggested that
I run "apt-get -f install" with no arguments to straighten everything
out. This ended up downloading 43 megs of dependencies of the
dependencies, and eventually did configure jitsi and make it runnable.
Maybe you can simplify this for the next guy -- or at least tell them
the recipe rather than having them stumble around discovering it.


#2

A friend told me today I can call him at sip:blah@blah.com, so I
started looking for a client for my Ubuntu laptop that can do that.
Jitsi seemed an obvious choice, particularly for its zrtp support.
But it won't make such calls for me.

I start it from the "Applications" menu. It comes up with a window
full of social networking services, none of which I am on, nor want to
be on, so I hit "cancel". Then up comes a Jitsi window with a text
box and an "Add contact" button. I tried typing sip:blah@blah.com
into the text box and hitting ENTER but it pops up an error box and
wants me to "Add a contact". But it won't even do that unless I
"Select account" (I don't want or need an account) and "Select group"
(i have no idea what a group is, or why I would need one).

You *have* to have a SIP account in order to be able to make a call.
when you want to call blah@blah.com directly, you sometimes even need an
account at blah.com.

The result is I can't add the contact, nor can I make a call.

I was looking for something that worked more like a phone, like, you
start it, type in the address you're calling, and it connects you.
(For now I don't want to be called back, which I perhaps would require
some kind of setup somewhere. I just want to make calls.)

Jitsi is exactly like a normal phone. I use it that way. Try maybe
fastvoip.com for your purpose, but there are many SIP providers.

Clue me in here. How does one make a SIP phone call with this
nonobvious piece of software?

  John Gilmore

PS: It was a pain to install on Ubuntu 11.04. You didn't put it in a
PPA, and requested that people not add the repo manually. So as
instructed, I downloaded the .deb file and added it manually with
"dpkg -i". But it needed a few dependencies, so dpkg couldn't
configure it. I tried adding them with "apt-get install openjdk-6-jre
libxalan2-java jitsi" but that failed. Luckily apt-get suggested that
I run "apt-get -f install" with no arguments to straighten everything
out. This ended up downloading 43 megs of dependencies of the
dependencies, and eventually did configure jitsi and make it runnable.
Maybe you can simplify this for the next guy -- or at least tell them
the recipe rather than having them stumble around discovering it.

install "sun-java6-plugin" and then run
"sudo update-alternatives --config java"
That installs oracle's java engine, which jitsi is developed for, and
the second command lets you make that your default java engine, since
you also have openjdk.

···

Am 2011-07-15 06:27, schrieb John Gilmore:

--
     Martin Kepplinger

E-Mail & Jabber martinkepplinger AT eml.cc
GPG Key C351 C100 D7B5 7F2A 1E26
diaspora handle martinkepplinger AT joindiaspora.com


#3

A friend told me today I can call him at sip:blah@blah.com, so I
started looking for a client for my Ubuntu laptop that can do that.
Jitsi seemed an obvious choice, particularly for its zrtp support.
But it won't make such calls for me.

I start it from the "Applications" menu. It comes up with a window
full of social networking services, none of which I am on, nor want to
be on, so I hit "cancel".

Since you want to use the SIP protocol to call your friend, you'll
have to create a SIP account in Jitsi. Either in the SIP section of
the "window full of social networking services" or in the "Add new
account" dialog which appears after clicking File > Add new account
and in which you have to select SIP from the Network combo, you'll
have to configure the SIP account in question. It's usually much more
convenient to have a SIP account on one of the many freely available
providers but since you don't seem to want to do that, you can just
start by typing a SIP id of your choosing without @ (for example, I
type in lyubomir) and leaving the password blank which will result in
the creation of a "RegistrarLess SIP" account. Then you can type
sip:blah@blah.com in the field "Enter name or number" and click the
"Call contact" button.

"Select account" (I don't want or need an account)

Once you've created a RegistrarLess SIP account (which is purely local
to Jitsi and doesn't tie you to any provider in the Internet), you can
select it to complete the adding of the new contact.

and "Select group"
(i have no idea what a group is, or why I would need one).

The "Select group" combo has "No group" preselected so you don't have
to select a group if you don't want to.

I was looking for something that worked more like a phone, like, you
start it, type in the address you're calling, and it connects you.
(For now I don't want to be called back, which I perhaps would require
some kind of setup somewhere. I just want to make calls.)

Well, what I understand from your description is that you don't want
to register with a SO{ provider and I wouldn't think of it as being
exactly the same as a telephone - for what it's worth, you cannot
simply get a telephone machine and start calling just about any people
without, for example, connecting to a cable/plugging in a SIM card and
registering with a telephony provider.

···

On Fri, Jul 15, 2011 at 7:27 AM, John Gilmore <gnu@toad.com> wrote:


#4

Thank you for your response. I was able to make a "RegistrarLess SIP"
account and attempt a SIP call. (It still didn't work, but that's
probably the fault of the other end.)

Could Jitsi perhaps default to making registrarless SIP calls, without
the user having to manually ask it to do so?

This might aid others in debugging -- if you didn't even need a
registrar, nor to register with them, nor to debug THAT part of your
SIP system, in order to make your first calls and see some success out
of trying to use the program. It would improve the "out of box
experience", i.e. what a naive user has to do to take the product out
of its cardboard box and get it to do something useful for the first
time.

> I was looking for something that worked more like a phone, like, you
> start it, type in the address you're calling, and it connects you.

Well, what I understand from your description is that you don't want
to register with a SO{ provider and I wouldn't think of it as being
exactly the same as a telephone - for what it's worth, you cannot
simply get a telephone machine and start calling just about any people
without, for example, connecting to a cable/plugging in a SIM card and
registering with a telephony provider.

OK, then think of a web browser, where I can start Firefox for the
first time, not go through any "wizards", just put in a URL and it
takes me to the web page.

Or like ssh, which doesn't require setup or "making an originating
account", it just requires the destination name@host.com and it
connects you and you can type your password and log in, as if you were
sitting at the destination machine. Your originating account is your
IP address. Of course, if you want to, you can generate public keys
and set options and do all kinds of more complicated stuff -- but it
makes simple operations simple, saving the complexity for those who need
it.

Thanks for your work on Jitsi. I wouldn't be taking the time to
critique the "out of box experience" if I didn't think it was a cool
program with real potential. I know I'll never see it in the same
light again -- I'll get used to its quirks -- so if I'm going to tell
you at all, I have to tell you now, while I can still see it with a
beginner's mind.

  John

PS: After I suspended the laptop and then resumed it, it complained
that it "lost network connectivity" (bug2) (with a pop-up that stayed
up until I clicked to make it go away, rather than using the transient
notifications like NetworkManager uses - bug3) and it also apparently
"logged me out" of my "Registrarless SIP account" (bug4). After
resuming, it wouldn't let me attempt any calls, demanding that I log
in to one of "my accounts" (bug5). Since I have no accounts, this was
quite confusing (bug6). I tried going through the "Add account"
dialogue again, but it reported that I already had one named "john".
So then I had to figure out that you have to click on the thing next
to the "me" icon and go to the bottom of it and select the fake SIP
account and claim to be "online". I thought that THAT gadget was for
presence reporting to others -- not to limit what the local user can
do. If the local user asks to make a call when not "online" on their
fake SIP account, why can't they just make a call? Or just "go
online" and make a call, without having to manually "go online"?


#5

Going forward this issue will be moot. I´m sure you´re aware that
OpenJDK v7 will be _the_ JDK7 reference implementation.

Leaving aside some proprietary bits like Java Web Start that are
handled by different code bases, the rest of the JRE should be based
on the same foundation, both on the freeware JRE from Java.com, and
also the OpenJDK...

Just my $0.02
FC

···

On Fri, Jul 15, 2011 at 06:23, Martin Kepplinger <martinkepplinger@eml.cc> wrote:

install "sun-java6-plugin" and then run
"sudo update-alternatives --config java"
That installs oracle's java engine, which jitsi is developed for,


#6

Hey John,

На 16.07.11 04:04, John Gilmore написа:

Thank you for your response. I was able to make a "RegistrarLess SIP"
account and attempt a SIP call. (It still didn't work, but that's
probably the fault of the other end.)

Not necessarily. We do not currently implement ICE for SIP so
RegistrarLess SIP accounts have no NAT traversal (contrary to regular
SIP accounts where most servers would take care of that for you). My
guess would be that, unless you have reason to believe otherwise, this
is the most likely cause for the failure.

Could Jitsi perhaps default to making registrarless SIP calls, without
the user having to manually ask it to do so?

RegistrarLess SIP accounts are only meant for debugging and users who
know what they are doing. They do NOT represent the common SIP use case
that's prevailing on the Internet and would hence be useless to the
majority of the users out there.

Making RegistrarLess SIP enabled by default would hence mean that Jitsi
ships in a form where users would make calls that will all fail.

I was looking for something that worked more like a phone, like, you
start it, type in the address you're calling, and it connects you.

