Problem with videobridge: Using TCP instead of UDP isn´t working

[mhenninghaus77]

Hello,

i installed jitsi-meet on a Debian Server in our public Network and the Installation went fine, so far so good. But Video is only working outside our corporate Network cause udp to external isn´t allowed in our Firewall. using the System from the outside is working cause the Clients are there allowed to communicate via udp. Is there any possibility for us to force the jitsi-system using tcp over 443 only?

the Firewall allows traffic on port 80 and 443. the System has only one ip adress, the public one. i read a lot of Mailing lists but i din´t find a way to solve it. the only Thing i want is to talk to videobridge only via 443

regards

michael

[jitsi-developers]

Hello,

I have jitsi videobridge working over TCP.

Here's the steps that I followed :

1. By default JVB will be listening on port TCP/4443 and UDP/10000, so you have to add the following iptables redirection : sudo iptables -t nat -A PREROUTING -d IP/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination IP:4443

2. add TCP_HARVESTER_PORT and TCP_HARVESTER_MAPPED_PORT to JVB configuration : https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md

3. If you want to use only TCP for your media streams, change the variables below in /etc/jitsi/meet/domain-config.js webrtcIceUdpDisable: true, webrtcIceTcpDisable: false,

Regards Hamza

Le 01/03/2018 12:55, > mhenninghaus77 (par Internet, dépôt dev-bounces@jitsi.org) a écrit :

Hello,

i installed jitsi-meet on a Debian Server in our public Network and the Installation went fine, so far so good. But Video is only working outside our corporate Network cause udp to external isn´t allowed in our Firewall. using the System from the outside is working cause the Clients are there allowed to communicate via udp. Is there any possibility for us to force the jitsi-system using tcp over 443 only?

the Firewall allows traffic on port 80 and 443. the System has only one ip adress, the public one. i read a lot of Mailing lists but i din´t find a way to solve it. the only Thing i want is to talk to videobridge only via 443

regards

michael

-- You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

---

dev mailing list dev@jitsi.org Unsubscribe instructions and other list options: http://lists.jitsi.org/mailman/listinfo/dev

[bgrozev]

If you only have one machine you will need to multiplex HTTPS and ICE/RTP on TCP/443. You can only do this if you serve your HTTP content from jitsi-videobridge (instead of the nginx which comes with jitsi-meet by default). This is described here: https://github.com/jitsi/jitsi-videobridge/blob/master/doc/http.md

Note that for best results you should leave the UDP configuration as it is, and let clients connect with whatever works. And if you have the option of configuring the firewall, you only need to allow acces to UDP/10000 on the bridge machine.

[mhenninghaus77]

Thanks for your advice.

I tried it with the Redirect but our System is using ipv4 and iopv6, and with ipv6 something isn´t realy working, i have to check the Syntax of the ip6tables part

[mhenninghaus77]

The Workarounds are not working? My constellation:

I have a Debian Server running in our dmz. On this System i installed both rocketChat and Jitsi, both accessible via https using Apache sni. With this constellation i am not able to preroute or to let jitis-videobridge serve the http Content.

[sahin52]

Is there any news about this issue?
I have the same problem, there is a server outside the corporate, the outsiders can connect there without problem but when an insider tries to connect via proxy, they can't share or access to videos and voices since the UDP ports are closed. How can we make all of the communication via 80 and 443?

[damencho]

You better install a turnserver and let the turnserver proxy TCP to UDP to the bridge, this is how the default jitsi-meet install works.

[acidvegas]

Hello, I have jitsi videobridge working over TCP. Here's the steps that I followed : 1. By default JVB will be listening on port TCP/4443 and UDP/10000, so you have to add the following iptables redirection : sudo iptables -t nat -A PREROUTING -d IP/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination IP:4443 2. add TCP_HARVESTER_PORT and TCP_HARVESTER_MAPPED_PORT to JVB configuration : https://github.com/jitsi/jitsi-videobridge/blob/master/doc/tcp.md 3. If you want to use only TCP for your media streams, change the variables below in /etc/jitsi/meet/domain-config.js webrtcIceUdpDisable: true, webrtcIceTcpDisable: false, Regards Hamza Le 01/03/2018 12:55, > mhenninghaus77 (par Internet, dépôt dev-bounces@jitsi.org) a écrit : … Hello, i installed jitsi-meet on a Debian Server in our public Network and the Installation went fine, so far so good. But Video is only working outside our corporate Network cause udp to external isn´t allowed in our Firewall. using the System from the outside is working cause the Clients are there allowed to communicate via udp. Is there any possibility for us to force the jitsi-system using tcp over 443 only? the Firewall allows traffic on port 80 and 443. the System has only one ip adress, the public one. i read a lot of Mailing lists but i din´t find a way to solve it. the only Thing i want is to talk to videobridge only via 443 regards michael -- You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread. ___ dev mailing list @.*** Unsubscribe instructions and other list options: http://lists.jitsi.org/mailman/listinfo/dev

This is old and is no longer working. Seems like ICE/TCP support was removed completely.

Any alternative solutions for this issue?

[damencho]

Any alternative solutions for this issue?

The answer is in the previous post:

install a turnserver and let the turnserver proxy TCP to UDP to the bridge, this is how the default jitsi-meet install works.