Closed Twiggeh closed 1 year ago
(following to add answers to docs when available)
Hey @Twiggeh ,
Clients may discover each other for 1:1 video / audio calls if they are on the same network. AFAIK this happens via broadcasts. In this case firewall-traversal - as provided by restund
- isn't used.
There are two kinds of (audio / video) calls: 1:1 calls and conference calls with multiple attendees in Wire groups. Only the latter are provided by sftd
.
Eventually I turned off the restund & sftd services (systemctl stop restund && pkill restund, modified the helm chart to scale sftd to 0) and the latency stayed the same ! and the calls were connecting!
This was probably possible because you turned off the firewalls before and did a 1:1 call. A next good step would be to measure the connectivity (bandwidth) between both networks.
Hi @supersven ! Thank you for the super quick replies !
I see, so to test correctly I must always be on separate networks. I will test the bandwidth too !
Another question, when testing which ports restund listens to it shows 3478 & 8080,
netstat -tunlp | grep restund
tcp 0 0 138.68.110.150:3478 0.0.0.0:* LISTEN 8018/restund
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 8018/restund
udp 0 0 138.68.110.150:3478 0.0.0.0:* 8018/restund
udp 0 0 127.0.0.1:33000 0.0.0.0:* 8018/restund
but the docs say 3478 & 5478
I think I should be setting the turns.<ip>:8080?transport=tcp
, right?
@Twiggeh, Welcome :smile:
AFAIK port 8080
is only used for administrative things like readiness and liveness probes. I.e. it's fine to only use 3478
:
brig:
...
turnStatic:
v2:
- turn:<YOUR_RESTUND_HOST>:3478?transport=udp
- turn:<YOUR_RESTUND_HOST>:3478?transport=tcp
@supersven Ay thank you!
It was the ports at the end, I had 443
and 80
from a different part of the docs for some reason ( I believe it was the circumvent firewalls tip)
I am still intrigued why the 5478
port doesn't show up, my best guess is that 5478
is the incoming tls traffic and that I somehow didn't put the certificates in the correct place.
Now it works almost as expected :heart:, I'll mark it as resolved since my initial question was already answered!
Thank you again !
@Twiggeh Welcome :sunglasses:
In the restund
config the TLS port related parameter is named tls_listen
. You'll likely have to grep
a bit to figure out how it relates to other parameters.
If you're using the Helm chart to install restund
on Kubernetes: tls_listen
is disabled there.
Basic information
On-premises: no
Cloud-Provider: DigitalOcean VPS
Installation type: production
Kubernetes version:
GitVersion:"v1.19.7"
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:23:52Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.7", GitCommit:"1dd5338295409edcfff11505e7bb246f0d325d15", GitTreeState:"clean", BuildDate:"2021-01-13T13:15:20Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}Version:"v3.8.1",
version.BuildInfo{Version:"v3.8.1", GitCommit:"5cb9af4b1b271d11d7a97a71df3ac337dd94ad37", GitTreeState:"", GoVersion:"go1.17.7"}Installed with Kubespray:
(Helm) Charts version: 4.34.0
List of installed top-level charts: account-pages brig cargohold demo-smtp elasticsearch fake-aws galley gundeck nginx-ingres nginz spar webapp
Other related technologies + version: ansible 2.9.27
How did you install Wire?
There were only 2 VMs installed instead of the recommended 3, otherwise it is the same standard installation. Both VMs use Ubuntu 18, TLS was setup using letsencrypt (without auto-renewal) & DNS records are how they are described in the admin guide.
Question
At first after the installation, calls would connect very quickly ~300ms, but I noticed extreme slowdowns when the 2 calling machines would be in different networks, so I started investigating to what is happening.
At first I was investigating whether a firewall might be the issue & I globally disabled the entire firewall on all ends (router, ufw on server, ufw on client machines), but that didn't appear to be the issue :/
Eventually I turned off the restund & sftd services (systemctl stop restund && pkill restund, modified the helm chart to scale sftd to 0) and the latency stayed the same ! and the calls were connecting!
I read the documentation on restund and sftd, and it appeared to me that those services are vital for video / audio calls to work, so my question is how do they still work if no restund or sftd is active ?
Is there a sort of backup discovery for wire ? If so it appears that sometimes it is hit even when dedicated restund is deployed.
I am sorry I am at a complete loss where to look, thanks in advance !
Edit:
When viewing the restund process it appears to be sleeping ?