Well, what I understand from your description is that you don't want
to register with a SO{ provider and I wouldn't think of it as being
exactly the same as a telephone - for what it's worth, you cannot
simply get a telephone machine and start calling just about any people
without, for example, connecting to a cable/plugging in a SIM card and
registering with a telephony provider.

OK, then think of a web browser, where I can start Firefox for the
first time, not go through any "wizards", just put in a URL and it
takes me to the web page.

Or like ssh, which doesn't require setup or "making an originating
account", it just requires the destination name@host.com and it
connects you and you can type your password and log in, as if you were
sitting at the destination machine. Your originating account is your
IP address. Of course, if you want to, you can generate public keys
and set options and do all kinds of more complicated stuff -- but it
makes simple operations simple, saving the complexity for those who need
it.

Both SSH and HTTP differ from SIP in that the majority of the services
you connect to are either on the public internet or directly resolvable
through your local DNS. Such services are also mostly static and they
rarely move across networks.

Most of your SIP peers however would be behind a NAT, potentially
connected from many devices and possibly frequently changing location.
DNS is not meant for that kind of use which is why you need registrars.
If you want to be called in a reasonably user-friendly way - you need to
have one.

If you want to call people but not necessarily be reached then you may
be able, in theory, to get by without a registrar. In practice however,
you'd still be in trouble. You'd need ICE, which we currently only have
for XMPP, and even when we do add it for SIP, you'd still need a TURN
server on the public internet so that you could fall back to it when a
direct connection is not possible.

It was also already mentioned that, in order to call their subscribers,
many VoIP providers require you to have an account with them and
wouldn't let you do so directly from the internet, even when this is
technically possible.

Finally, there's also the PSTN. Many people use SIP primarily in order
to make cheap calls to the PSTN. Such calls have a cost that someone
needs to cover and I have yet to see a provider that would allow use of
their network to anyone on the Internet (minus the promotional 5 minutes
a day that some allow every now and then).

Thanks for your work on Jitsi. I wouldn't be taking the time to
critique the "out of box experience" if I didn't think it was a cool
program with real potential. I know I'll never see it in the same
light again -- I'll get used to its quirks -- so if I'm going to tell
you at all, I have to tell you now, while I can still see it with a
beginner's mind.

Thank you for your kind words and support! We do appreciate your feedback!

  John

PS: After I suspended the laptop and then resumed it, it complained
that it "lost network connectivity" (bug2)

Why is this a bug? It did lose connectivity while it was in standby
didn't it?

(with a pop-up that stayed
up until I clicked to make it go away, rather than using the transient
notifications like NetworkManager uses - bug3)

Lyubo, are we supposed to be using the native gnome notifications? John,
were you using Gnome or KDE?

(incidentally, developers are generally sensitive when people make
feature requests and call them bugs :wink: )

and it also apparently
"logged me out" of my "Registrarless SIP account" (bug4).

Yes we do that when we lose network connecitvity. We log out all
accounts and connect them again when connectivity comes back. Didn't
this happen when your connectivity resumed?

After
resuming, it wouldn't let me attempt any calls, demanding that I log
in to one of "my accounts" (bug5).

Again, this is how it is supposed to work. If none of your accounts are
on, then there's no way for us to call.

Since I have no accounts, this was
quite confusing (bug6).

You had the registrarless right? You should have turned that one on.

I tried going through the "Add account"
dialogue again, but it reported that I already had one named "john".
So then I had to figure out that you have to click on the thing next
to the "me" icon and go to the bottom of it and select the fake SIP
account and claim to be "online". I thought that THAT gadget was for
presence reporting to others -- not to limit what the local user can
do. If the local user asks to make a call when not "online" on their
fake SIP account, why can't they just make a call?

RegistrarLess accounts are very rarely used so you can see them as a
hack to allow people who are absolutely determined not to use Jitsi
without a server. Although they don't require one, they do look and feel
like regular accounts. In other words, you need to turn them on to make
calls. This will open the sockets, start the listening points, and
basically do the initialization.

Cheers,
Emil


#7

Hi John,

I understand your beginner's viewpoint. The Internet was never designed to do what
it is doing today. It was never designed to be a public network nor to carry voice.

This has caused many problems and troubles.

Every device connected to the Internet requires a unique identifier (IP address).
When it became apparent that these IP numbers would run out and no longer be
available, an urgent solution was needed. The solution is called NAT and is kind of
like an extension cord. You plug one plug into the electricity socket and like magic
you now have 6 electricity sockets. This magic device is called a router and it can
multiply one IP address into many, sufficient even for a large corporation or university.
The price to pay is that this multiplication of IP addresses prevents most users from
being connected directly to the Internet, like Web servers that are directly connected.

