Restricted Network (with Proxy) - ICE failed, add a STUN server and see about:webrtc for more details

Hey Guys,

i am so happy about Jitsi-Meet u did so well.

I have only one Problem (but for me it’s a big one). We host our own Jitsi Meet instance. Al works fine. We can join with different amount of ppl and all supported Devices.

I installed Jitsi with the Quick INstall Guide. All worked fine.

Now my Problem:
Our own company Network is behind an Proxy. So i found out, to use a Proxy i need a TURN Server to get this work. Also our Proxy does not support UDP.

I already followed different topics, which doesnt work at all.
As example: Jitsi Access through Proxy Server

How i see, Jitsi meet quick install brings his own TURN Server:

p2p: {
    // Enables peer to peer mode. When enabled the system will try to
    // establish a direct connection when there are exactly 2 participants
    // in the room. If that succeeds the conference will stop sending data
    // through the JVB and use the peer to peer connection instead. When a
    // 3rd participant joins the conference will be moved back to the JVB
    // connection.
    enabled: true,

    // Use XEP-0215 to fetch STUN and TURN servers.
    useStunTurn: true,

    // The STUN servers that will be used in the peer to peer connections
    stunServers: [

        // { urls: 'stun:meet.EXAMPLEDOMAIN.de:4446' },
        { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
    ],

That is how it is configured in etc/jitsi/meet/domain.de-config.js

And this is my sip-communicator.properties from the videobridge:
org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=192.xxx.xxx.xx
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=meet.EXAMPLEDOMAIN.de // even direct IP doesnt work
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.meet.EXAMPLEDOMAIN.de
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=TP1WJH3X
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.meet.EXAMPLEDOMAIN.de
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=6970fad9-980e-4e7c-9c26-02302d40a57a
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true

So at the end i can connect from all Networks (without Proxy), but not from our Company Network.
There i get this Error in console “ICE failed, add a STUN server and see about:webrtc for more details”

(We only can work with Firefox in our Company, but even one Test with Chrome didnt work)

I dont know what else to do… I am thankfull for all help i can get here =)

Greetings

pls help…

This happens, when someone out of my restricted network joins:

Ich have Set-Up an Coturn Server. JVB Sip-communivation is this now:

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=turn.meet.myotherdomain.de:443
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.meet.mydomain.de
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=#sKngQto
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.meet.mydomain.de
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=xxxxxxxxxxxxxxxxxx
org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true

turncredentials_secret = “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”;

turncredentials = {
{ type = “stun”, host = “turn.meet.myotherdomain.de”, port = “443” },
{ type = “turn”, host = “turn.meet.myotherdomain.de”, port = “443”, transport = “udp” },
{ type = “turns”, host = “turn.meet.myotherdomain.de”, port = “443”, transport = “tcp” }
};

// Use XEP-0215 to fetch STUN and TURN servers.
useStunTurn: true,

// Enable IPv6 support.
// useIPv6: true,

// Enables / disables a data communication channel with the Videobridge.
// Values can be 'datachannel', 'websocket', true (treat it as
// 'datachannel'), undefined (treat it as 'datachannel') and false (don't
// open any channel).
// openBridgeChannel: true,


// UI
//

// Use display name as XMPP nickname.
// useNicks: false,

// Require users to always specify a display name.
// requireDisplayName: true,

// Whether to use a welcome page or not. In case it's false a random room
// will be joined when no room is specified.
enableWelcomePage: true,

// Enabling the close page will ignore the welcome page redirection when
// a call is hangup.
// enableClosePage: false,

// Disable hiding of remote thumbnails when in a 1-on-1 conference call.
// disable1On1Mode: false,

// Default language for the user interface.
// defaultLanguage: 'en',

// If true all users without a token will be considered guests and all users
// with token will be considered non-guests. Only guests will be allowed to
// edit their profile.
enableUserRolesBasedOnToken: false,

// Whether or not some features are checked based on token.
// enableFeaturesBasedOnToken: false,

// Enable lock room for all moderators, even when userRolesBasedOnToken is enabled and participants are guests.
// lockRoomGuestEnabled: false,

// When enabled the password used for locking a room is restricted to up to the number of digits specified
// roomPasswordNumberOfDigits: 10,
// default: roomPasswordNumberOfDigits: false,

// Message to show the users. Example: 'The service will be down for
// maintenance at 01:00 AM GMT,
// noticeMessage: '',

// Enables calendar integration, depends on googleApiApplicationClientID
// and microsoftApiApplicationClientID
// enableCalendarIntegration: false,

// Stats
//

// Whether to enable stats collection or not in the TraceablePeerConnection.
// This can be useful for debugging purposes (post-processing/analysis of
// the webrtc stats) as it is done in the jitsi-meet-torture bandwidth
// estimation tests.
// gatherStats: false,

// The interval at which PeerConnection.getStats() is called. Defaults to 10000
// pcStatsInterval: 10000,

// To enable sending statistics to callstats.io you must provide the
// Application ID and Secret.
// callStatsID: '',
// callStatsSecret: '',

// enables sending participants display name to callstats
// enableDisplayNameInStats: false,

// enables sending participants email if available to callstats and other analytics
// enableEmailInStats: false,

// Privacy
//

// If third party requests are disabled, no other server will be contacted.
// This means avatars will be locally generated and callstats integration
// will not function.
// disableThirdPartyRequests: false,


// Peer-To-Peer mode: used (if enabled) when there are just 2 participants.
//

p2p: {
    // Enables peer to peer mode. When enabled the system will try to
    // establish a direct connection when there are exactly 2 participants
    // in the room. If that succeeds the conference will stop sending data
    // through the JVB and use the peer to peer connection instead. When a
    // 3rd participant joins the conference will be moved back to the JVB
    // connection.
    enabled: true,

    // Use XEP-0215 to fetch STUN and TURN servers.
    useStunTurn: true,

    // The STUN servers that will be used in the peer to peer connections
    stunServers: [

        // { urls: 'stun:meet.mydomain.de:4446' },
        { urls: 'stun:turn.meet.myotherdomain.de:443' }
    ],

    // Sets the ICE transport policy for the p2p connection. At the time
    // of this writing the list of possible values are 'all' and 'relay',
    // but that is subject to change in the future. The enum is defined in
    // the WebRTC standard:
    // https://www.w3.org/TR/webrtc/#rtcicetransportpolicy-enum.
    // If not set, the effective value is 'all'.
    // iceTransportPolicy: 'all',

image

These errors only exist in our company network. All other networks and computer work great. i only need help to get this area work. i think there is one setting missing, i dont find in jitsi meet

@damencho @bbaldino @Boris_Grozev @Jonathan_Lennox any ideas here?

I have similar problem.
I Tryed many different configuration, but still have this error “Bridge Channel send: no opened channel”

Maybe my Firewall / IDS too restrictive.
No solution yet…

Finally i got a working Turn Server.

Over google chrome i can connect to meeting now.
with mozilla firefox its still not able to connect.
(only in this restricted area, firefox is working well on extern devices)

Some companies (like ours) are not allowed to use google chrome, pls fix the bugs with firefox…

here is the issue:
image

This DONT happens with google chrome!

After 8 months, we are using latest stable version

  • jitsi-meet (2.0.5390-3)
  • jitsi-videobridge2 (2.1-416-g2f43d1b4-1)

The problem still exists.

Any helps are welcome.

Make sure the xmpp socket for clients connecting to the bridge is correctly setup FAQ · Jitsi Meet Handbook

Thanks, default installation already followed.

But, it’s no help on solution the issue.