WebRTC issue
2,232 views
Skip to first unread message
Abhijeet Dutta
Aug 25, 2016, 7:37:17 AM8/25/16
to BigBlueButton-Setup
Hello,
I have used BBB without WebRTC and SSL fine. I have followed the procedures given in BBB install link, I keep getting error: 1007, i.e. related to firewall. But the ports are open.
Please advise how I can resolve this issue. URL: https://webinar.arihantcapital.com/
Please see the report for sudo bbb-conf --check:
BigBlueButton Server 1.0.0 (1058)
Kernel version: 4.2.0-36-generic
Distribution: Ubuntu 14.04.5 LTS (64-bit)
Memory: 3861 MB
/var/www/bigbluebutton/client/conf/config.xml (bbb-client)
Port test (tunnel): webinar.arihantcapital.com
useWebrtcIfAvailable: true
/opt/freeswitch/conf/sip_profiles/external.xml (FreeSWITCH)
websocket port: 5066
WebRTC enabled: true
/etc/nginx/sites-available/bigbluebutton (nginx)
server name: webinar.arihantcapital.com
port: 80
port: 443 ssl
bbb-client dir: /var/www/bigbluebutton
/var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties (bbb-web)
bbb-web host: webinar.arihantcapital.com
/var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp (API demos)
/var/www/bigbluebutton/check/conf/config.xml (client check)
client check: webinar.arihantcapital.com
/usr/share/red5/webapps/bigbluebutton/WEB-INF/red5-web.xml (red5)
voice conference: FreeSWITCH
capture video: true
capture desktop: true
/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
playback host: webinar.arihantcapital.com
** Potential problems described below **
# IP does not match:
# IP from ifconfig: 192.168.0.159
# /etc/nginx/sites-available/bigbluebutton: webinar.arihantcapital.com
# Warning: API URL IPs do not match host:
#
# IP from ifconfig: 192.168.0.159
# /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp: webinar.arihantcapital.com
# Warning: You are running BigBlueButton on a server with less than 4G of memory . Your
# performance may suffer.
# Warning: The API demos are installed and accessible from:
#
#
# These API demos allow anyone to access your server without authentication
# to create/manage meetings and recordings. They are for testing purposes only.
# If you are running a production system, remove them by running:
#
# sudo apt-get purge bbb-demo
# Warning: The client self check is installed and accessible from:
#
HostBBB.com
Aug 25, 2016, 8:02:11 AM8/25/16
to BigBlueButton-Setup
I tried to login to your server.
a=ice-ufrag:TApMSLEMFesVSobL
a=ice-pwd:PZ4czAmHzvfmpD283iLMUfop
a=candidate:4286820942 1 udp 659136 192.168.0.159 25244 typ host generation 0
a=ice-pwd:PZ4czAmHzvfmpD283iLMUfop
a=candidate:4286820942 1 udp 659136 192.168.0.159 25244 typ host generation 0
your freeswitch is sending its internal ip address and not its external public facing ip.
this can help you configure correct with eth0 is not the public ip address.
regards,
Stephen
Abhijeet Dutta
Aug 25, 2016, 9:10:48 AM8/25/16
to BigBlueButton-Setup
Hello HostBBB,
Thank you for your response. I followed the steps in http://www.google.com/url?q=http%3A%2F%2Fdocs.bigbluebutton.org%2Finstall%2Finstall.html%23audio-not-working&sa=D&sntz=1&usg=AFQjCNHHIFdODrX2aVi3rvCcB8SsAFQubg.
Please have a look at the result of sudo bbb-conf --check:
** Potential problems described below **
# IP does not match:
# IP from ifconfig: 192.168.0.159
# /etc/nginx/sites-available/bigbluebutton: webinar.arihantcapital.com
# Warning: API URL IPs do not match host:
#
# IP from ifconfig: 192.168.0.159
# /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp: webinar.arihantcapital.com
# Warning: The setting of 114.143.192.172 for proxy_pass in
#
# /etc/bigbluebutton/nginx/sip.nginx
#
# does not match the local IP address (192.168.0.159).
# (This is OK if you've manually changed the values)
# Warning: The setting of for local_ip_v4 in
#
# /opt/freeswitch/conf/vars.xml
#
# does not match the local IP address (192.168.0.159).
# (This is OK if you've manually changed the values)
# Warning: You are running BigBlueButton on a server with less than 4G of memory. Your
# performance may suffer.
# Warning: The API demos are installed and accessible from:
#
#
# These API demos allow anyone to access your server without authentication
# to create/manage meetings and recordings. They are for testing purposes only.
# If you are running a production system, remove them by running:
#
# sudo apt-get purge bbb-demo
# Warning: The client self check is installed and accessible from:
#
Pasquale Di Feo
Sep 8, 2016, 1:38:52 PM9/8/16
to BigBlueButton-Setup
Hi,
after about two days, finally Bigbluebutton works with a server beyond a firewall. The major problem is in proxy_pass of ngix.