Many protocols were designed before NAT became necessary. In particular, SIP
has extreme difficulties to be translated through a router. This is the reason to use
SIP servers. If you desire "serverless" than your partner must be connected directly
to the Internet and not a router. They would need a very good firewall because within
30 seconds of being connected directly, their computer would already be probed
by hacker's automated attacks. Basically nobody is directly connected to the Internet.

The next big problem is that even with routers and IP address translation, the present
Internet protocol 4 will finally run out of addresses in 2011 / 2012 time frame. It will
soon be necessary to switch over to protocol version 6. This will solve many problems
of the present Internet, but during the transition there will be certainly be a learning
curve and you may have to buy new hardware and install new software. Your SIP problems
will be gone, but .there will be others to solve. An opportunity to learn new things.

Hardware and software are never boring, always new things to discover and learn.

Regards, Earl

···

On 7/16/2011 4:04 AM, John Gilmore wrote:

Thank you for your response. I was able to make a "RegistrarLess SIP"
account and attempt a SIP call. (It still didn't work, but that's
probably the fault of the other end.)

Could Jitsi perhaps default to making registrarless SIP calls, without
the user having to manually ask it to do so?

[snip]


#8

(with a pop-up that stayed
up until I clicked to make it go away, rather than using the transient
notifications like NetworkManager uses - bug3)

Lyubo, are we supposed to be using the native gnome notifications? John,
were you using Gnome or KDE?

The support for the freedesktop.org Desktop Notificaitons
Specification in Jitsi may not be automatically selected as the
default because it scores equal to Jitsi's Swing notifications due to
the former's lack of functionality to report notification clicks back
to Jitsi. It does not look at whether GNOME or KDE is the desktop
environment in use. Anyway, John can still select it in Tools >
Options, General, Popup notifications type in order to have Jitsi use
"the transient notifications like NetworkManager uses."


#9

Everyone using ADSL in Argentina is "directly connected to the
Internet". Users that accept what the ISP gives them without adding
anything are hooking their Ethernet enabled ADSL modem to the PC
directly (no router, no NAT firewall), and establishing a PPPoE
session to the DSLAM, where they get a dynamic, but public IP.

The same happens with people who connect their PC directly to their
cable modem which uses DHCP. No NAT.

FC

···

On Sat, Jul 16, 2011 at 09:47, Earl <Large.Files@gmx.net> wrote:

Basically nobody is directly connected to the Internet.


#10

How do families or companies use the Internet if only one computer
is allowed to be connected to a unique WAN IP ?

I have a ADSL modem with no NAT which is directly connected to the
Internet with a fixed IP nr, but I can not use it this way since my wife
would not be able to connect her computer if I am connected.
I must use a router so my wife and I can both use the Internet at the
same time

Every device connected to the Internet must have an unique IP number
so it is impossible to connect two devices without having two ADSL
lines or without a router. Using an Ethernet switch is not sufficient to
share one WAN IP number with two or more computers, a router is
necessary.

If there is only one user for each ADSL modem, then no problem if
no router, but a well-adjusted software firewall is an absolute
necessity. No family can share an ADSL modem without a router
since each family member's computer must have a different and
unique IP number.

Earl

···

On 7/16/2011 6:47 PM, Fernando Cassia wrote:

On Sat, Jul 16, 2011 at 09:47, Earl<Large.Files@gmx.net> wrote:

  Basically nobody is directly connected to the Internet.

Everyone using ADSL in Argentina is "directly connected to the
Internet". Users that accept what the ISP gives them without adding
anything are hooking their Ethernet enabled ADSL modem to the PC
directly (no router, no NAT firewall), and establishing a PPPoE
session to the DSLAM, where they get a dynamic, but public IP.

The same happens with people who connect their PC directly to their
cable modem which uses DHCP. No NAT.

FC


#11

sorry if previous msg went out in HTML format, my mistake.

How do families or companies use the Internet if only one computer
is allowed to be connected to a unique WAN IP ?

I have a ADSL modem with no NAT which is directly connected to the
Internet with a fixed IP nr, but I can not use it this way since my wife
would not be able to connect her computer if I am connected.
I must use a router so my wife and I can both use the Internet at the
same time

Every device connected to the Internet must have an unique IP number
so it is impossible to connect two devices without having two ADSL
lines or without a router. Using an Ethernet switch is not sufficient to
share one WAN IP number with two or more computers, a router is
necessary.

