0

I want to configure my local copy of

https://github.com/mattermost/mattermost-webrtc/blob/master/vagrant/janus/config/janus.cfg

to enable video calls for test purposes in Mattermost. One part is:

[nat]
stun_server = stun.l.google.com
stun_port = 19302

How do I use stun.l.google.com behind a corporate proxy?

I tried

proxytunnel -p corporate-proxy:7123 -d stun.l.google.com:19302 -a 3098

and replaced first part with

[nat]
stun_server = localhost
stun_port = 3098

which results in

$ docker run -it webrtc_blah_2
Janus commit: ad2c131617ac989df1a1bbd601272a5e448cbb3e
Compiled on:  Mon Jul 24 13:04:22 UTC 2017

---------------------------------------------------
  Starting Meetecho Janus (WebRTC Gateway) v0.2.4
---------------------------------------------------

Checking command line arguments...
Debug/log level is 4
Debug/log timestamps are disabled
Debug/log colors are enabled
Adding 'vmnet' to the ICE ignore list...
Using X.17.0.2 as local IP...
Token based authentication enabled
Initializing recorder code
Initializing ICE stuff (Full mode, ICE-TCP candidates disabled, IPv6 support disabled)
STUN server to use: localhost:3098
ICE handles watchdog started
Testing STUN server: message is of 20 bytes
[FATAL] [ice.c:janus_ice_set_stun_server:808] No response to our STUN BINDING test
[FATAL] [janus.c:main:3667] Invalid STUN address localhost:3098

Analogous with default config (see last two lines):

[FATAL] [ice.c:janus_ice_set_stun_server:808] No response to our STUN BINDING test
[FATAL] [janus.c:main:3667] Invalid STUN address stun.l.google.com:19302
qräbnö
  • 2,722
  • 27
  • 40

1 Answers1

2

1.STUN and TURN both servers are by definition in their respective RFCs can be setup only on Public IPs

2.Stun server is used to give public IP of your firewall , if you configure in your firewall , your STUN binding requests( SBR) will result no response as there is no external server out from your firewall is configured.

3.On a very supeficial level job of STUN server is to receive the SBR from the source and check the IP address from transport layer and return the same in response plus find one port which will be open to reach the source back.

4.Later hole punching is done on the same port, to make it open throughout the session using STUN binding indication.

Crux is one should not configure STUN or TURN within firewall as this is of no use.

Gaurav Srivastava
  • 347
  • 2
  • 11
  • Thanks, so I guess this video call functionality or docker image is not usable behind proxy. – qräbnö Jul 25 '17 at 13:03
  • One more important information any call ( audio/video) depends upon its candidate pair negotiated.If you want to make call in your network you need to setup all clients in your environment in that case local candidates will be selected and peer to peer call can be established.If u want to involve janus server in between then server has be installed in ur network.STUN and TURN are useful only when clients are located in different NATs. – Gaurav Srivastava Jul 25 '17 at 14:09