It's necessary to set public ip address, as you did, but on the firewall it's important enable hairpinning to permit ngix to "proxy_pass" on public ip address.
There are other problems with external.xml config of freeswitch. Also if you set correct ip address in ext-sip-ip, freeswich use always private ip address. So I forced setting in external.xml.
In the next days I'll write better documentation about problem and his resolution.
Regards
Pasquale
Fred Dixon
Sep 8, 2016, 2:39:06 PM9/8/16
to bigbluebu...@googlegroups.com
Hi Pasquale,
Thanks for sharing this -- I'm sure others will benefit from what you found.
Regards,.. Fred
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.
To post to this group, send email to bigbluebutton-setup@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
BigBlueButton Developer
@bigbluebutton
Pasquale Di Feo
Sep 9, 2016, 2:44:25 PM9/9/16
to BigBlueButton-Setup
Hi to all,
I found another little trick. For avoid to set the hairpinng on firewall and for avoid dirty traffic between bbb server and firewall, I created a dummy nic interface on bbb server and set public ip address on it.
After in external.xml I set wss binding with public ip address (that now is local for bbb server). So proxy_pass redirect correctly to websocket listener. Is not clean solution, but all works fine.
But I am very curious why I have to use these tricks.
Pasquale
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
e.rougeux
Sep 10, 2016, 12:44:35 PM9/10/16
to BigBlueButton-Setup
Hi to all,
I have a bigbluebutton server behind a firewall, but i didn't have the WebRTC working, everything else work perfectly. I fallow every step in the install guide and i build a hairpin like Pasquale say, still webRTC failed with a 1007 or 1011 error code.
This is my settings:
The bbb-conf --check :
I have a bigbluebutton server behind a firewall, but i didn't have the WebRTC working, everything else work perfectly. I fallow every step in the install guide and i build a hairpin like Pasquale say, still webRTC failed with a 1007 or 1011 error code.
This is my settings:
- firewall : Sophos UTM9
- my public ip is : 37.71.36.210
- my private ip (behind the firewall) : 192.168.1.239
- ssl is enable
- All the ports are open
- A hairpin is enable
The bbb-conf --check :
sudo bbb-conf --check
BigBlueButton Server 1.0.0 (1058)
Kernel version: 3.19.0-68-generic
Distribution: Ubuntu 14.04.5 LTS (64-bit)
Memory: 257847 MB
/var/www/bigbluebutton/client/conf/config.xml (bbb-client)
Port test (tunnel): visio.mlfmonde.org
Red5: visio.mlfmonde.org
useWebrtcIfAvailable: true
/opt/freeswitch/conf/sip_profiles/external.xml (FreeSWITCH)
websocket port: 5066
WebRTC enabled: true
/etc/nginx/sites-available/bigbluebutton (nginx)
server name: visio.mlfmonde.org
port: 80
port: 443 ssl
bbb-client dir: /var/www/bigbluebutton
/var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties (bbb-web)
bbb-web host: visio.mlfmonde.org
/var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp (API demos)
url: visio.mlfmonde.org
/var/www/bigbluebutton/check/conf/config.xml (client check)
client check: visio.mlfmonde.org
/usr/share/red5/webapps/bigbluebutton/WEB-INF/red5-web.xml (red5)
voice conference: FreeSWITCH
capture video: true
capture desktop: true
/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
playback host: visio.mlfmonde.org
** Potential problems described below **
# Warning: API URL IPs do not match host:
#
# IP from ifconfig: 192.168.1.239
# /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp: visio.mlfmonde.org
# Warning: The setting of 37.71.36.210 for proxy_pass in
#
# /etc/bigbluebutton/nginx/sip.nginx
#
# does not match the local IP address (192.168.1.239).
# (This is OK if you've manually changed the values)
# Warning: The setting of for local_ip_v4 in
#
# /opt/freeswitch/conf/vars.xml
#
# does not match the local IP address (192.168.1.239).
# (This is OK if you've manually changed the values)
# Warning: The API demos are installed and accessible from:
#
#
# These API demos allow anyone to access your server without authentication
# to create/manage meetings and recordings. They are for testing purposes only.
# If you are running a production system, remove them by running:
#
# sudo apt-get purge bbb-demo
# Warning: The client self check is installed and accessible from:
#
# https://visio.mlfmonde.org/checkcat /opt/freeswitch/conf/vars.xml
#
<include>
<!-- Preprocessor Variables
These are introduced when configuration strings must be consistent across modules.
NOTICE: YOU CAN NOT COMMENT OUT AN X-PRE-PROCESS line, Remove the line instead.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
YOU SHOULD CHANGE THIS default_password value if you don't want to be subject to any
toll fraud in the future. It's your responsibility to secure your own system.
This default config is used to demonstrate the feature set of FreeSWITCH.
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
-->
<X-PRE-PROCESS cmd="set" data="suppress_cng=true"/>
<X-PRE-PROCESS cmd="set" data="default_password=1234"/>
<!-- Did you change it yet? -->
<X-PRE-PROCESS cmd="set" data="sound_prefix=$${sounds_dir}/en/us/callie"/>
<!--
This setting is what sets the default domain FreeSWITCH will use if all else fails.
FreeSWICH will default to $${local_ip_v4} unless changed. Changing this setting does
affect the sip authentication. Please review conf/directory/default.xml for more
information on this topic.
-->
<X-PRE-PROCESS cmd="set" data="domain=$${local_ip_v4}"/>
<X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/>
<X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
<X-PRE-PROCESS cmd="set" data="use_profile=internal"/>
<!--
Enable ZRTP globally you can override this on a per channel basis
http://wiki.freeswitch.org/wiki/ZRTP (on how to enable zrtp)
-->
<X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
<!--
Examples of codec options: (module must be compiled and loaded)
codecname[@8000h|16000h|32000h[@XXi]]
XX is the frame size must be multples allowed for the codec
FreeSWITCH can support 10-120ms on some codecs.
We do not support exceeding the MTU of the RTP packet.
iLBC@30i - iLBC using mode=30 which will win in all cases.
DVI4@8000h@20i - IMA ADPCM 8kHz using 20ms ptime. (multiples of 10)
DVI4@16000h@40i - IMA ADPCM 16kHz using 40ms ptime. (multiples of 10)
speex@8000h@20i - Speex 8kHz using 20ms ptime.
speex@16000h@20i - Speex 16kHz using 20ms ptime.
speex@32000h@20i - Speex 32kHz using 20ms ptime.
BV16 - BroadVoice 16kb/s narrowband, 8kHz
BV32 - BroadVoice 32kb/s wideband, 16kHz
G7221@16000h - G722.1 16kHz (aka Siren 7)
G7221@32000h - G722.1C 32kHz (aka Siren 14)
CELT@32000h - CELT 32kHz, only 10ms supported
CELT@48000h - CELT 48kHz, only 10ms supported
GSM@40i - GSM 8kHz using 40ms ptime. (GSM is done in multiples of 20, Default is 20ms)
G722 - G722 16kHz using default 20ms ptime. (multiples of 10)
PCMU - G711 8kHz ulaw using default 20ms ptime. (multiples of 10)
PCMA - G711 8kHz alaw using default 20ms ptime. (multiples of 10)
G726-16 - G726 16kbit adpcm using default 20ms ptime. (multiples of 10)
G726-24 - G726 24kbit adpcm using default 20ms ptime. (multiples of 10)
G726-32 - G726 32kbit adpcm using default 20ms ptime. (multiples of 10)
G726-40 - G726 40kbit adpcm using default 20ms ptime. (multiples of 10)
AAL2-G726-16 - Same as G726-16 but using AAL2 packing. (multiples of 10)
AAL2-G726-24 - Same as G726-24 but using AAL2 packing. (multiples of 10)
AAL2-G726-32 - Same as G726-32 but using AAL2 packing. (multiples of 10)
AAL2-G726-40 - Same as G726-40 but using AAL2 packing. (multiples of 10)
LPC - LPC10 using 90ms ptime (only supports 90ms at this time in FreeSWITCH)
L16 - L16 isn't recommended for VoIP but you can do it. L16 can exceed the MTU rather quickly.
These are the passthru audio codecs:
G729 - G729 in passthru mode. (mod_g729)
G723 - G723.1 in passthru mode. (mod_g723_1)
AMR - AMR in passthru mode. (mod_amr)
These are the passthru video codecs: (mod_h26x)
H261 - H.261 Video
H263 - H.263 Video
H263-1998 - H.263-1998 Video
H263-2000 - H.263-2000 Video
H264 - H.264 Video
RTP Dynamic Payload Numbers currently used in FreeSWITCH and what for.