If there is only one user for each ADSL modem, then no problem if
no router, but a well-adjusted software firewall is an absolute
necessity. No family can share an ADSL modem without a router
since each family member's computer must have a different and
unique IP number.

Earl

···

On 7/16/2011 6:47 PM, Fernando Cassia wrote:

On Sat, Jul 16, 2011 at 09:47, Earl<Large.Files@gmx.net> wrote:

  Basically nobody is directly connected to the Internet.

Everyone using ADSL in Argentina is "directly connected to the
Internet". Users that accept what the ISP gives them without adding
anything are hooking their Ethernet enabled ADSL modem to the PC
directly (no router, no NAT firewall), and establishing a PPPoE
session to the DSLAM, where they get a dynamic, but public IP.

The same happens with people who connect their PC directly to their
cable modem which uses DHCP. No NAT.

FC


#12

This is what STUN is for.

When you configure a STUN server, jitsi contacts it before placing the call.

This makes your router establish an outbound / inbound connection mapping on it’s internet facing interface.

The STUN server can see the outside address and port, and it sends this back to the stun client.

Your messaging client uses the information from the stun server to correctly format a message that will allow remote parties to reach it.

Neil

···

-----Original Message-----
From: Earl [mailto:Large.Files@gmx.net]
Sent: Monday, 18 July 2011 12:11 AM
To: users@jitsi.java.net
Subject: [jitsi-users] Re: Trying to make SIP call, but jitsi doesn't work like a phone

sorry if previous msg went out in HTML format, my mistake.

How do families or companies use the Internet if only one computer
is allowed to be connected to a unique WAN IP ?

I have a ADSL modem with no NAT which is directly connected to the
Internet with a fixed IP nr, but I can not use it this way since my wife
would not be able to connect her computer if I am connected.
I must use a router so my wife and I can both use the Internet at the
same time

Every device connected to the Internet must have an unique IP number
so it is impossible to connect two devices without having two ADSL
lines or without a router. Using an Ethernet switch is not sufficient to
share one WAN IP number with two or more computers, a router is
necessary.

If there is only one user for each ADSL modem, then no problem if
no router, but a well-adjusted software firewall is an absolute
necessity. No family can share an ADSL modem without a router
since each family member's computer must have a different and
unique IP number.

Earl

On 7/16/2011 6:47 PM, Fernando Cassia wrote:

On Sat, Jul 16, 2011 at 09:47, Earl<Large.Files@gmx.net> wrote:

  Basically nobody is directly connected to the Internet.

Everyone using ADSL in Argentina is "directly connected to the
Internet". Users that accept what the ISP gives them without adding
anything are hooking their Ethernet enabled ADSL modem to the PC
directly (no router, no NAT firewall), and establishing a PPPoE
session to the DSLAM, where they get a dynamic, but public IP.

The same happens with people who connect their PC directly to their
cable modem which uses DHCP. No NAT.

FC


#13

To do that NAT (Network Address Translation) is used:
http://en.wikipedia.org/wiki/Network_address_translation

If you are prepared to use XMPP Jingle instead of SIP then the universal
solution to solve problems NAT and Firewalls create for P2P media
streams is to have an XMPP Jingle Node provided by the XMPP service.

Cheers,
Andreas

···

---

Am 17.07.2011 18:11, schrieb Earl:

sorry if previous msg went out in HTML format, my mistake.

How do families or companies use the Internet if only one computer
is allowed to be connected to a unique WAN IP ?

I have a ADSL modem with no NAT which is directly connected to the
Internet with a fixed IP nr, but I can not use it this way since my wife
would not be able to connect her computer if I am connected.
I must use a router so my wife and I can both use the Internet at the
same time

Every device connected to the Internet must have an unique IP number
so it is impossible to connect two devices without having two ADSL
lines or without a router. Using an Ethernet switch is not sufficient to
share one WAN IP number with two or more computers, a router is
necessary.

If there is only one user for each ADSL modem, then no problem if
no router, but a well-adjusted software firewall is an absolute
necessity. No family can share an ADSL modem without a router
since each family member's computer must have a different and
unique IP number.

Earl

On 7/16/2011 6:47 PM, Fernando Cassia wrote:

On Sat, Jul 16, 2011 at 09:47, Earl<Large.Files@gmx.net> wrote:

  Basically nobody is directly connected to the Internet.

