STUN problem?


Hello, I have a weird case here. there are 4 people lets name it A, B, C, D.
A B C connect to public wifi network
D connect to enterprise network

And here is the case:

  1. A B C , 3 of them doing conference on room1
  2. When D join the conference on room1, he can’t connect. The Image is just black and no sound (from A perspective). But A B C still connected and can talk to each other.
  3. But A can connect p2p to D, also B can connect to D and C can connect to D.
  4. When A and D connect p2p, B try to join. D suddenly turn to black image(from A perspective), but A and B connected and can talk each other.

First i thought its because of the D’s network firewall, but if that’s the case, we wont be able to connect p2p also right?

The problem here is maybe the UDP package of D is not sent to the STUN server. But what can cause this? And how we fix the problem? any idea? This is few info form D perspective when we try the case number 4:


Have you tested the non-working scenarios on
I suppose you need to install a turn server listening to port 443, something that has.
Have you already check, is D using udp or tcp when in working scenario?


sry for the late reply,

not yet, but nice idea, i will try that today. i will post the result soon…

If the turn server listening to port 443, how about the https apache?

when working the protocol is UDP. same as the rest of the group (A, B, C)


I already try it and it works. can i have the configuration?

  1. Using NAT
  2. Apache: 443/tcp
  3. JVB on: 3478/tcp
  4. Single UDP listening port: 3478/udp
  5. UDP min:max port: 56000 - 65000/udp




So you can configure jvb port 3478, but what I see in the config you had set port mapped_port 443, this means jvb will announce that can receive tcp traffic on port 443, but will be listening to 3478.
It is recommended to use the turn server for the tcp fallback connections with valid certificate, jvb can handle that but have some issues.

You need just one udp port, by default, it is 10000,

You need a second vm or ip address for the turn server.


So i need 2 public ip? Is the using 2 public ip as well?


It is using a lot of public ip addresses, as there are multiple shards, bridges, turnservers which are located in several geo regions.


hmmm, alright then. thx for the solution.

but just maybe, is there any solution beside adding ip address?


You can run turnserver on the same machine not using port 443. Or not running the turnserver.
There are some restricted corporate networks that allow only outgoing https connections, this is the case why turnserver needs to be running on port 443, to cover those cases. If you will not have those you can simple run it on different port.


Ok, thx a lot @damencho :slight_smile: