No audio no video with more than 2 participants behind NAT

Hi
I have just installed jitsi-meet server in my ubuntu machine .
In the same local network conference works perfectly without a limits of number of participant.
But when we are in a conference with somebodies behind Nat there is no audio no video for remote participants (it works perfectly just with 2 participants).

So can you tell me please what whent wrong ?
Thanks in advance .

Have you checked the advanced configuration section in the quick install guide? https://jitsi.org/qi
Common problem of not opening ports, or not forwarding them or skipping configuration of private public addresses in jvb config (jvb needs restart after setting them).

1 Like

Thanks for your reply .
I open these ports : TCP/443 or TCP/4443 and UDP 10000
and i add these to lines to this file /etc/jitsi/videobridge/sip-communicator.properties:

org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=192.168.1.6
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=197.1.222.199 
and i restart jvb :  /etc/init.d/jitsi-videobridge restart

but can you explain to me please how can i apply ports forwarding ?

Do you have access to the device that is doing the nat? The one with ip address 197.1.222.199 you need to configure it there.

1 Like

Hi @damencho i configure port forwarding in my router:

then i check if ports are open or not with my port check tool .
it gives me this result :
Port [80] is open on [102.157.102.94]
Port [443] is open on [102.157.102.94]
Port [4443] is open on [102.157.102.94]
but port 10000 still closed :
Port [10000] is closed on 102.157.102.94

so how can i open port 10000/udp

Are you sure this port forwarding tester tests udp?

1 Like

yes you are right this tester doesn’t test udp
i check with this command and it’s ok :
nc -z -v -u 102.157.102.94 10000:
Connection to 102.157.102.94 10000 port [udp/*] succeeded!

but still the same problem no audio no video with more than 2 participants behind NAT.

I just tested it and it worked for me. The signalling seems fine.
Are you testing from the same network as where the jvb is installed 192.168.1… ? If yes, then the clients from that network cannot access the jvb ports in the local network on 192.168.1.6 and they cannot reach outside 102.157… ports, which sometimes is normal, devices do not allow their external ports from the internal network …

yes i test from the same network as where jvb is installed … how can i do to allow these external ports from the internal networks?

But clients should be able to connect directly to 192.168.1.6, is there a firewall on jvb machine stopping this?

1 Like

Thanks for replying @damencho

there is no firewall enabled on jvb machine

Run wireshark on one of the clients machine and see why the client cannot reach that ip address on port 10000? Is there some internal network restriction to restrict connections between internal clients? Anyway it is some internal network issue you must find.
Testing from Internet works fine.

from local network there’s no problem even more than 3 participants can see and talk to each others succussfully but from outside (behind nat)more than 2 participants can join the same room but can’t see each other there’s no video no audio (black screen) .

this is my conf file : /etc/jitsi/videobridge/sip-communicator.properties

So you say that from internal network there is no problem? I had tested your deployment from outside and it was working fine, I don’t see a problem with your deployment.
Are you testing with chrome or firefox?

i tested from chrome nd firefox, the same problem with both .

when the server is behind nat , the conference works fine in case if all clients are in the same network But the problem is when more than 2 participants connected with different network , they can join the conference but without video or audio

Are those clients connecting from a corporate like network where udp is not allowed or the only allowed is https and port 443? Does it work if same clients use meet.jit.si?

Thanks for your support @damencho
can you please give me more details about your note

yes, with meet.jit.si clients can connect without any problem

In some corporate networks udp is disabled and connection will fallback to tcp. If you are using the default deployment without http server, it will use tcp to port 443 on jvb, if this is not the case the default is port 4443, which some corporate firewalls will block as it is not port 443.
There are some networks which make deep packet inspection and will detect that the connection to the jvb is not real ssl connection and even on port 443 it will block it.
The solution is to run a turn server on a separate ip address with valid ssl certificate, and that turn server to listen on port 443. This is the case with meet.jit.si.
The clients that were seeing it working on meet.jit.si can easily validate that, expanding local client connection stats will reveal, is it TCP or UDP and whether turn is used.

Hi @damencho

thanks for your support ,now everything works perfectly .More than 2 participants can join the conference behind Nat with audio and video .

I want to know if I can manage the conference between the different participants in such way I manage the access to the microphone. only the participant who I give him access can talk and the microphones of others are mute
can you tell me if it’s possible to do this?