No audio/video behind NAT with coturn

I use Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-96-generic x86_64) for fresh Jitsi installation

Server is behind FW and NAT.

Server Settings

noc@jitsi:~ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=18.04 DISTRIB_CODENAME=bionic DISTRIB_DESCRIPTION="Ubuntu 18.04.4 LTS" noc@jitsi:~ cat /etc/apt/sources.list.d/jitsi-stable.list
deb https://download.jitsi.org stable/
noc@jitsi:~$ dpkg -l jitsi* prosody coturn
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/
Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name Version Architektur Beschreibung
++±==============================-====================-====================-==================================================================
ii coturn 4.5.0.7-1ubuntu2.18. amd64 TURN and STUN server for VoIP
ii jitsi-meet 2.0.4384-1 all WebRTC JavaScript video conferences
ii jitsi-meet-prosody 1.0.3969-1 all Prosody configuration for Jitsi Meet
un jitsi-meet-tokens (keine Beschreibung vorhanden)
un jitsi-meet-turnserver (keine Beschreibung vorhanden)
ii jitsi-meet-web 1.0.3969-1 all WebRTC JavaScript video conferences
ii jitsi-meet-web-config 1.0.3969-1 all Configuration for web serving of Jitsi Meet
un jitsi-videobridge (keine Beschreibung vorhanden)
ii jitsi-videobridge2 2.1-164-gfdce823f-1 all WebRTC compatible Selective Forwarding Unit (SFU)
ii prosody 0.10.0-1build1 amd64 Lightweight Jabber/XMPP server

When connecting the clients via webpage / app I can see them member, i can chat but i have no audio and no video.

/etc/jitsi/videobridge/sip-communicator.properties
changed the NAT settings

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet.demo-example.de:5349
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=10.20.30.5
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=80.x.y.z
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.meet.demo-example.de
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=Zolj16vw
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.meet.demo-example.de
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=1c48a9b1-df0a-49c6-84e4-6fe0ec8b435a

/etc/jitsi/jicofo/sip-communicator.properties

org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.meet.demo-example.de
org.jitsi.jicofo.auth.URL=XMPP:meet.demo-example.de
org.jitsi.jicofo.auth.DISABLE_AUTOLOGIN=true

/etc/turnserver.conf

tls-listening-port=5349
listening-ip=10.20.30.5
verbose
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=0123456789
realm=meet.demo-example.de
total-quota=100
bps-capacity=0
stale-nonce=600
cert=/etc/letsencrypt/meet.demo-example.de/cert.pem
pkey=/etc/letsencrypt/meet.demo-example.de/key.pem
cipher-list=‘ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384’
dh-file=/etc/nginx/dhparams/dhparams.pem
no-stdout-log
log-file=/var/log/coturn.log
simple-log
no-loopback-peers
no-multicast-peers
no-tlsv1
no-tlsv1_1

nano /etc/jitsi/meet/meet.demo-example.de-config.js
changed the STUN to

var config = {
hosts: {
domain: ‘meet.demo-example.de’,
muc: ‘conference.meet.demo-example.de
},
bosh: ‘//meet.demo-example.de/http-bind’,
clientNode: ‘http://jitsi.org/jitsimeet’,
focusUserJid: ‘focus@auth.meet.demo-example.de’,
testing: {
enableFirefoxSimulcast: false,
p2pTestMode: false
},
enableNoAudioDetection: true,
enableNoisyMicDetection: true,
desktopSharingChromeExtId: null,
desktopSharingChromeSources: [ ‘screen’, ‘window’, ‘tab’ ],
desktopSharingChromeMinExtVersion: ‘0.1’,
channelLastN: -1,
useStunTurn: true,
requireDisplayName: true,
enableWelcomePage: true,
enableUserRolesBasedOnToken: false,
p2p: {
enabled: true,
useStunTurn: true,
stunServers: [
{ urls: ‘stun:meet.demo-example.de:5349’ },
],
preferH264: true
analytics: {
},
deploymentInfo: {
},
makeJsonParserHappy: ‘even if last key had a trailing comma’
};

/etc/prosody/conf.d/meet.demo-example.de.cfg.lua
I changed Host and Port

turncredentials = {
{ type = “stun”, host = “meet.demo-example.de”, port = “5349” },
{ type = “turn”, host = “meet.demo-example.de”, port = “5349”, transport = “udp” },
{ type = “turns”, host = “meet.demo-example.de”, port = “5349”, transport = “tcp” }
};

netstat -lnput

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5821/nginx: master
tcp 0 0 10.20.30.5:5349 0.0.0.0:* LISTEN 5865/turnserver
udp 0 0 10.20.30.5:5349 0.0.0.0:* 5865/turnserver
udp6 0 0 10.20.30.5:10000 :::* 6194/java

(why udp/10000 is shown in udp6 instead of udp - i dont know)

/var/log/jitsi/jvb.log

020-04-10 00:42:14.672 INFORMATION: [18] Videobridge.createConference#326: create_conf, id=23f40959cc6a6874 gid=null logging=false
2020-04-10 00:42:14.686 INFORMATION: [18] Health.doRun#294: Performed a successful health check in 14ms. Sticky failure: false
2020-04-10 00:42:24.687 INFORMATION: [18] Videobridge.createConference#326: create_conf, id=e7e0c60846b9b94a gid=null logging=false
2020-04-10 00:42:24.699 INFORMATION: [18] Health.doRun#294: Performed a successful health check in 12ms. Sticky failure: false
2020-04-10 00:42:34.700 INFORMATION: [18] Videobridge.createConference#326: create_conf, id=c2c683e99fe0f87a gid=null logging=false
2020-04-10 00:42:34.716 INFORMATION: [18] Health.doRun#294: Performed a successful health check in 15ms. Sticky failure: false
2020-04-10 00:42:44.717 INFORMATION: [18] Videobridge.createConference#326: create_conf, id=12378fa2c009b36d gid=null logging=false
2020-04-10 00:42:44.728 INFORMATION: [18] Health.doRun#294: Performed a successful health check in 12ms. Sticky failure: false
2020-04-10 00:42:54.729 INFORMATION: [18] Videobridge.createConference#326: create_conf, id=187116bb6fcae3e8 gid=null logging=false
2020-04-10 00:42:54.740 INFORMATION: [18] Health.doRun#294: Performed a successful health check in 11ms. Sticky failure: false
[…]
2020-04-10 01:11:56.533 INFORMATION: [131] [confId=6ff56e8dedbcbfd4 gid=ffcec3 stats_id=Keaton-zhr conf_name=test1 ufrag=5kp4n1e5gq9cel epId=f0639174 local_ufrag=5kp4n1e5gq9cel] Agent.triggerCheck#1765: $
LocalCandidate=candidate:1 1 udp 2130706431 10.20.30.5 10000 typ host
RemoteCandidate=candidate:10002 1 udp 1853824767 62.x.y.z 5378 typ prflx
[…]

In external fw i can see incomming tcp/443, udp/10000 and tcp/5349.

Something is still mad in my setup…

Thx

Hello, I have the same problem, have you been able to fix it?

Thanks