Jitsi + Wireguard VPN

What do you mean?
You used some different network from the server to run the client and you run the listener on the machine where jvb was used and that worked?

I point my domain (ex: meet.jitsi.com) to my Static Public IP on a Linode Server.

This Linode Server Only has the following:

  • Wireguard Server
  • Nginx Proxy Manager

Then I point the domain and ports with Nginx Proxy Manager to a Server / Computer in my Home (Proxmox) where I have a Linux Container (CT) with Jitsi Installed and the Client Wireguard VPN.

I’m sorry, I just tried another VPN config and suddently the port 10000 wouldn’t reach the server anymore.

I’m using this config on the VPN client:
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25

Which means that everything will go through the VPN.

If I limit it to specific IPs then the 10000 port reaches the server.

Problem is, I keep having problems either way.

so, the connection I’m trying to make it work is:

Domain → VPN & Nginx Proxy Manager → Jitsi

By using the checking you mention It seems like all the the ports are showing up on the VPN server but not in the Jitsi Server.

I had Jitsi working behind a Reverse Proxy before. But it seems like the VPN has increased the difficulty to me a little.

I don’t get it :S

Okay, current situation.

  • Everything Works for Users Inside the VPN

  • Only P2P Works for Users Outside the VPN

That suggests that users outside the VPN cannot reach the JVB on port 10000.

Exactly… Even though considering I have Jitsi on a VPN and I’m forwarding everything to the VPN IP…

Do you think the router port fowarding matters in this case?
I have another Jitsi instance installed using port 10000 but in a traditional Router at home install.

Is the port in the router forwarded?

yes, but to the other instance. Should I remove this?

I tried forwarding router port 10000 to the local ip of the server and it didn’t do anything.

Makes sense, because this port is coming from the public IP I have my VPN server. This is the one I want to forward to the Jitsi Server and not the public ip from my home. ( where the jitsi server is )

Please do a smple network diagram of you setup.

I think I’m close to giving up because bandwidth limit can also be an issue.

But still, for educational purposes I would love to see this setup working.

Ok, it’s clearer to me now, it was different in my mind earlier. In the Jitsi containers, set DOCKER_HOST_ADDRESS to the public IP of the cloud server and try that way.

sorry man, maybe I wasn’t clear, this is basicly an Ubuntu Install. It’s an Ubuntu LXC and not a Docker.

I did try placing the Public IP on the /etc/jitsi/videobridge/sip-communicator.properties

Problem persisted.

PS: I did try a Docker install and the situation was the same.

That is the old config, not sure if it’s being properly picked up.

Thys this in the jvb.conf file:

ice4j {
    harvest {
        mapping {
            stun {
                addresses = [ "http://meet-jit-si-turnrelay.jitsi.net:443" ]
                enabled = true
            }
            static-mappings = [
                {
                    local-address = "THE CONTAINER LOCAL IP"
                    public-address = "YOUR PUBLIC IP"
                }
            ]
        }
    }
}

Thanks for the help saghul,

I tried but I’m still getting “pair failed” and “no socket” between the IP’s.

Jitsi seems to be going for the right IP’s but something else is going on and Port 10000 is not accessible. There might be something I would need to do in Wireguard config or Nginx Proxy Manager which I have not enough experience to know how to do.

I decided to not go with the VPN route anymore because Jitsi consumes a lot of Bandwith through the VPN, in the end of the month it will be a lot of GBs. And It appears that not many people go for that route. Atleast there isn’t much info out there on how to make it work correctly.

Sorry for taking you guys time

That error is confusing, but unrelated. It will be gone in the next release.

This I don’t know either.