On Tuesday I had some trouble with customers who were unable to join a BigBlueButton conference due to a limited government network.
The typical solution for this type of network is a STUN/TURN server constellation, which can be used by these clients to join the meeting via the TURN server.
I had no clue how to try out to be part of that kind of limited network / to simulate it and why the STUN/TURN server does not work for them.
I found only two interesting links for testing. Maybe they are helpful for your own debugging too.
Additionally there is a setting in firefox:
about:config media.peerconnection.ice.relay_only set to true
At the end, the easiest solution is really simple.
The typical government network firewall looks like:
iptables -P OUTPUT DROP iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p upd -m upp --dport 53 -j ACCEPT
Only port 80/443/53 are allowed. Rest is blocked
For this reason WebRTC BigBlueButton meetings without TURN server do not work for them. If you have little snitch on your mac, you can easily simulate this kind of network.