STUN only server on Jitsi Server

Hi, the story so far:

Everythings (seems to) work fine …

How can i check if

  • my STUN is used?
  • P2P or JVB is used for 2 participients?
  • any additional config (where) needed?

Thanks in advance!

And many thanks to the fantastic project!

In the connection indicators in the UI you should see p2p when it is p2p.

Thanks!

Found it & indicates p2p :wink:

Can you please help in clarifying the other points?

Especially if in Jitsi there is “any additional config (where) needed?”

If my “assumption: no TURN necessary for Jitsi Meet” is right, what about including something lightweight like “Stuntman” per default in jitsi meet?
About lightweight: Stuntman needed one additional ssl lib, coturn about 11 (!) .add’s, and very simple config, approved to work behind NAT/Firewall.

Thanks & happy easter days!

Hi,
I am finding myself in the same position where i need to install a STUN server. Would you please explain all the steps you took to install the STUN server on your ubuntu box ( including the beforementioned ssl lib ). I would very greatly appreciate it!!!

Thank you!!
Art

Happy new year!

STUNTMAN STUN server

Session Traversal Utilities for NAT – Wikipedia
http://www.stunprotocol.org/
GitHub - jselbie/stunserver: Version 1.2. This is the source code to STUNTMAN - an open source STUN server and client code by john selbie. Compliant with the latest RFCs including 5389, 5769, and 5780. Also includes backwards compatibility for RFC 3489. Compiles on Linux, MacOS, BSD, Solaris, and Win32 with Cygwin. Windows binaries avaialble from www.stunprotocol.org.
RFC 5389 - Session Traversal Utilities for NAT (STUN)

not available in buster, but in stretch
check if strech repo available & add

/etc/apt/sources.list.d/sources.list

deb http://deb.debian.org/debian stretch main

apt-get update
dpkg -l | grep -i stuntman-server
apt-get --dry-run install stuntman-server
apt-get install stuntman-server

for testing of stuntman-server, get stuntman-client

apt-get --dry-run install stuntman-client
apt-get install stuntman-client

/etc/default/stuntman-server

# Defaults for stuntman-server
#
# This is a POSIX shell fragment
#

#uncommment the next line to allow the init.d script to start the STUN daemon
#START_DAEMON=true
START_DAEMON=true

MODE=“basic”
#PRIMARY_INTERFACE=""
#PRIMARY_PORT=3478
PRIMARY_INTERFACE=“your-ip”
PRIMARY_PORT=3478

#SECONDARY_INTERFACE=""
#SECONDARY_PORT=3479

# Additional options that are passed to the daemon
DAEMON_OPTS=""
# --maxconn MAXCONN

# whom the daemons should run as
DAEMON_USER=nobody

service stuntman-server stop

test run …

stunserver --primaryinterface your-ip -v 1

with 2nd ssh session, do

netstat -tulpn | grep 3478
stunclient your-ip

kill stunserver --primaryinterface your-ip -v 1

service stuntman-server start
stunclient your-ip
netstat -tulpn | grep 3478

online webrtc test:

Trickle ICE

ICE servers
stun:yourdomain:3478
Gather candidates

/etc/jitsi/meet/yourdomain-config.js

p2p: {
    // Enables peer to peer mode. When enabled the system will try to
    // establish a direct connection when there are exactly 2 participants
    // in the room. If that succeeds the conference will stop sending data
    // through the JVB and use the peer to peer connection instead. When a
    // 3rd participant joins the conference will be moved back to the JVB
    // connection.
    enabled: true,

    // Use XEP-0215 to fetch STUN and TURN servers.
    // useStunTurn: true,

    // The STUN servers that will be used in the peer to peer connections
    stunServers: [
        // { urls: 'stun:meet-jit-si-turnrelay.jitsi.net:443' }
        { urls: 'stun:yourdomain:3478' }
    ],

jitsi videobridge
disable STUN entry & set IP’s
STUN discovery with internal server fails

/etc/jitsi/videobridge/sip-communicator.properties

#
# STUN jvb ip resolve disabled, ip’s set in NAT section
#
# org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=public-ip:3478
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=local-ip
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=public-ip

prosody settings

/etc/prosody/conf.d/yourdomain.cfg.lua

– no TURN server => not needed
– turncredentials_secret = “yoursecret”;

– turncredentials = {
– { type = “stun”, host = “yourdomain”, port = “3478” },
– { type = “turn”, host = “yourdomain”, port = “3478”, transport = “udp” },
– { type = “turns”, host = “yourdomain”, port = “5349”, transport = “tcp” }
– };

        -- "turncredentials";

that’s all :wink:

Hope it helps, awaiting your feedback