Local users on my LAN (inside the same NAT) seem to randomly disconnect

I did a fresh install of Debian 11RC. I installed jitsi via the Debian 11 repo according to the guide (which was for Debian 10 but I would assume translates) and got my EFF “Let’s Encrypt” setup for my home IP (on ATT Fiber) and all the listed ports forward to my Debian. Everything seems to work for the Jitsi meet users from outside my home LAN from their iOS or Android or browser interface.

However when I try to use jitsi from inside my home network, either on the browser interface or two of my Android devices, it only seems to sporadically work…and frequently reports disconnections and tries to reconnect…and often can. But the users outside of my home have no problem. And I turn off wifi on my same Android phone and instead use 5G (so I can access the server from an IP outside my home LAN), then it works fine. So clearly using devices from inside LAN doesn’t work properly. Any ideas how to get it working?

Reading “Advanced Configuration” on the Debian guide, I think I found what I need to do:

The following extra lines need to be added to the file /etc/jitsi/videobridge/sip-communicator.properties:

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>
And comment the existing org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES.

See the documentation of ice4j for details.

Not able to set its public address normally results people from outside not able to send media to jvb and it works just in the local network. What you describe is strange jvb is always able to announce to clients its internal address.
So maybe you have a firewall that blocks udp 10000 to your local clients, so they cannot connect through the local network. And sometimes routers do not allow connections from the local network back to the internal network, which is happening to your internal clients that try to use the public address, this is the only explanation why both options will not work and only those for the public internet clients would work.

hmm, this did not do the trick.

well I believe I have udp port 10000 properly forwarded to my local jitsi meet server (efjz.in):
image

And here is my server’s firewall settings:

root@efjz:/# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW IN    Anywhere                  
443/tcp                    ALLOW IN    Anywhere                  
10000/udp                  ALLOW IN    Anywhere                  
22/tcp                     ALLOW IN    Anywhere                  
3478/udp                   ALLOW IN    Anywhere                  
5349/tcp                   ALLOW IN    Anywhere                  
4443/tcp                   ALLOW IN    Anywhere                  
80/tcp (v6)                ALLOW IN    Anywhere (v6)             
443/tcp (v6)               ALLOW IN    Anywhere (v6)             
10000/udp (v6)             ALLOW IN    Anywhere (v6)             
22/tcp (v6)                ALLOW IN    Anywhere (v6)             
3478/udp (v6)              ALLOW IN    Anywhere (v6)             
5349/tcp (v6)              ALLOW IN    Anywhere (v6)             
4443/tcp (v6)              ALLOW IN    Anywhere (v6)  

So I believe I am correctly forwarding the necessary ports, including udp port 10000.

Are the local clients connecting to the server using the same address as external clients?
It should be the same…

my local clients are all using https://efjz.in as the server to connect to. Each local client has it’s own IPv4 address provided by DHCP in the range 192.168.1.x which is also where the server has its own local ip address of 192.168.1.239

I tried with another local device and still gets disconnected randomly after around 15-30 seconds just like the other local clients.

I’m considering right now to add an /etc/hosts file to my local clients and tell them the local ip address of efjz.in

The solution on my Debian desktop which is running the server is to edit the /etc/hosts file and instead of having efjz.in point to my home’s public ip, to instead just use my desktop server’s local ip address (192.168.1.239). And similarly changed my /etc/hosts file on my rooted android (which had been set to android’s default) to add a new entry for ejfz.in to also point to the same desktop server’s local ip too (192.168.1.239). Now I’ve been able to run a local session uninterrupted.

I’m marking this as the solution. For the record my ISP is ATT Fiber in Atlanta, GA. And my ATT gateway is called “ARRIS BGW210-700”.