I’ve self-hosted a Jitsi server via Quick Install instructions and then set up another instance with Coturn serving turns at 443. I then configured Prosody to publish this new server address by configuring turncredentials in Prosody config (I’m using 0.11 from Prosody’s Debian repo).
I have configured Jitsi Meet’s config.js to
useStunTurn for P2P as well as Videobridge and set
useTurnUdp=false. Also removed stun server list from config.js to force using turns via Prosody’s XEP-0215 via mod_turncredentials. I referred to https://meet.jit.si/config.js for these settings.
This has helped bypass almost every corporate firewall among my clients. However, very few clients are facing issues wherein they are able to access my Jitsi server but unable to establish p2p connectivity and thus unable to participate in calls. They get kicked out with a
CONFERENCE FAILED: ICE Failed error in the logs.
I have observed that it typically happens when the TURN server is unreachable at its specified port. I understand that a lot of firewalls would restrict UDP traffic and/or non-standard ports. But in my case, TURN is set with turns (TCP) traffic on 443, so ideally it should work.
Has someone else encountered this issue? Is there something more that needs to be done, to let corporate clients establish ICE through their firewalls? Whitelisting may not be possible in every case. I’m looking for something that I can change in my setup to make this happen.