P2P not working properly

I am struggling to find out why P2P is no longer working with computers connecting inside their networks. Not to be confused with corporate Firewalls and the use of TURN servers, P2P seems to only be in use when connecting with external IP addresses and not internal (192.x.x.x).

Can anyone help here?

Your turnserver config, does it look like this: jitsi-meet/turnserver.conf at master · jitsi/jitsi-meet · GitHub

Is turnserver in same network with jvb and client, can you give details about the scenario?

It looks like Jitsi installation comes with the coturn but we want turnserver on a separate server to handle the high load, We have also tried your default Cotrun with default config but in both cases, some people can’t establish a P2P connection while some people can, but the weird thing is that those participants who were not established P2P on our setup those can establish p2p connect on other self-hosted quick installed Jitsi (default 1 JVB setup ) More important is to establish a P2P connection when turn server is on a separate server, these are our config please guide us on what mistake we are making and what is the cause and solution. thanks (On AWS server)

@damencho turnserver in same network with jvb and client?

Their VPC and Subnet are same

So we did the installation, of coturn on a separate server

this our config





added prosody module mod_turncredentials.lua
mention this module in prosody VirtualHost “meet.example.com

modules_enabled = {
“ping”; – Enable mod_ping

and also added

turncredentials_secret = "xxx_same_as_static-auth-secret_from_turnserver.conf";
turncredentials_port = 443;
turncredentials_ttl = 86400;
turncredentials = {
    { type = "stun", host = "turn.example.com" },
    { type = "turn", host = "turn.example.com", port = 443},
    { type = "turns", host = "turn.example.com", port = 443, transport = "tcp" }

jitsi our config.js

 p2p: {
 enabled: true,
 useStunTurn: true, // Using Turn for p2p connections & also tried by commenting this line.
 preferH264: true,
 stunServers: [
            { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' },
	    { urls: "stun:stun.l.google.com:19302" },
            { urls: "stun:stun1.l.google.com:19302" },
            { urls: "stun:stun2.l.google.com:19302" },

useStunTurn: true, // Using Turn Server with JVB (also tired by commenting this line)

To us Turn Server with JVB

By setting useStunTurn: true and setting org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true on JVB (using sip-communicator.properties file), we can turn off the TCP Harvester of JVB and use the Turn Server for TCP connections. With this method, JVB will only be uing UDP. If a participant fails to establish a UDP connection with the bridge, TURN server will establish a TCP connection with the participant and then will relay the media traffic over UDP to the bridge. so org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true is added.

Multi-JVB and region-based Octo scaling (Nginx GeoIP based region routing )

Ports open in Coturn server

3478	UDP	
3478	UDP	::/0	        
80	TCP	
80	TCP	::/0	        
22	TCP	
22	TCP	::/0	
10000 - 20000	UDP	
10000 - 20000	UDP	::/0	
443	TCP	
443	TCP     ::/0

For main Jitsi (Jicofo + prosody + Nginx + jitsi frontend) and all separate jvbs these Ports are open

Custom TCP	TCP	5369	::/0	

IPv4	Custom TCP	TCP	5347	

IPv4	Custom TCP	TCP	5349	

IPv4	Custom TCP	TCP	5222	

IPv4	Custom TCP	TCP	3478	

IPv6	Custom TCP	TCP	5222	::/0	

IPv4	Custom UDP	UDP	4096	


IPv4	Custom TCP	TCP	4443	

IPv4	SSH	TCP	22	

IPv6	Custom TCP	TCP	9090	::/0	

IPv4	Custom TCP	TCP	5369	

IPv6	Custom UDP	UDP	10000 - 20000	::/0	

IPv4	Custom UDP	UDP	10000 - 20000

IPv6	Custom TCP	TCP	4443	::/0	

IPv4	Custom TCP	TCP	8080	–

IPv6	Custom TCP	TCP	3478	::/0	

IPv6	Custom TCP	TCP	8080	::/0	

IPv6	Custom TCP	TCP	5347	::/0	

IPv6	HTTPS	TCP	443	::/0	

IPv6	Custom UDP	UDP	4096	::/0	


IPv6	HTTP	TCP	80	::/0	

Custom TCP	TCP	9090

Drop this and make sure your coturn can reach jvb using its public address on port 10000 udp.

And you better use this template for your config: jitsi-meet/turnserver.conf at master · jitsi/jitsi-meet · GitHub
There are some denied-peer-ip stuff in there which are important for security reasons.