Everyone using ADSL in Argentina is "directly connected to the
Internet". Users that accept what the ISP gives them without adding
anything are hooking their Ethernet enabled ADSL modem to the PC
directly (no router, no NAT firewall), and establishing a PPPoE
session to the DSLAM, where they get a dynamic, but public IP.

The same happens with people who connect their PC directly to their
cable modem which uses DHCP. No NAT.

FC


#14

Hi Emil,

STUN does not work for symmetric NATs, so it is possible that ICE
and Jingle Nodes will also not function for symmetric NATs. ??

Your comment implies that one should *NOT* uncheck the USE ICE box.
I almost unchecked this thinking that Jingle Nodes is "better" than ICE
and therefore ICE is no longer necessary.

In ICE CONFIGURATION, the only box I unchecked is uPnP since
my rounter also has uPNP disabled as I consider uPnP to be too
great a security risk.

Yes, my last post was for Fernando. In fact, my comments apply for all
TCP/IP networks, not just the Internet.

Earl

···

On 7/18/2011 8:20 AM, Emil Ivov wrote:

For the record: by themselves neither STUN nor Jingle Nodes are "universal" NAT traversal solutions. Both are meant to work as part of ICE. ICE negotiation between two peers may or may not end up using either of them.

Also for the record, I don't think Earl was asking for a NAT traversal algorithm. I believe his question was addressed to Fernando and his claim that the majority of the subscribers in Argentina used the Internet with public IPv4 addresses and without NAT.

Emil


#15

Dear Earl,

I appreciate your lecture on NAT, I´m perfectly aware about what NAT
is, and I´ve run a Linksys router since mid-2000 when I first got ADSL
and shared it on my gigabit ethernet LAN on 4+ PCs. Now I run a
Snapgear which supports IPSec inbound connections.

However, the availability of a home router and NAT is by far NOT the
norm for home users down here. Most people have a single computer at
home and home LANs are still somewhat rare. Only in the last year some
have started receiving laptops for their kids at school and for free,
as part of an OLPC-like program. So those families whose kids bring
home a government-provided netbook will surely have to add a broadband
router and NAT if they want to share their home broadband connection.

Only in the last 2-3 years WiFi became popular for home use (along
with lower prices and availability of Taiwanese or Chinese WiFi
routers/APs) *and* in the last year or two ISPs began offering
broadband with the addition of a Wi-Fi router free of charge, so YES,
those customers from 2009 onwars are likely to get NAT as a default.

But the vast majority of the installed base from yr 1996 to mid-2009
(cable modem) and 2000 to 2009 (ADSL) were installed without NAT (at
least the kits given by the ISPs, which included an ethernet or USB
ADSL modem connected in bridge mode directly to the PC, so no NAT).

Regards,
FC

···

On Mon, Jul 18, 2011 at 04:44, Earl <Large.Files@gmx.net> wrote:

Yes, my last post was for Fernando. In fact, my comments apply for all
TCP/IP networks, not just the Internet.

Earl


#16

Hey Earl,

На 18.07.11 09:44, Earl написа:

Hi Emil,

STUN does not work for symmetric NATs, so it is possible that ICE
and Jingle Nodes will also not function for symmetric NATs. ??

One reason STUN would fail, is indeed that both sides are behind NATs
that perform endpoint dependent mapping (also known as symmetric). In
such case the role of ICE is to detect this and fall back to a relayed
solution such as Jingle Nodes or a TURN server.

Your comment implies that one should *NOT* uncheck the USE ICE box.

Definitely not. We only use ICE, STUN, TURN, Jingle Nodes and UPnP when
ICE is enabled and has managed to confirm connectivity on either of
them. We don't use neither of the above if we don't have ICE. In such a
scenario it would be up to the XMPP server to insert itself in the media
path and use latching when relaying media. Contrary to SIP, where we
currently rely exclusively on latching, few XMPP servers would do this.

Cheers,
Emil

···

I almost unchecked this thinking that Jingle Nodes is "better" than ICE
and therefore ICE is no longer necessary.

In ICE CONFIGURATION, the only box I unchecked is uPnP since
my rounter also has uPNP disabled as I consider uPnP to be too
great a security risk.

Yes, my last post was for Fernando. In fact, my comments apply for all
TCP/IP networks, not just the Internet.

Earl

On 7/18/2011 8:20 AM, Emil Ivov wrote:

For the record: by themselves neither STUN nor Jingle Nodes are "universal" NAT traversal solutions. Both are meant to work as part of ICE. ICE negotiation between two peers may or may not end up using either of them.