96 - AMR
97 - iLBC (30)
98 - iLBC (20)
99 - Speex 8kHz, 16kHz, 32kHz
100 -
101 - telephone-event
102 -
103 -
104 -
105 -
106 - BV16
107 - G722.1 (16kHz)
108 -
109 -
110 -
111 -
112 -
113 -
114 - CELT 32kHz, 48kHz
115 - G722.1C (32kHz)
116 -
117 - SILK 8kHz
118 - SILK 12kHz
119 - SILK 16kHz
120 - SILK 24kHz
121 - AAL2-G726-40 && G726-40
122 - AAL2-G726-32 && G726-32
123 - AAL2-G726-24 && G726-24
124 - AAL2-G726-16 && G726-16
125 -
126 -
127 - BV32
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=G722,PCMU,PCMA,GSM"/>
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=PCMU,PCMA,GSM"/>
-->
<X-PRE-PROCESS cmd="set" data="global_codec_prefs=OPUS,speex@16000h@20i,speex@8000h@20i,G7221@32000h,G7221@16000h,G722,PCMU,PCMA,GSM" />
<X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=speex@16000h@20i,PCMU,PCMA,GSM" />
<!--
xmpp_client_profile and xmpp_server_profile
xmpp_client_profile can be any string.
xmpp_server_profile is appended to "dingaling_" to form the database name
containing the "subscriptions" table.
used by: dingaling.conf.xml enum.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="xmpp_client_profile=xmppc"/>
<X-PRE-PROCESS cmd="set" data="xmpp_server_profile=xmpps"/>
<!--
THIS IS ONLY USED FOR DINGALING
bind_server_ip
Can be an ip address, a dns name, or "auto".
This determines an ip address available on this host to bind.
If you are separating RTP and SIP traffic, you will want to have
use different addresses where this variable appears.
Used by: dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="bind_server_ip=37.71.36.210"/>
<!-- NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
If you're going to load test FreeSWITCH please input real IP addresses
for external_rtp_ip and external_sip_ip
-->
<!-- external_rtp_ip
Can be an one of:
ip address: "12.34.56.78"
a stun server lookup: "stun:stun.server.com"
a DNS name: "host:host.server.com"
where fs.mydomain.com is a DNS A record-useful when fs is on
a dynamic IP address, and uses a dynamic DNS updater.
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_rtp_ip=37.71.36.210"/>
<!-- external_sip_ip
Used as the public IP address for SDP.
Can be an one of:
ip address: "12.34.56.78"
a stun server lookup: "stun:stun.server.com"
a DNS name: "host:host.server.com"
where fs.mydomain.com is a DNS A record-useful when fs is on
a dynamic IP address, and uses a dynamic DNS updater.
If unspecified, the bind_server_ip value is used.
Used by: sofia.conf.xml dingaling.conf.xml
-->
<X-PRE-PROCESS cmd="set" data="external_sip_ip=37.71.36.210"/>
<!-- unroll-loops
Used to turn on sip loopback unrolling.
-->
<X-PRE-PROCESS cmd="set" data="unroll_loops=true"/>
<!-- outbound_caller_id and outbound_caller_name
The caller ID telephone number we should use when calling out.
Used by: conference.conf.xml and user directory for default
outbound callerid name and number.
-->
<X-PRE-PROCESS cmd="set" data="outbound_caller_name=FreeSWITCH"/>
<X-PRE-PROCESS cmd="set" data="outbound_caller_id=0000000000"/>
<!-- various debug and defaults -->
<X-PRE-PROCESS cmd="set" data="call_debug=false"/>
<X-PRE-PROCESS cmd="set" data="console_loglevel=info"/>
<X-PRE-PROCESS cmd="set" data="default_areacode=918"/>
<X-PRE-PROCESS cmd="set" data="default_country=US"/>
<!-- if false or undefined, the destination number is included in presence NOTIFY dm:note.
