Know issue ? behind NAT :(

Hi every all i have a litte problem_


Firts scenario

DMZ Jitsi appliance on VMWare <—> pfSense <—> Internet
LAN <—> Same pfSense of Jitsi <—> Internet

pfSense manage more that one subnet on his LAN interface

Jitsi server on a Debian 9, behind a pfSense router with HA Proxy_
Its Debian is an TurnKey appliance of LAMP, that have apache installed_
Also in the same VM, I installed Simple-RTMP-Server thats use Nginx in other port that apache (apache on 80 and 443, and nginx 8080 and the rtmp ports (github-com/iakuf/simple-rtmp-server))
The firewall on the Jitsi appliance are down

Ports 80 and 443 are managed by HAProxy on pfSense (its works fine, all the websites behind pfSense thats run on 80 and or 443 ports work is like a charm)

Also HAProxy manage other ports like smtp, pop3 etc_ etc_, inclusive RTMP like 1935, all that works fine_

Well, the Jitsi server receive the 80 and 443 ports by HAProxy and the 4443 and 10000 by NAT, all it from pfSense_

The sip-communicator_properties file on /etc/jitsi/videobridge has the next config

###############################
org_ice4j_ice_harvest_DISABLE_AWS_HARVESTER=true
org_ice4j_ice_harvest_NAT_HARVESTER_LOCAL_ADDRESS=A_B_C_D (internal IP of Jitsi)
org_ice4j_ice_harvest_NAT_HARVESTER_PUBLIC_ADDRESS=1_2_3_4 (external Public IP of pfSense WAN, it’s not behind a private, the pfSense box catch the public ip)
#org_ice4j_ice_harvest_STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay_jitsi_net:443 (comment as indicate the instructions)
org_jitsi_videobridge_ENABLE_STATISTICS=true
org_jitsi_videobridge_STATISTICS_TRANSPORT=muc
org_jitsi_videobridge_xmpp_user_shard_HOSTNAME=localhost
org_jitsi_videobridge_xmpp_user_shard_DOMAIN=auth_meet_mydomain_com
org_jitsi_videobridge_xmpp_user_shard_USERNAME=jvb
org_jitsi_videobridge_xmpp_user_shard_PASSWORD=ydGeYRm1
org_jitsi_videobridge_xmpp_user_shard_MUC_JIDS=BvbVrewery@internal_auth_meet_mydomain_com
org_jitsi_videobridge_xmpp_user_shard_MUC_NICKNAME=9ce1a67a-8c5d-4a1e-b529-583448e5aaaa
###############################

The above setup is as i see on the instructions to config, the correct setup for behind a NAT

Symptoms

First test case

One PC in behind the pfSense on a LAN
One CellPhone behind the pfSense on the same LAN that the PC

Connections to meet url runs OK,
Enter to the room works OK
Chat works OK
Audio works OK
Video works OK

I assume because the P2P works fine

Second test case

One PC in behind the pfSense on a LAN
One Cell Phone working from data packets (not using a wifi)

Connections to meet url runs OK,
Enter to the room works OK
Chat works OK
Audio NOT work
Video NOT work

Third test case

One PC in behind the pfSense on a LAN
One Cell Phone working from data packets (not using a wifi)
Second Cell Phone working from data packets (not using a wifi)

Connections to meet url runs OK,
Enter to the room works OK
Chat works OK
Audio NOT work
Video NOT work

Fourth test case

One PC in behind the pfSense on a LAN
One CellPhone behind the pfSense on the same LAN that the PC
Second CellPhone behind the pfSense on the same LAN that the PC

Connections to meet url runs OK,
Enter to the room works OK
Chat works OK
Audio NOT work
Video NOT work

Second scenario

Its is like the first one with the same tests cases, but only change the next config

The sip-communicator_properties file on /etc/jitsi/videobridge has the next config

###############################
org_ice4j_ice_harvest_DISABLE_AWS_HARVESTER=true
#org_ice4j_ice_harvest_NAT_HARVESTER_LOCAL_ADDRESS=A_B_C_D (internal IP of Jitsi)
#org_ice4j_ice_harvest_NAT_HARVESTER_PUBLIC_ADDRESS=1_2_3_4 (external Public IP of pfSense WAN, it’s not behind a private, the pfSense box catch the public ip)
org_ice4j_ice_harvest_STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay_jitsi_net:443 (comment as indicate the instructions)
org_jitsi_videobridge_ENABLE_STATISTICS=true
org_jitsi_videobridge_STATISTICS_TRANSPORT=muc
org_jitsi_videobridge_xmpp_user_shard_HOSTNAME=localhost
org_jitsi_videobridge_xmpp_user_shard_DOMAIN = auth_meet_mydomain_com
org_jitsi_videobridge_xmpp_user_shard_USERNAME=jvb
org_jitsi_videobridge_xmpp_user_shard_PASSWORD=ydGeYRm1
org_jitsi_videobridge_xmpp_user_shard_MUC_JIDS = BvbVrewery@internal_auth_meet_mydomain_com
org_jitsi_videobridge_xmpp_user_shard_MUC_NICKNAME=9ce1a67a-8c5d-4a1e-b529-583448e5aaaa
###############################


So, what I’m doing wrong?

Regards and Thanks a lot

1 Like

Did you manage to fix this? I have the same problem…

1 Like

Nope, more than 80 views but no ones know how to resolve a issue that I see is a common thing