STUN server problems

[Brent W. Baccala]

FYI -

I'm having intermittent problems with stun.freeswitch.org right now.  I've getting "blocked" and error responses from three different machines, two on Verizon's broadband network and one in Amazon's cloud.

stun.ekiga.net is working.

It will probably be noticed and fixed shortly, but at the moment I expect any BBB client behind a NAT gateway to have problems, since our default configuration lists stun.freeswitch.org as our only STUN server for our clients to use to find their globally routable addresses.

    agape

    brent

[Fred Dixon]

Hi Brent,

Recommend trying Google's STUN server at stun.l.google.com.

Regards,... Fred 

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/62436c74-bbfa-44e2-a908-333a68d4880cn%40googlegroups.com.

--

BigBlueButton Developer

http://bigbluebutton.org/

Like BigBlueButton?  Tweet us at @bigbluebutton

[Brent W. Baccala]

Hi -

TL;DR - I'm not currently getting any response from stun.l.google.com, and stun.freeswitch.org is only answering intermittently from Amazon's cloud; I get no answer from it from Verizon's Washington DC FIOS network.  Other STUN servers (the list is from the init.py file in the pystun package) are answering, but are somewhat inconsistent with respect to what kind of NAT type is reported on the Verizon network (it's actually restricted NAT).  From Amazon's cloud, they are consistently reporting full cone NAT (which is correct).  Of course, I don't think we use the NAT type for anything; all that really matters is the external IP address, subject to the proviso that symmetric NAT wouldn't work at all.

I've configured my system to use stun.ekiga.net, which is one of the most reliable for me.  Don't know what to suggest; mainly I just want the developer's list to be aware that we've got some reliability issues with the public STUN servers, most importantly stun.freeswitch.org because it's hardwired into our configuration files.

Currently, this is what I see from a Verizon broadband link:

baccala@samsung:~/src/freeswitch$ pystun -H stun.l.google.com

NAT Type: Blocked

External IP: None

External Port: None

baccala@samsung:~/src/freeswitch$ pystun -H stun.freeswitch.org

NAT Type: Blocked

External IP: None

External Port: None

baccala@samsung:~/src/freeswitch$ pystun -H stun.ekiga.net

NAT Type: Symmetric NAT

External IP: 100.36.126.20

External Port: 1024

baccala@samsung:~/src/freeswitch$ pystun -H stun.ideasip.com

NAT Type: Blocked

External IP: None

External Port: None

baccala@samsung:~/src/freeswitch$ pystun -H stun.voiparound.com

NAT Type: Symmetric NAT

External IP: 100.36.126.20

External Port: 54320

baccala@samsung:~/src/freeswitch$ pystun -H stun.voipbuster.com

NAT Type: Full Cone

External IP: 100.36.126.20

External Port: 1024

baccala@samsung:~/src/freeswitch$ pystun -H stun.voipstunt.com

NAT Type: Symmetric NAT

External IP: 100.36.126.20

External Port: 54320

baccala@samsung:~/src/freeswitch$ pystun -H stun.voxgratia.org

NAT Type: Blocked

External IP: None

External Port: None

This is what I see from Amazon's cloud (us east 1):

ubuntu@npdesi:~$ pystun -H stun.freeswitch.org

NAT Type: Full Cone

External IP: 34.234.49.169

External Port: 54320

ubuntu@npdesi:~$ pystun -H stun.l.google.com

NAT Type: Blocked

External IP: None

External Port: None

ubuntu@npdesi:~$ pystun -H stun.ekiga.net

NAT Type: Full Cone

External IP: 34.234.49.169

External Port: 54320

ubuntu@npdesi:~$ pystun -H stun.ideasip.com

NAT Type: Blocked

External IP: None

External Port: None

ubuntu@npdesi:~$ pystun -H stun.voiparound.com

NAT Type: Full Cone

External IP: 34.234.49.169

External Port: 54320

ubuntu@npdesi:~$ pystun -H stun.voipbuster.com

NAT Type: Full Cone

External IP: 34.234.49.169

External Port: 54320

ubuntu@npdesi:~$ pystun -H stun.voipstunt.com

NAT Type: Full Cone

External IP: 34.234.49.169

External Port: 54320

ubuntu@npdesi:~$ pystun -H stun.voipgratia.org

NAT Type: Blocked

External IP: None

External Port: None

Ten minutes later, stun.freeswitch.org isn't answering from Amazon:

ubuntu@npdesi:~$ pystun -H stun.freeswitch.org

NAT Type: Blocked

External IP: None

External Port: None

and then another minute or two later...

ubuntu@npdesi:~$ pystun -H stun.freeswitch.org

NAT Type: Full Cone

External IP: 34.234.49.169

External Port: 54320

    agape

    brent

[Toni Förster]

Have you considered setting up your own STUN server? It is explained in the BBB documentation and takes just a few minutes.

[Brent W. Baccala]

Yes, I have most certainly considered it, and even did it a few months ago.

We're not really telling people that they absolutely need to do that, right?  The install instructions read like it's optional, don't they?

    agape

    brent

[Toni Förster]

I just speak for me personally, but I’d like to have as much of the infrastructure under my control. I rented a server for just 3 $ / month to have my own STUN/TURN server. Considering that you somehow have to invest some money for the BBB server itself, 3 bucks don’t seem much to my and I can make sure that my service is running without hiccups.

Best Toni