Public jitsi server tries to connect to private address of client

Hi there :wave:

I’ve set up jitsi meet two weeks ago on Ubuntu 20.04 following this guide by digitial ocean
I’ve skipped step 5 of locking confrerence creation for now.

We’re now testing it with our first users and it mostly works except for one instance.
Looking at the logs it seems that it’s trying to connect to the client’s local address:

Component.updateRemoteCandidates#481: new Pair added: 135.181.XXX.XXX:10000/udp/host -> 192.168.178.71:51714/udp/host (stream-c5628b67.RTP).

which then subsequently failed:

ConnectivityCheckClient$PaceMaker.run#922: Pair failed: 135.181.XXX.XXX:10000/udp/host -> 192.168.178.71:51714/udp/host (stream-c5628b67.RTP)

I can also provide more logs, but can’t upload them yet as new user.

And one more detail: they were able to make calls via the official https://meet.jit.si/ server.

I’d be really grateful for any pointers as to what could be going on here. :pray:

Cheers,
Daniel

oh well, no thanks; what you provided is quite enough. When I will get one euro for every user having a working system and when looking at the log is scared that Sauron must be looking at / interfering with the system, I’ll get rich quick. Developers are dumping in the logs what is really debug info under the label ‘Info’ all the time.
So the server is trying all possible pairs with all local interfaces as reported by the Javascript code running on the client. If you have a Vpn running with another site, it will try it. It will fail and generate a message ‘pair failed’. It’s of no consequence provided that at the end there is one ‘pair succeeded’.

Thanks for the reply @gpatel-fr.

I’m in a situation that the user within this room/conference couldn’t connect and I’m trying to find out what’s wrong with the setup as they were able to connect to the official jitsi server.

You’re right there’s also some “Pair succeeded” logs. Presumably for the person in the call who was able to connect. To summarize there’s 2x “Pair failed” followed by 3x “Pair succeeded” followed by 3x “Pair failed”, before the call ended.

Is there potentially any better way to troubleshoot this situation?

This kind of problem is regularly seen on this forum, you need to check that port 10000/udp is not blocked client side. There are many ways to do that but you need to run something on the users’s computer. For example:

(server)
sudo systemctl stop jitsi-videobridge2
nc -l 10000 -u
(workstation)
echo "123" | nc -u (your public address) 10000

if that’s not possible, I’d suggest to try to check with only 2 users, then ask the failing user to try to enter the room and see if there is traffic coming from the computer on port 10000/UDP.

Or just cut the chase and assume that it is a port 10000 problem and verify that coturn is working (that’s the way to handle these firewall-handicapped clients). It may be easier. Just use your computer and block port 10000/udp in the out direction, and verify that you can use your Jitsi server normally. If yes, the problem is not the (very common) port 10000 problem. You need a working coturn setup anyway if you need to serve a large number of external clients.

Alright, there’s an update:

After the user removed most of their firewall restrictions they were able to connect. So it seems extremely likely that port 10000/UDP was blocked.
I just naively assumed the jitsi-meet installation would be including everything out of the box, including a coturn server. So given our audience (it’s students connecting from their homes) it’s rather likely that all kind of firewall setup can occur and having a coturn server will be rather beneficial.

Do you know whether it’s viable to install jitsi-meet-turnserver on the same server or is it rather meant to be installed on separate machine?

jitsi-buster-installer

jitsi-school-installer

The standard Debian installer includes a coturn server installed (of course) on the same computer, and it may happen to work out of the box. I think that the most usual case where it does not is when the Jitsi server is behind NAT, where some coturn parameters have to be adapted. The default installation is tailored for a Vps connected directly to the Internet without firewall, and there is not a lot of doc about coturn setup as coturn use is more typical of a professionnal setup while Jitsi default installer tries to keep things simple.
You can check out installers provided by third parties like @emrah.

Uh awesome! My search skills weren’t able to get me to any of these links yet. I’m definitely going to give it a try :+1:

Thanks a lot for your support! :blush: