connecting to EDGE servers on 443/TCP / 3478/UDP ?

[jaroslawp]

Reading: https://technet.microsoft.com/en-us/library/gg425882%28v=ocs.15%29.aspx it seems than newer Lync clients or Skype for Business will use only ports 443/TCP or 3478/UDP for audio/video transmission via relay.

I think sipe uses the Lync 2007 port range 50000-59999 ? (Well, it uses what lync server told it to use:)

Is that because sipe identifies itself to Lync as an Office Communicator 2007 client ?

Would it be possible to implement avrelay connections via these to ports ? (not sure that requires protocol messages implementation or just client identification change that lync server would recognize sipe as skype 4 business client ?)

[xhaakon]

Are you referring to this paragraph?

Configuring the Audio/Video port range of 50,000-59,999 must take into account that the port range will contain the source ports for communications to federation partners. In detail, consider that a communication is initiated from a federation partner. The communication from the A/V Edge service ports in the 50,000-59,999 range will connect to the expected port TCP 443 of the partner’s A/V Edge service. Conversely, inbound traffic to your A/V Edge service port TCP 443 will have a source port in the range of 50,000-59,999.

I think that section is talking about communication between two federated Lync servers. Sipe implements only the client protocol and imho it shouldn't concern us how the server infrastructure of Lync works internally.

[jaroslawp]

Sorry, my question was rather referring to this: Important: Microsoft Office Communications Server 2007 requires a slightly different configuration. The TCP and UDP port range of 50,000-59,999 must be open inbound and outbound. This requirement is only for Office Communicator 2007 (yes, probably that was not the correct document to mention .. )

Apparently Microsoft Lync 2013 client / Skype for Business client are using 443/tcp while connecting for audio/video via an edge server. sipe uses 50000-59999 range. So the question was if implementation of the behaviour of these clients in sipe would require a protocol level changes or this is just a question of how sipe identifies itself to lync servers (both using user-agent and initial REGISTER request).

[xhaakon]

443/TCP and 3478/UDP are for port allocation and transfer of relayed media between client and A/V Edge. You can look at [MS-TURN] for details on that protocol.

Those ports are used in addition to the 50000-59999 range, which serves direct peer-to-peer connections. This applies to all Lync clients, including Sipe (prehaps except the ancient 2005 Office Communicator which didn't use ICE, STUN and TURN at all).

The paragraph you're citing talks only about firewall rules you have to set in order for the A/V Edge to work and the "slight difference in configuration" is just that 50,000-59,999/TCP+UDP has to be opened for inbound and outbound for older servers - no difference in client behavior is mentioned. I don't know why OCS 2007 servers need the ports open both ways, perhaps it has to do with communication of federated servers, but in the end it has no effect on Sipe or other regular Lync clients.

So to answer what you are actually asking, Sipe has the features in question already implemented, and the differences you are concerned about don't affect the Lync clients, but are rather related to Lync server internals and firewall settings, thus out-of-scope for Sipe.

For a general overview of how Lync establishes media connectivity you can watch this presentation (75 min. runtime).

[jaroslawp]

Thank you very much for detailed explanation ! (I will need some time to digest the info and lookup docs ;-)). I'm not so much concerned but my question comes from observation:

in our organization edge servers have only tcp/443 open in firewall for incoming traffic (50000-59999 are closed): somehow skype for business client is able to establish an audio call connecting from outside the firewall while sipe is not.

I would need to dig into this little bit deeper I guess ..

[xhaakon]

Somehow skype for business client is able to establish an audio call connecting from outside the firewall while sipe is not.

Establishing the call path borders with alchemy really, as could be apparent for example from the presentation I linked. libnice is the component taking care of Interactive Connectivity Establishment (ICE) in Pidgin and I know that in more complex situations, like when AV Edge is involved, it often fails to create the path between the clients. Which version do you have? I recommend you try (if not already using) our version that contains the latest, not-yet-released mainline fixes and some Sipe-specific patches not upstream yet.

wiki also provides some clues how to setup Pidgin to create verbose logs that contain also debug messages from libnice, which could help dissecting your issue.

[jaroslawp]

Yes I actually do use your project components (not only libnice , also others), but recompiled and repackaged for CentOS7: http://cern.ch/linux/docs/lyncav.shtml (I know you supply ubuntu packages .. but we need these for CentOS used here)

Indeed the problem seems to be mostly in path routing somehow: I also see this while connecting between two pidgin clients for remote desktop/file transfer: pidgin opens ~ 10 tcp high-numbered ports listening for transfer: but when i perform same operation between pidgin and macos/windows lync/skype4b somehow these ports are not needed ? ..

I think I'll try to get debugging info for above scenarios and come back with some results ...

BTW: is there a discussion/support forum for sipe/pidgin with V/V ? (since here is code issues tracker ..)

Thanks !

[xhaakon]

is there a discussion/support forum for sipe/pidgin with V/V?

Just opening a new ticket here and putting a 'question' label on it should do.