Wireguard + Jitsi

How do I force a public IP to JBV instead of letting it discover one?

I need it to use the VPN IP and not the Public IP where the Server is.

My current situation.

  • Everything Works for Users Inside the VPN

  • Only P2P Works for Users Outside the VPN

I did that but I problem wasn’t fixed. How about the local IP?

I see in the logs this: Pair failed: 192.168.1.148:10000

I don’t want him to consider my eth0 machine local IP but the VPN Interface IP.
Can I choose which interface to use for example?

for some reason, any changes i make to the sip-communicator.properties are making no difference at all.

Post your jvb.conf and sip-communicator.properties file, masking private info.

Thank you,

also showing you my /etc/hosts:

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
 --- BEGIN PVE --- 
127.0.1.1 meet.jitsi.com meet
 --- END PVE ---

my: /etc/jitsi/videobridge/sip-communicator.properties

org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true
#org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.n>
org.jitsi.videobridge.ENABLE_STATISTICS=true
org.jitsi.videobridge.STATISTICS_TRANSPORT=muc
org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost
org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.meet.jitsi.com
org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb
org.jitsi.videobridge.xmpp.user.shard.PASSWORD=(pass)
org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.meet.jitsi>
org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=some numbers and characters>
org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=127.0.0.1
org.ice4j.ice.harvest.NAT_HARVESTER_PUBLIC_ADDRESS=(public ip of my VPN Server)

my: /etc/jitsi/videobridge/jvb.conf

videobridge {
    http-servers {
        public {
            port = 9090
        }
    }
    websockets {
        enabled = true
        domain = "meet.jitsi.com:443"
        tls = true
    }
}

Make sure this file is readable by jvb. What do the logs show you when you restart jvb?

And also I’m not sure that this is correct: org.ice4j.ice.harvest.NAT_HARVESTER_LOCAL_ADDRESS=127.0.0.1

Permissions and Ownership:
-rw-r–r-- 1 jvb jitsi 770 May 13 15:45 sip-communicator.properties