if true, the destination number is not included -->
<X-PRE-PROCESS cmd="set" data="presence_privacy=false"/>
<X-PRE-PROCESS cmd="set" data="be-ring=%(1000,3000,425)"/>
<X-PRE-PROCESS cmd="set" data="ca-ring=%(2000,4000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="cn-ring=%(1000,4000,450)"/>
<X-PRE-PROCESS cmd="set" data="cy-ring=%(1500,3000,425)"/>
<X-PRE-PROCESS cmd="set" data="cz-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="de-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="dk-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="dz-ring=%(1500,3500,425)"/>
<X-PRE-PROCESS cmd="set" data="eg-ring=%(2000,1000,475,375)"/>
<X-PRE-PROCESS cmd="set" data="es-ring=%(1500,3000,425)"/>
<X-PRE-PROCESS cmd="set" data="fi-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="fr-ring=%(1500,3500,440)"/>
<X-PRE-PROCESS cmd="set" data="hk-ring=%(400,200,440,480);%(400,3000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="hu-ring=%(1250,3750,425)"/>
<X-PRE-PROCESS cmd="set" data="il-ring=%(1000,3000,400)"/>
<X-PRE-PROCESS cmd="set" data="in-ring=%(400,200,425,375);%(400,2000,425,375)"/>
<X-PRE-PROCESS cmd="set" data="jp-ring=%(1000,2000,420,380)"/>
<X-PRE-PROCESS cmd="set" data="ko-ring=%(1000,2000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="pk-ring=%(1000,2000,400)"/>
<X-PRE-PROCESS cmd="set" data="pl-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="ro-ring=%(1850,4150,475,425)"/>
<X-PRE-PROCESS cmd="set" data="rs-ring=%(1000,4000,425)"/>
<X-PRE-PROCESS cmd="set" data="ru-ring=%(800,3200,425)"/>
<X-PRE-PROCESS cmd="set" data="sa-ring=%(1200,4600,425)"/>
<X-PRE-PROCESS cmd="set" data="tr-ring=%(2000,4000,450)"/>
<X-PRE-PROCESS cmd="set" data="uk-ring=%(400,200,400,450);%(400,2000,400,450)"/>
<X-PRE-PROCESS cmd="set" data="us-ring=%(2000,4000,440,480)"/>
<X-PRE-PROCESS cmd="set" data="bong-ring=v=-7;%(100,0,941.0,1477.0);v=-7;>=2;+=.1;%(1400,0,350,440)"/>
<X-PRE-PROCESS cmd="set" data="beep=%(1000,0,640)"/>
<X-PRE-PROCESS cmd="set" data="sit=%(274,0,913.8);%(274,0,1370.6);%(380,0,1776.7)"/>
<!--
Setting up your default sip provider is easy.
Below are some values that should work in most cases.
These are for conf/directory/default/example.com.xml
-->
<X-PRE-PROCESS cmd="set" data="default_provider=example.com"/>
<X-PRE-PROCESS cmd="set" data="default_provider_username=joeuser"/>
<X-PRE-PROCESS cmd="set" data="default_provider_password=password"/>
<X-PRE-PROCESS cmd="set" data="default_provider_from_domain=example.com"/>
<!-- true or false -->
<X-PRE-PROCESS cmd="set" data="default_provider_register=false"/>
<X-PRE-PROCESS cmd="set" data="default_provider_contact=5000"/>
<!--
SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
-->
<X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1"/>
<!-- Internal SIP Profile -->
<X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
<X-PRE-PROCESS cmd="set" data="internal_sip_port=5090"/>
<X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/>
<X-PRE-PROCESS cmd="set" data="internal_ssl_enable=false"/>
<!-- External SIP Profile -->
<X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/>
<X-PRE-PROCESS cmd="set" data="external_sip_port=5060"/>
<X-PRE-PROCESS cmd="set" data="external_tls_port=5081"/>
<X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
</include>
cat /opt/freeswitch/conf/sip_profiles/external.xml
<profile name="external">
<!-- http://wiki.freeswitch.org/wiki/Sofia_Configuration_Files -->
<!-- This profile is only for outbound registrations to providers -->
<gateways>
<X-PRE-PROCESS cmd="include" data="external/*.xml"/>
</gateways>
<aliases>
<!--
<alias name="outbound"/>
<alias name="nat"/>
-->
</aliases>
<domains>
<domain name="all" alias="false" parse="true"/>
</domains>
<settings>
<param name="debug" value="0"/>
<!-- If you want FreeSWITCH to shutdown if this profile fails to load, uncomment the next line. -->
<!-- <param name="shutdown-on-fail" value="true"/> -->
<param name="sip-trace" value="no"/>
<param name="sip-capture" value="no"/>
<param name="rfc2833-pt" value="101"/>
<!-- RFC 5626 : Send reg-id and sip.instance -->
<!--<param name="enable-rfc-5626" value="true"/> -->
<param name="sip-port" value="$${external_sip_port}"/>
<param name="dialplan" value="XML"/>
<param name="context" value="public"/>
<param name="dtmf-duration" value="2000"/>
<param name="inbound-codec-prefs" value="$${global_codec_prefs}"/>
<param name="outbound-codec-prefs" value="$${outbound_codec_prefs}"/>
<param name="hold-music" value="$${hold_music}"/>
<param name="rtp-timer-name" value="soft"/>
<!--<param name="enable-100rel" value="true"/>-->
<!--<param name="disable-srv503" value="true"/>-->
<!-- This could be set to "passive" -->
<param name="local-network-acl" value="localnet.auto"/>
<param name="manage-presence" value="false"/>
<!-- used to share presence info across sofia profiles
manage-presence needs to be set to passive on this profile
if you want it to behave as if it were the internal profile
for presence.
