I did a fresh install of Debian 11RC. I installed jitsi via the Debian 11 repo according to the guide (which was for Debian 10 but I would assume translates) and got my EFF “Let’s Encrypt” setup for my home IP (on ATT Fiber) and all the listed ports forward to my Debian. Everything seems to work for the Jitsi meet users from outside my home LAN from their iOS or Android or browser interface.
However when I try to use jitsi from inside my home network, either on the browser interface or two of my Android devices, it only seems to sporadically work…and frequently reports disconnections and tries to reconnect…and often can. But the users outside of my home have no problem. And I turn off wifi on my same Android phone and instead use 5G (so I can access the server from an IP outside my home LAN), then it works fine. So clearly using devices from inside LAN doesn’t work properly. Any ideas how to get it working?
Reading “Advanced Configuration” on the Debian guide, I think I found what I need to do:
The following extra lines need to be added to the file /etc/jitsi/videobridge/sip-communicator.properties:
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=<Local.IP.Address>
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=<Public.IP.Address>
And comment the existing org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES.
See the documentation of ice4j for details.
Not able to set its public address normally results people from outside not able to send media to jvb and it works just in the local network. What you describe is strange jvb is always able to announce to clients its internal address.
So maybe you have a firewall that blocks udp 10000 to your local clients, so they cannot connect through the local network. And sometimes routers do not allow connections from the local network back to the internal network, which is happening to your internal clients that try to use the public address, this is the only explanation why both options will not work and only those for the public internet clients would work.
well I believe I have udp port 10000 properly forwarded to my local jitsi meet server (efjz.in):
And here is my server’s firewall settings:
root@efjz:/# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
10000/udp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
3478/udp ALLOW IN Anywhere
5349/tcp ALLOW IN Anywhere
4443/tcp ALLOW IN Anywhere
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
10000/udp (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
3478/udp (v6) ALLOW IN Anywhere (v6)
5349/tcp (v6) ALLOW IN Anywhere (v6)
4443/tcp (v6) ALLOW IN Anywhere (v6)
So I believe I am correctly forwarding the necessary ports, including udp port 10000.
my local clients are all using https://efjz.in as the server to connect to. Each local client has it’s own IPv4 address provided by DHCP in the range 192.168.1.x which is also where the server has its own local ip address of 192.168.1.239
I tried with another local device and still gets disconnected randomly after around 15-30 seconds just like the other local clients.
I’m considering right now to add an /etc/hosts file to my local clients and tell them the local ip address of efjz.in
The solution on my Debian desktop which is running the server is to edit the /etc/hosts file and instead of having efjz.in point to my home’s public ip, to instead just use my desktop server’s local ip address (192.168.1.239). And similarly changed my /etc/hosts file on my rooted android (which had been set to android’s default) to add a new entry for ejfz.in to also point to the same desktop server’s local ip too (192.168.1.239). Now I’ve been able to run a local session uninterrupted.
I’m marking this as the solution. For the record my ISP is ATT Fiber in Atlanta, GA. And my ATT gateway is called “ARRIS BGW210-700”.
