clients from restricted Network get 1004 error

[Yossi A]

Hi Fred and Chad

I noticed that clients from restricted Network can easily connect voice to test.bigbluebutton.org.

but connecting to my server. (2.2.0 beta 19 1369)  they get error 1007.

so I installed turn server following the doc. 

now, clients from restricted Network get 1004 error - webrtc error. 

when connecting to voice, I noticed on the browser console > Network, that it show only the internal NAT ip in the candidate list. 
...

a=candidate:2437072876 1 udp 2122260223 192.168.1.2 59009 typ host generation 0 network-id 1

a=candidate:3910237579 1 udp 2122194687 192.168.88.1 59010 typ host generation 0 network-id 2

a=candidate:1202345197 1 udp 2122129151 192.168.144.1 59011 typ host generation 0 network-id 3

a=candidate:3753982748 1 tcp 1518280447 192.168.1.2 9 typ host tcptype active generation 0 network-id 1

a=candidate:2811396475 1 tcp 1518214911 192.168.88.1 9 typ host tcptype active generation 0 network-id 2

a=candidate:153724957 1 tcp 1518149375 192.168.144.1 9 typ host tcptype active generation 0 network-id 3

a=ice-options:trickle

....

but when comparing to connecting with test.bigbluebutton, there it shows also 1 more candidate with my client network external IP

why is my turn server not giving my external IP as a candidate it the candidate list ?

can you please share the content of the files on test.bigbluebutton.org for comparing to the files on my server.

external.xml.

turn-stun-servers.xml.

acl.conf.xml

Regards

Jossef

[Chad Pilkey]

This is the contents of turn-stun-servers.xml from demo.bigbluebutton.org.

$ cat /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">

    <bean id="stun0" class="org.bigbluebutton.web.services.turn.StunServer">
        <constructor-arg index="0" value="stun:turn.blindsidenetworks.com"/>
    </bean>


    <bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
        <constructor-arg index="0" value="<secret redacted>"/>
        <constructor-arg index="1" value="turns:turn.blindsidenetworks.com:443?transport=tcp"/>
        <constructor-arg index="2" value="86400"/>
    </bean>

    <bean id="stunTurnService"
            class="org.bigbluebutton.web.services.turn.StunTurnService">
        <property name="stunServers">
            <set>
                <ref bean="stun0"/>
            </set>
        </property>
        <property name="turnServers">
            <set>
                <ref bean="turn0"/>
            </set>
        </property>
    </bean>
</beans>

It should be exactly the same as in our TURN documentation and what the bbb-install script will configure.

The properties in external.xml change what FS will send for its candidate and what ports and IPs it will respond on. It could be the cause if the problem is still a 1007, but not if it's a "1004 - WebRTC Error".

The properties in acl.conf.xml change what IP ranges FS will accept calls on. This could be a problem if it were a 1004 with anything except a "1004 - WebRTC Error".

If you could send me the full browser console log I can take a look at it. The problem will hopefully show higher up in the log.

[Yossi A]

Hi Chad
very much appreciate your taking the time to help me with my strange problems.

 it turns out that my turn server was blocked by the ubuntu firewall,

 I disabled it with sudo ufw disable

 and now I can see the external IP as a candidate in the list,
so I guess it should be ok now​.

I will know for sure only after I test from different restricted Networks.

Thanks 

Jossef

בתאריך יום שני, 9 בספטמבר 2019 בשעה 09:53:18 UTC+3, מאת Yossi A:

[Phill. Whiteside]

Hi Jossef,

I know it is a bit of work, but I'd suggest you take the time to have a read of a reasonable step by step approach such as here [1] It covers the setting up of the various ports and ranges therein. There may be some others who have more explicit instructions for this.

Regards,

Phill.

1. https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-16-04

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/4d5935e6-467f-41f6-8f5e-52c5e79c741f%40googlegroups.com.

[Yossi A]

Thank you Phill,  this is very helpful tutorial.
another option for those who have Ubuntu desktop, to install GUFW and configure the firewall using a nice GUI

Regards,

Jossef.

בתאריך יום שני, 9 בספטמבר 2019 בשעה 09:53:18 UTC+3, מאת Yossi A:

Hi Fred and Chad