-->
<!-- Name of the db to use for this profile -->
<!--<param name="dbname" value="share_presence"/>-->
<!--<param name="presence-hosts" value="$${domain}"/>-->
<!--<param name="force-register-domain" value="$${domain}"/>-->
<!--all inbound reg will stored in the db using this domain -->
<!--<param name="force-register-db-domain" value="$${domain}"/>-->
<!-- ************************************************* -->
<!--<param name="aggressive-nat-detection" value="true"/>-->
<param name="inbound-codec-negotiation" value="generous"/>
<param name="nonce-ttl" value="60"/>
<param name="auth-calls" value="false"/>
<param name="inbound-late-negotiation" value="true"/>
<param name="inbound-zrtp-passthru" value="true"/> <!-- (also enables late negotiation) -->
<!--
DO NOT USE HOSTNAMES, ONLY IP ADDRESSES IN THESE SETTINGS!
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="auto-nat"/>
<param name="ext-sip-ip" value="auto-nat"/>
-->
<param name="rtp-ip" value="$${local_ip_v4}"/>
<param name="sip-ip" value="$${local_ip_v4}"/>
<param name="ext-rtp-ip" value="37.71.36.210"/>
<param name="ext-sip-ip" value="37.71.36.210"/>
<param name="rtp-timeout-sec" value="300"/>
<param name="rtp-hold-timeout-sec" value="1800"/>
<!--<param name="enable-3pcc" value="true"/>-->
<!-- TLS: disabled by default, set to "true" to enable -->
<param name="tls" value="$${external_ssl_enable}"/>
<!-- Set to true to not bind on the normal sip-port but only on the TLS port -->
<param name="tls-only" value="false"/>
<!-- additional bind parameters for TLS -->
<param name="tls-bind-params" value="transport=tls"/>
<!-- Port to listen on for TLS requests. (5081 will be used if unspecified) -->
<param name="tls-sip-port" value="$${external_tls_port}"/>
<!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) -->
<!--<param name="tls-cert-dir" value=""/>-->
<!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files -->
<param name="tls-passphrase" value=""/>
<!-- Verify the date on TLS certificates -->
<param name="tls-verify-date" value="true"/>
<!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate -->
<!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'in_subjects', 'out_subjects' and 'all_subjects' for subject validation. Multiple policies can be split with a '|' pipe -->
<param name="tls-verify-policy" value="none"/>
<!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none -->
<param name="tls-verify-depth" value="2"/>
<!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
<param name="tls-verify-in-subjects" value=""/>
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
<param name="ws-binding" value=":5066"/>
<param name="wss-binding" value=":7443"/>
<!-- enable rtcp on every channel also can be done per leg basis with rtcp_audio_interval_msec variable set to passthru to pass it across a call-->
<param name="rtcp-audio-interval-msec" value="5000"/>
<param name="rtcp-video-interval-msec" value="5000"/>
<!-- Cut down in the join time -->
<param name="dtmf-type" value="info"/>
<param name="liberal-dtmf" value="true"/>
</settings>
</profile>
cat /usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties
# The ip and port the BBB SIP app is going to use
bbb.sip.app.ip=192.168.1.239
bbb.sip.app.port=5070
# The username and password the BBB SIP app to use to
# register with FreeSWITCH
sip.server.username=bbbuser
sip.server.password=secret
# The ip and port of the FreeSWITCH server
freeswitch.ip=192.168.1.239
freeswitch.port=5060
# The start/stop RTP port the application is going to use
# for the media stream.
startAudioPort=15000
stopAudioPort=16383
redis.host=127.0.0.1
redis.port=6379
redis.pass=
# If you want mjsip stack (red5/log/*access*.log) to minimize the amount of logs it
# generates, set this to a lower value (e.g. 3).
sipStackDebugLevel=3
cat /etc/bigbluebutton/nginx/sip.nginx
location /ws {
proxy_pass https://37.71.36.210:7443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 6h;
proxy_send_timeout 6h;
client_body_timeout 6h;
send_timeout 6h;
}
I'm sure it's just a missconfiguration from me, but i don't found the solution,
Thank for your help
Fred Dixon
Sep 10, 2016, 2:43:57 PM9/10/16
to bigbluebu...@googlegroups.com
Hi Roger,
Thanks for the detailed post. There error 1007
is pretty much a firewall issue. The web sockets connection was made to setup the call, but FreeSWITCH and the browser couldn't negotiate a UDP port to make the connection.