Also for the record, I don't think Earl was asking for a NAT traversal algorithm. I believe his question was addressed to Fernando and his claim that the majority of the subscribers in Argentina used the Internet with public IPv4 addresses and without NAT.

Emil

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31


#17

Hi Fernando,

thanks for the explanation, I now understand the situation in Argentina.

Earl

···

On 7/18/2011 12:44 PM, Fernando Cassia wrote:

On Mon, Jul 18, 2011 at 04:44, Earl<Large.Files@gmx.net> wrote:

Yes, my last post was for Fernando. In fact, my comments apply for all
TCP/IP networks, not just the Internet.

Earl

Dear Earl,

I appreciate your lecture on NAT, I´m perfectly aware about what NAT
is, and I´ve run a Linksys router since mid-2000 when I first got ADSL
and shared it on my gigabit ethernet LAN on 4+ PCs. Now I run a
Snapgear which supports IPSec inbound connections.

However, the availability of a home router and NAT is by far NOT the
norm for home users down here. Most people have a single computer at
home and home LANs are still somewhat rare. Only in the last year some
have started receiving laptops for their kids at school and for free,
as part of an OLPC-like program. So those families whose kids bring
home a government-provided netbook will surely have to add a broadband
router and NAT if they want to share their home broadband connection.

Only in the last 2-3 years WiFi became popular for home use (along
with lower prices and availability of Taiwanese or Chinese WiFi
routers/APs) *and* in the last year or two ISPs began offering
broadband with the addition of a Wi-Fi router free of charge, so YES,
those customers from 2009 onwars are likely to get NAT as a default.

But the vast majority of the installed base from yr 1996 to mid-2009
(cable modem) and 2000 to 2009 (ADSL) were installed without NAT (at
least the kits given by the ISPs, which included an ethernet or USB
ADSL modem connected in bridge mode directly to the PC, so no NAT).

Regards,
FC


#18

For the record

(I obviously love straightening the record today :wink: )

Jitsi does not make any assumptions as to the use of a public address
... or lack there of. There is nothing in Jitsi that would prevent the
common Argentinian subscriber to use it from its public IP address.

There's also nothing that assumes there is a public address and that
would prevent people with NAT to use it. As Lyubomir commented: this is
certainly not for us to decide.

Cheers,
Emil

На 18.07.11 13:51, Earl написа:

···

Hi Fernando,

thanks for the explanation, I now understand the situation in Argentina.

Earl

On 7/18/2011 12:44 PM, Fernando Cassia wrote:

On Mon, Jul 18, 2011 at 04:44, Earl<Large.Files@gmx.net> wrote:

Yes, my last post was for Fernando. In fact, my comments apply for all
TCP/IP networks, not just the Internet.

Earl

Dear Earl,

I appreciate your lecture on NAT, I´m perfectly aware about what NAT
is, and I´ve run a Linksys router since mid-2000 when I first got ADSL
and shared it on my gigabit ethernet LAN on 4+ PCs. Now I run a
Snapgear which supports IPSec inbound connections.

However, the availability of a home router and NAT is by far NOT the
norm for home users down here. Most people have a single computer at
home and home LANs are still somewhat rare. Only in the last year some
have started receiving laptops for their kids at school and for free,
as part of an OLPC-like program. So those families whose kids bring
home a government-provided netbook will surely have to add a broadband
router and NAT if they want to share their home broadband connection.

Only in the last 2-3 years WiFi became popular for home use (along
with lower prices and availability of Taiwanese or Chinese WiFi
routers/APs) *and* in the last year or two ISPs began offering
broadband with the addition of a Wi-Fi router free of charge, so YES,
those customers from 2009 onwars are likely to get NAT as a default.

But the vast majority of the installed base from yr 1996 to mid-2009
(cable modem) and 2000 to 2009 (ADSL) were installed without NAT (at
least the kits given by the ISPs, which included an ethernet or USB
ADSL modem connected in bridge mode directly to the PC, so no NAT).

Regards,
FC

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31


#19

Emil,

We use open source rtpproxy and mediaproxy for media latching with sip.

Are there any similar open source xmpp media proxies available?

Is there a website that could list reference implementation for the XMPP
XEP. e.g. i saw XEP PASS but wondered..

Got to make my jitsi-ejabberd solution symmetric NAT resiliant.
regards,
Adnan

···

On Mon, Jul 18, 2011 at 11:48 AM, Emil Ivov <emcho@jitsi.org> wrote:

Hey Earl,

На 18.07.11 09:44, Earl написа:
> Hi Emil,
>
> STUN does not work for symmetric NATs, so it is possible that ICE
> and Jingle Nodes will also not function for symmetric NATs. ??

