Since we updated our production servers to JVB2, without changing any configuration, we are now unable to run videobridge behind NAT.
Here is our ~/.sip-communicator/sip-communicator.properties file :
org.ice4j.ipv6.DISABLED=true org.jitsi.videobridge.TCP_HARVESTER_PORT=80 org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT=10000 org.jitsi.impl.neomedia.transform.srtp.SRTPCryptoContext.checkReplay=false org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=InternalIP org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=ExternalIP
I also tried a lot of configuration (using videobridge directives instead of ice4j, removing the checkReplay directive…)
For the network part : 10000/TCP and 80/TCP are opened (+ 443/TCP for the web part) and checked from end to end using the SocketTest tool.
We also tried to open the 4443/TCP port as mentioned here even if it should be overwriten by the TCP_HARVESTER_PORT directive.
In the logs there is no errors except videobridge trying without success to pair :
INFOS: Add remote candidate for stream-46c8cfa3.RTP: 192.168.8.37:51701/udp/host INFOS: Starting the agent with remote candidates. INFOS: Start ICE connectivity establishment. INFOS: Add remote candidate for stream-46c8cfa3.RTP: 192.168.8.37:51701/udp/host INFOS: Init checklist for stream stream-46c8cfa3 INFOS: Starting the agent with remote candidates. INFOS: ICE state changed from Waiting to Running. INFOS: ICE state changed old=Waiting new=Running INFOS: Start connectivity checks. INFOS: Transport description: <transport xmlns='urn:xmpp:jingle:transports:ice-udp:1' pwd='721d8u70s9rhe4utb06csslttf' ufrag='679pl1ecaips2h'><rtcp-mux/><fingerprint xmlns='urn:xmpp:jingle:apps:dtls:0' setup='actpass' hash='sha-256'>61:5C:82:C6:CE:C8:00:4E:DA:72:CB:CD:B6:53:D9:81:34:CC:FD:56:92:F4:24:E8:51:AE:B0:15:B4:37:BD:C1</fingerprint><candidate component='1' foundation='1' generation='0' id='288968ff21f11ee70437d8d3e' network='0' priority='2130706431' protocol='udp' type='host' ip='InternalIP' port='10000'/></transport> INFOS: Pair failed: InternalIP:10000/udp/host -> 192.168.8.37:51701/udp/host (stream-46c8cfa3.RTP) INFOS: Pair failed: InternalIP:10000/udp/host -> 192.168.8.37:51701/udp/host (stream-46c8cfa3.RTP) INFOS: create_conf, id=8dd8307281cfa01f gid=null logging=false INFOS: Performed a successful health check in PT0.006S. Sticky failure: false INFOS: Endpoint's ICE connection has neither failed nor connected after PT2M34.951S, expiring INFOS: Expiring endpoint 0f6b78db
After reading this issue I tried to look at the SetRemoteDescription in chrome and it seems that the public IP configured in the server is not published to the client because I only have candidate with the internal IP address (verified by wireshark, requests are sent using the internal IP) :
a=candidate:1 1 udp 2130706431 InternalIP 10000 typ host generation 0
Thanks in advance for your help ! Don’t hesitate to ask if you need more informations.
Also Jitsi meet is really important to us and our customers, especially during the COVID crisis. Thank you for your work !