Do you have UDP ports in the range 16384-32768 forwarded on the firewall to the FreeSWITCH server?
Have you made the changes to external.xml as shown here
Regards,... Fred
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsubscribe...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.
To post to this group, send email to bigbluebutton-setup@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
e.rougeux
Sep 10, 2016, 2:54:14 PM9/10/16
to BigBlueButton-Setup
Hi Fred,
Yeah port are open and the NAT redirect to my serveur
i did follow all the step in the http://docs.bigbluebutton.org/install/install.html#client-webrtc-error-codes
But this webRTC not work, I think I miss understand something for webRTC get to work, i give all the config file to found the probleme
Thanks for the help
Yeah port are open and the NAT redirect to my serveur
i did follow all the step in the http://docs.bigbluebutton.org/install/install.html#client-webrtc-error-codes
But this webRTC not work, I think I miss understand something for webRTC get to work, i give all the config file to found the probleme
Thanks for the help
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
Pasquale Di Feo
Sep 10, 2016, 7:14:23 PM9/10/16
to BigBlueButton-Setup
Hi Roger,
in var.xml
<X-PRE-PROCESS cmd="set" data="bind_server_ip=37.71.36.210"/>it's wrong bind on external address (public ip address). It must be internal ip address 192.168.1.239. I think that with your configuration freeswitch external.xml profile don't load.
All other value are correct.
From root shell execute
/opt/freeswitch/bin/fs_cli -x "sofia status profile external"=================================================================================================
Name external
Domain Name N/A
Auto-NAT false
DBName sofia_reg_external
Pres Hosts
Dialplan XML
Context public
Challenge Realm auto_to
RTP-IP 192.168.1.239
Ext-RTP-IP 37.71.36.210
SIP-IP 192.168.1.239
Ext-SIP-IP 37.71.36.210
BIND-URL sip:mod_...@37.71.36.210:5060;maddr=192.168.1.239;transport=udp,tcp
WS-BIND-URL sip:mod_...@192.168.1.239:5066;transport=ws
WSS-BIND-URL sips:mod_...@37.71.36.210:7443;transport=wss
HOLD-MUSIC local_stream://moh
OUTBOUND-PROXY N/A
CODECS IN OPUS,speex@16000h@20i,speex@8000h@20i,G7221@32000h,G7221@16000h,G722,PCMU,PCMA,GSM
CODECS OUT speex@16000h@20i,PCMU,PCMA,GSM
TEL-EVENT 101
DTMF-MODE info
CNG 13
SESSION-TO 0
MAX-DIALOG 0
NOMEDIA false
LATE-NEG true
PROXY-MEDIA false
ZRTP-PASSTHRU true
AGGRESSIVENAT false
CALLS-IN 15
FAILED-CALLS-IN 0
CALLS-OUT 0
FAILED-CALLS-OUT 0
REGISTRATIONS 1
For check that firewall correctly redirect traffic with hairpinning config, you can execute from bigbluebutton (192.168.1.239) server the command
telnet 37.71.36.210 7443if you receive
Trying 37.71.36.210 ...
Connected to 37.71.36.210.
Escape character is '^]'.If you want avoid hairpinning on fw, you can use another trick as I said. You must be to create a dummy nic interface with public ip set on it on bigbluebutton server
modprobe dummy
/sbin/ip link set name eth10 dev dummy0
ifconfig eth10 31.71.36.210 netmask 255.255.255.255and after set in external.xml
and check again with telnet as I said before. It's a dirty solution, but work on my installation.
Regards
Pasquale
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
Wanoo
Sep 10, 2016, 8:44:21 PM9/10/16
to BigBlueButton-Setup
Niiiiice at 3am its working !!
Thank Fred & Pasquale. We have to include this in the documentation for this maze scenario. I think lot's of people are stuck in the same situation i was.
I'm so glad its working.
Thanks a lot
Pasquale Di Feo
Sep 11, 2016, 5:13:43 AM9/11/16
to BigBlueButton-Setup
Hi,
I'm very happy that you have solved.
The problem is on proxy_pass to websocket. I'm not specialist of nginx and freeswitch and my result is on empiric tests, analyzing network traffic with Wireshark.
I hope that someone will find a correct solution to the problem.
