No webcam or screenshare (error 1020) - Do I need my own TURN server?
47 views
Skip to first unread message
David White
Sep 15, 2021, 8:31:15 PM9/15/21
to bigbluebu...@googlegroups.com
I recently moved a fully functional Big Blue Button server into a new datacenter.
For reasons I won't get into, I'm going to have to use NAT here in the new datacenter.
For reasons I won't get into, I'm going to have to use NAT here in the new datacenter.
I have everything re-IP'd.
Greenlight is working fine, as well as audio & chat. But video & screensharing isn't working.
Greenlight is working fine, as well as audio & chat. But video & screensharing isn't working.
It looks like my stunclient test is able to bind, but the Behavior and Filtering tests are failing. I have redacted a portion of the IP address below:
root@meet:/home/dwhite# stunclient --mode full --localport 30000 --localaddr 198.x.x.194 stun.l.google.com 19302
Binding test: success
Local address: 198.x.x.194:30000
Mapped address: 198.x.x.193:30000
Behavior test: fail
Filtering test: fail
--
Binding test: success
Local address: 198.x.x.194:30000
Mapped address: 198.x.x.193:30000
Behavior test: fail
Filtering test: fail
Running a packet capture on the firewall, I see the packets exiting AND coming back into the router. Additionally, running a packet capture (using tcpdump) on the Linux server, I see outbound and return traffic.
It should be noted that I'm using a loopback address on lo to assign the public IP address to the server. So this isn't a "traditional" NAT setup.
The following blog describes exactly what I'm doing: https://munari.xyz/2020/10/25/bigbluebutton-behind-nat/
I'm trying to figure out what these "Behavior" and "Filtering" tests are, and how to get them to succeed.
Any help would be greatly appreciated.
David White
David White
Sep 15, 2021, 8:58:27 PM9/15/21
to bigbluebu...@googlegroups.com
I'm an idiot.
If you look at my output, you'll see my Local address and my Mapped address is different.
My network's default Source NAT address is the .193.
I added a new Source NAT rule to the router for this IP to remain Source NAT'd to the .194 address, and now the tests are passing:
root@meet:/home/dwhite# stunclient --mode full --localport 30000 --localaddr 198.73.3.194 stun.l.google.com 19302
Binding test: success
Local address: 198.x.x.194:30000
Mapped address: 198.x.x.194:30000
Behavior test: success
Nat behavior: Direct Mapping
Filtering test: success
Nat filtering: Endpoint Independent Filtering
Behavior test: success
Nat behavior: Direct Mapping
Filtering test: success
Nat filtering: Endpoint Independent Filtering
Big Blue Button still isn't working, though.
I need to dig into the configurations some more... I'm sure there's a way to manually force the Source NAT locally.
Because by default, the traffic wants to go out the private IP (192.168.100.120).
I need to dig into the configurations some more... I'm sure there's a way to manually force the Source NAT locally.
Because by default, the traffic wants to go out the private IP (192.168.100.120).
My command only works when I specify the localaddr address:
root@meet:/home/dwhite# stunclient --mode full --localport 30000 --localaddr 198.x.x.194 stun.l.google.com 19302
I'd still be grateful for input on this. :)
David White
basisbit
Sep 16, 2021, 10:42:06 AM9/16/21
to BigBlueButton-Setup
>
Do I need my own TURN server?
Yes, you'll need to run our own stun + turn server next to a BBB server to have a decent setup with low amounts of connection issues. Please see https://docs.bigbluebutton.org/admin/setup-turn-server.html how to install it and follow that website exactly.
Reply all
Reply to author
Forward
0 new messages