JVB 2022-05-13 16:10:37.949 INFO: [1] JitsiConfig.<clinit>#47: Initialized newConfig: merge of /etc/jitsi/videobridge/jvb.conf: 1,application.conf @ jar:file:/usr/share/jitsi-videobridge/jitsi-videobridge.jar!/application.conf: 1,system properties,reference.conf @ jar:file:/usr/share/jitsi-videobridge/jitsi-videobridge.jar!/reference.conf: 1,reference.conf @ jar:file:/usr/share/jitsi-videobridge/lib/jitsi-media-transform-1.0-301-g78ae20c.jar!/reference.conf: 1,reference.conf @ jar:file:/usr/share/jitsi-videobridge/lib/ice4j-3.0-57-gdec3a87.jar!/reference.conf: 1
JVB 2022-05-13 16:10:37.971 INFO: [1] ReadOnlyConfigurationService.reloadConfiguration#51: loading config file at path /etc/jitsi/videobridge/sip-communicator.properties
JVB 2022-05-13 16:10:37.972 INFO: [1] JitsiConfig.<clinit>#68: Initialized legacyConfig: sip communicator props (no description provided)
JVB 2022-05-13 16:10:37.974 INFO: [1] JitsiConfig$Companion.reloadNewConfig#94: Reloading the Typesafe config source (previously reloaded 0 times).
JVB 2022-05-13 16:10:38.011 INFO: [1] MainKt.main#90: Starting jitsi-videobridge version 2.1.681-g3544ed05
JVB 2022-05-13 16:10:38.362 INFO: [12] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Adding a static mapping: StaticMapping(localAddress=127.0.0.1, publicAddress=(my public IP), localPort=null, publicPort=null, name=null)
JVB 2022-05-13 16:10:38.370 INFO: [12] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Using org.ice4j.ice.harvest.StaticMappingCandidateHarvester(face=127.0.0.1:9/udp, mask=(my public IP):9/udp)
JVB 2022-05-13 16:10:38.370 INFO: [12] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Initialized mapping harvesters (delay=319ms). stunDiscoveryFailed=false
JVB 2022-05-13 16:10:38.601 INFO: [15] [hostname=localhost id=shard] MucClient.initializeConnectAndJoin#281: Initializing a new MucClient for [ org.jitsi.xmpp.mucclient.MucClientConfiguration id=shard domain=auth.meet.jitsi.com hostname=localhost port=null username=jvb mucs=[JvbBrewery@internal.auth.meet.jitsi.com] mucNickname=(numbers and characters) disableCertificateVerification=false]
JVB 2022-05-13 16:10:38.665 INFO: [1] LastNReducer.<init>#65: LastNReducer with reductionScale: 0.75 recoverScale: 1.25 impactTime: PT1M minLastN: 1 maxEnforcedLastN: 40
JVB 2022-05-13 16:10:38.669 INFO: [1] TaskPools.<clinit>#87: TaskPools detected 4 processors, creating the CPU pool with that many threads
JVB 2022-05-13 16:10:38.700 INFO: [1] HealthChecker.start#118: Started with interval=60000, timeout=PT1M30S, maxDuration=PT3S, stickyFailures=false.
JVB 2022-05-13 16:10:38.787 INFO: [1] UlimitCheck.printUlimits#115: Running with open files limit 65000 (hard 65000), thread limit 65000 (hard 65000).
JVB 2022-05-13 16:10:38.798 INFO: [1] VideobridgeExpireThread.start#88: Starting with 60 second interval.
JVB 2022-05-13 16:10:38.861 INFO: [1] MainKt.main#121: Not starting CallstatsService, disabled in configuration.
JVB 2022-05-13 16:10:38.863 INFO: [1] MainKt.main#130: Starting public http server
JVB 2022-05-13 16:10:38.962 INFO: [15] [hostname=localhost id=shard] MucClient.initializeConnectAndJoin#343: Dispatching a thread to connect and login.
JVB 2022-05-13 16:10:38.984 INFO: [1] ColibriWebSocketService.<init>#40: Base URL: wss://meet.jitsi.com:443/colibri-ws/default-id Relay URL: wss://meet.jitsi.com:443/colibri-relay-ws/default-id
JVB 2022-05-13 16:10:39.019 INFO: [1] org.eclipse.jetty.util.log.Log.initialized: Logging initialized @1441ms to org.eclipse.jetty.util.log.JavaUtilLog
JVB 2022-05-13 16:10:39.163 INFO: [1] ColibriWebSocketService.registerServlet#79: Registering servlet with baseUrl = wss://meet.jitsi.com:443/colibri-ws/default-id, relayUrl = wss://meet.jitsi.com:443/colibri-relay-ws/default-id
JVB 2022-05-13 16:10:39.180 INFO: [1] org.eclipse.jetty.server.Server.doStart: jetty-9.4.44.v20210927; built: 2021-09-27T23:02:44.612Z; git: 8da83308eeca865e495e53ef315a249d63ba9332; jvm 11.0.15+10-Ubuntu-0ubuntu0.20.04.1
JVB 2022-05-13 16:10:39.300 INFO: [1] org.eclipse.jetty.server.handler.ContextHandler.doStart: Started o.e.j.s.ServletContextHandler@5d10455d{/,null,AVAILABLE}
JVB 2022-05-13 16:10:39.327 INFO: [1] org.eclipse.jetty.server.AbstractConnector.doStart: Started ServerConnector@238b521e{HTTP/1.1, (http/1.1)}{0.0.0.0:9090}
JVB 2022-05-13 16:10:39.332 INFO: [1] org.eclipse.jetty.server.Server.doStart: Started @1755ms
JVB 2022-05-13 16:10:39.333 INFO: [1] MainKt.main#148: Starting private http server
JVB 2022-05-13 16:10:39.343 INFO: [15] [hostname=localhost id=shard] MucClient$2.connected#314: Connected.
JVB 2022-05-13 16:10:39.343 INFO: [15] [hostname=localhost id=shard] MucClient.lambda$getConnectAndLoginCallable$9#639: Logging in.
JVB 2022-05-13 16:10:39.394 INFO: [1] org.eclipse.jetty.server.Server.doStart: jetty-9.4.44.v20210927; built: 2021-09-27T23:02:44.612Z; git: 8da83308eeca865e495e53ef315a249d63ba9332; jvm 11.0.15+10-Ubuntu-0ubuntu0.20.04.1
JVB 2022-05-13 16:10:39.427 INFO: [15] [hostname=localhost id=shard] MucClient$2.authenticated#320: Authenticated, b=false
JVB 2022-05-13 16:10:39.523 INFO: [15] [hostname=localhost id=shard] MucClient$MucWrapper.join#763: Joined MUC: jvbbrewery@internal.auth.jitsi.meet.com
JVB 2022-05-13 16:10:39.673 WARNING: [1] org.glassfish.jersey.server.wadl.WadlFeature.configure: JAXBContext implementation could not be found. WADL feature is disabled.
JVB 2022-05-13 16:10:39.766 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime: A provider org.jitsi.rest.Health registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.rest.Health will be ignored.
JVB 2022-05-13 16:10:39.767 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime: A provider org.jitsi.rest.Version registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.rest.Version will be ignored.
JVB 2022-05-13 16:10:39.977 INFO: [1] org.eclipse.jetty.server.handler.ContextHandler.doStart: Started o.e.j.s.ServletContextHandler@2a43e0ac{/,null,AVAILABLE}
JVB 2022-05-13 16:10:39.978 INFO: [1] org.eclipse.jetty.server.AbstractConnector.doStart: Started ServerConnector@213deac2{HTTP/1.1, (http/1.1)}{127.0.0.1:8080}
JVB 2022-05-13 16:10:39.978 INFO: [1] org.eclipse.jetty.server.Server.doStart: Started @2401ms
JVB 2022-05-13 16:10:58.452 WARNING: [32] ColibriWebSocketServlet.createWebSocket#152: Received request for an nonexistent conference: 94fbcd292c7b052a

I tried masking my private stuff.

I also tried “localhost” and the VPN IP here.

Thank you for helping me…

I want to highlight that I’v been testing and Jitsi works perfectly and to the fullest when devices are on the VPN.

It even seems like there is nothing wrong with the Jitsi installation.

Only devices out of the VPN have problems with audio and video.

This means that the UDP forwarding from (my public IP) to the internal address of the bridge is not working (for port UDP 10000).

I see, any tips? Thanks!

I think I should place the local ip in sip to the VPN ip. Then check this part of the log again.

I know it still won’t work, because I’ve tried it before.

But we’ll see, maybe port 10000 really isn’t getting to the right place.

The nginx stream problably isn’t working