One reason STUN would fail, is indeed that both sides are behind NATs
that perform endpoint dependent mapping (also known as symmetric). In
such case the role of ICE is to detect this and fall back to a relayed
solution such as Jingle Nodes or a TURN server.

> Your comment implies that one should *NOT* uncheck the USE ICE box.

Definitely not. We only use ICE, STUN, TURN, Jingle Nodes and UPnP when
ICE is enabled and has managed to confirm connectivity on either of
them. We don't use neither of the above if we don't have ICE. In such a
scenario it would be up to the XMPP server to insert itself in the media
path and use latching when relaying media. Contrary to SIP, where we
currently rely exclusively on latching, few XMPP servers would do this.

Cheers,
Emil

> I almost unchecked this thinking that Jingle Nodes is "better" than ICE
> and therefore ICE is no longer necessary.
>
> In ICE CONFIGURATION, the only box I unchecked is uPnP since
> my rounter also has uPNP disabled as I consider uPnP to be too
> great a security risk.
>
> Yes, my last post was for Fernando. In fact, my comments apply for all
> TCP/IP networks, not just the Internet.
>
> Earl
>
> On 7/18/2011 8:20 AM, Emil Ivov wrote:
>> For the record: by themselves neither STUN nor Jingle Nodes are
"universal" NAT traversal solutions. Both are meant to work as part of ICE.
ICE negotiation between two peers may or may not end up using either of
them.
>>
>> Also for the record, I don't think Earl was asking for a NAT traversal
algorithm. I believe his question was addressed to Fernando and his claim
that the majority of the subscribers in Argentina used the Internet with
public IPv4 addresses and without NAT.
>>
>> Emil
>

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31


#20

Emil,

We use open source rtpproxy and mediaproxy for media latching with sip.

Are there any similar open source xmpp media proxies available?

I believe OpenFire had a media proxy but I've never really tested it.

Is there a website that could list reference implementation for the XMPP
XEP. e.g. i saw XEP PASS but wondered.

I am not sure I understand. Which XEP are you interested in?

Got to make my jitsi-ejabberd solution symmetric NAT resiliant.

Just install a Jingle Nodes relay with your server and it will be. Jitsi
will use ICE and go for the shortest path.

Cheers,
Emil

···

On Mon, Jul 18, 2011 at 3:11 PM, Adnan <112linuxstockholm@gmail.com> wrote:

regards,
Adnan

On Mon, Jul 18, 2011 at 11:48 AM, Emil Ivov <emcho@jitsi.org> wrote:

Hey Earl,

На 18.07.11 09:44, Earl написа:
> Hi Emil,
>
> STUN does not work for symmetric NATs, so it is possible that ICE
> and Jingle Nodes will also not function for symmetric NATs. ??

One reason STUN would fail, is indeed that both sides are behind NATs
that perform endpoint dependent mapping (also known as symmetric). In
such case the role of ICE is to detect this and fall back to a relayed
solution such as Jingle Nodes or a TURN server.

> Your comment implies that one should *NOT* uncheck the USE ICE box.

Definitely not. We only use ICE, STUN, TURN, Jingle Nodes and UPnP when
ICE is enabled and has managed to confirm connectivity on either of
them. We don't use neither of the above if we don't have ICE. In such a
scenario it would be up to the XMPP server to insert itself in the media
path and use latching when relaying media. Contrary to SIP, where we
currently rely exclusively on latching, few XMPP servers would do this.

Cheers,
Emil

> I almost unchecked this thinking that Jingle Nodes is "better" than ICE
> and therefore ICE is no longer necessary.
>
> In ICE CONFIGURATION, the only box I unchecked is uPnP since
> my rounter also has uPNP disabled as I consider uPnP to be too
> great a security risk.
>
> Yes, my last post was for Fernando. In fact, my comments apply for all
> TCP/IP networks, not just the Internet.
>
> Earl
>
> On 7/18/2011 8:20 AM, Emil Ivov wrote:
>> For the record: by themselves neither STUN nor Jingle Nodes are
"universal" NAT traversal solutions. Both are meant to work as part of ICE.
ICE negotiation between two peers may or may not end up using either of
them.
>>
>> Also for the record, I don't think Earl was asking for a NAT traversal
algorithm. I believe his question was addressed to Fernando and his claim
that the majority of the subscribers in Argentina used the Internet with
public IPv4 addresses and without NAT.
>>
>> Emil
>

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
http://jitsi.org FAX: +33.1.77.62.47.31