Jitsi not working with NAT and public IP

opensourced

I have been trying to use jitsi for several times now. Until now, I haven't managed to get video and sound to work.

My cloudron instance is running on a vm in a LAN, with a public IP assigned (NAT) which is assigned by a firewall. Ofc i opened the port 10000 (i even opened all ports when i tried to get it to working last time).

Am I the only one with that problem or is further configuration required? I guess its possible that jitsi thinks that the LAN IP is its pub IP, although its not & therefore runs into a problem.

With yunohost, it was very easy to install jitsi -> install & open ports -> done. So i checked some configs there and tried out some things but without success. Help is very much appreciated

If you need some logs (i didn't get useful output in the container logs), tell me which ones...

Thanks in advance

nebulon

Jitsi has two operation modes. It uses peer-to-peer for 2 participants and above that it falls back to essentially proxying the video and audio. Can you test both modes and see if one of them works? Just to narrow down the issue a bit.

opensourced

@nebulon I just tried both modes (i set them in the .json config file) with 3 participants. None was working.

nebulon

These webrtc issues are inherently hard to debug unfortunately. Do you see any suspicious logs in the browser console, the app logs or the Cloudron turn service logs?

opensourced

@nebulon I checked the logs but the turn service didn't log anything. I also tried to start the app in recovery mode, but the /var/log/ didnt have anything useful. Are there other ways to get more information out of it?

nebulon

@opensourced the app should log all things into the normal log system of Cloudron, so you'd have to check there. Most likely there is some port or routing issue though which could be found out using the information dumped into the browser inspector console in jitsi. Look for the term candidates there to see how the clients are trying to connect to each other.

opensourced

@nebulon So i see there are several references to conference.jitsi.mydomain.com, should there be an DNS entry for that?

In the last line there might be something: No socket found for 172.18.19.68:10000/udp->10.1.23.114:47429/udp

Jun 29 15:16:07 Jicofo 2022-06-29 15:16:07.207 INFO: [18] [room=test@conference.jitsi.mydomain.com meeting_id=760ece5a-d598-44bd-8fbc-fa7a703cb364] ColibriV2SessionManager.updateParticipant#463: Updating Participant[test@conference.jitsi.mydomain.com/606b8125]@389775379 with transport=org.jitsi.xmpp.extensions.jingle.IceUdpTransportPacketExtension@7685622d, sources=null
Jun 29 15:16:07 172.18.0.1 - - [29/Jun/2022:15:16:07 +0000] "POST /http-bind?room=test HTTP/1.1" 200 346 "-" "okhttp/3.12.1"
Jun 29 15:16:07 JVB 2022-06-29 15:16:07.214 INFO: [58] [confId=ce7c241269d72044 conf_name=test@conference.jitsi.mydomain.com epId=606b8125 stats_id=Darlene-XN4 local_ufrag=7iv6f1g6o0h983 ufrag=7iv6f1g6o0h983 name=stream-606b8125 componentId=1] Component.addUpdateRemoteCandidates#345: Update remote candidate for stream-606b8125.RTP: 10.1.23.114:47429/udp
Jun 29 15:16:07 JVB 2022-06-29 15:16:07.216 INFO: [58] [confId=ce7c241269d72044 conf_name=test@conference.jitsi.mydomain.com epId=606b8125 stats_id=Darlene-XN4 local_ufrag=7iv6f1g6o0h983 ufrag=7iv6f1g6o0h983 name=stream-606b8125 componentId=1] Component.updateRemoteCandidates#482: new Pair added: 172.18.19.68:10000/udp/host -> 10.1.23.114:47429/udp/host (stream-606b8125.RTP).
Jun 29 15:16:07 JVB 2022-06-29 15:16:07.227 INFO: [61] [confId=ce7c241269d72044 conf_name=test@conference.jitsi.mydomain.com=606b8125 stats_id=Darlene-XN4 local_ufrag=7iv6f1g6o0h983 ufrag=7iv6f1g6o0h983] ConnectivityCheckClient.startCheckForPair#350: Could not start connectivity check: No socket found for 172.18.19.68:10000/udp->10.1.23.114:47429/udp

nebulon

@opensourced the conference subdomain is only an internal identifier, no need to setup a DNS record for this.

Regarding the port, is it possible that you have only portforwarded TCP ports but not UDP ports in your router? Not sure if your router makes any difference here.

opensourced

@nebulon the oposite is the case. for now i only allowed udp on port 10000.