Regards
Pasquale
Wanoo
Sep 11, 2016, 6:40:13 AM9/11/16
to BigBlueButton-Setup
Yeah,
yesterday over skype with Fred, we seen freeswich given the wrong ip for the websocket in about:webrtc (Firefox)
so i really think this line is part of the solution.
yesterday over skype with Fred, we seen freeswich given the wrong ip for the websocket in about:webrtc (Firefox)
so i really think this line is part of the solution.
Maybe a sed script will be helpful for auto apply the right configuration depending of the 3 scenarii :
- Local
- serveur with ip public on interface
- Serveur behind a firewall
no ?
Message has been deleted
Pasquale Di Feo
Sep 11, 2016, 7:45:30 AM9/11/16
to BigBlueButton-Setup
I agree with you. But ... I don't understand if you have solved with hairpin on firewall, with dummy interfacce or nothing.
Hairpin on fw or dummy nic is a dirty solution.
Hairpin on fw or dummy nic is a dirty solution.
Regards
Pasquale
Wanoo
Sep 11, 2016, 8:10:37 AM9/11/16
to BigBlueButton-Setup
the hairpin at begin, but because it's generate lots of line in my fw logs, so i use the dummy nic.
Michael Andriantsoavina
Nov 24, 2016, 4:31:01 PM11/24/16
to BigBlueButton-Setup
Hello,
If it should be put in the official documentation, it will be good.
Thanks Pasquale,
Pasquale Di Feo
Dec 7, 2016, 2:53:32 AM12/7/16
to BigBlueButton-Setup
Hi,
it is a dirty solution. I don't agree to put it on ufficial docs. It's better to solve problem on freeswitch that seems publish incorrect address for webrtc.
Pasquale
Il giorno giovedì 25 agosto 2016 13:37:17 UTC+2, Abhijeet Dutta ha scritto:
Erwan Rougeux
Dec 7, 2016, 3:22:25 AM12/7/16
to bigbluebu...@googlegroups.com
I modify bbb-conf to auto create all this parameter too.
++
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsubscribe...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsubscribe...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.
To post to this group, send email to bigbluebutton-setup@googlegroups.com.
Fred Dixon
Mar 6, 2017, 7:50:14 AM3/6/17
to bigbluebu...@googlegroups.com
Hi Michael,
We've updated the documentation for BigBlueButton 1.1-beta to have more information on setting up networking, including "hairpin" NAT. See
Pasquale, this might not be needed in the next version of FreeSWITCH (1.8) as they are adding the ability to include an external IP in the RTP candidate. See
Regards,... Fred
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.
To post to this group, send email to bigbluebutton-setup@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
Message has been deleted
Fred Dixon
Sep 14, 2017, 1:43:40 PM9/14/17
to bigbluebu...@googlegroups.com
Hi Oleksii,
Thanks for sharing the steps to resolve the WebRTC networking issue on your setup!
Regards,... Fred
On Thu, Sep 14, 2017 at 11:09 AM, Oleksii Melnychuk <wiki...@gmail.com> wrote:
It was not enough in my case to reproduce everything described in documentation and this branch of forum. I have installed fresh Ubuntu 16.04 on HP blade server behind NAT without Hairpin and followed documentation letter by letter. Without dummy NIC and external IP proxy settings I had WebRTC 1002 error. After dummy NIC creating I faced most difficult problem - error 1007. Candidate from side of server wasn't able to forward UDP packets to remote candidate. Both candidates were behind NAT. Some further researches of network pushed me to rightsolution. I have forwarded UDP packets from local IP to external IP (which was loopback interface infact as dummy NIC with external IP was created) using iptables NAT postrouting and 2 additional kernel modules. Thus, if nothing helps to solve error 1007 problem for both server and client behind NAT, we have to try force forwanding of UDP traffic from local to external IP. Just do the following as root:1. Load ip_conntrack_sip kernel module:
3. Add NAT postrouting rule:
where you have to replace 192.168.0.30 with your internal (local) IP address and 77.220.141.35 with your external IP. The last command can be rewrited in such the way:
4. Restart BigBlueButton afterwards:
and check if the error 1007 dissappeared. If the problem is solved, make kernel modules and iptables rule loading persistent at system start.
понеділок, 6 березня 2017 р. 14:50:14 UTC+2 користувач Fred Dixon написав:
To post to this group, send email to bigbluebu...@googlegroups.com.To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsubscribe...@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
--BigBlueButton Developer@bigbluebutton
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.
To post to this group, send email to bigbluebutton-setup@googlegroups.com.
Visit this group at https://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages