bbb 0.9 (build 258) WebRTC versus NAT

[Михаил Михайлович]

Good day, dear developers.

I encountered with issue: WebRTC don`t want to work behind NAT (Error 1007: https://code.google.com/p/bigbluebutton/wiki/090InstallationUbuntu#Client_WebRTC_Error_Codes). Al correctly works in local network, in external - WebRTC got error 1007. Nothing helps.

I`ve got battle installation of bbb on dedicated physical server. Version 0.9 was chosen because of the large number of advantages over stable 0.81. One of them - WebRTC and right now I`am got issues with that. So... i got external IP address and bound to it sub-domain bbb.mydomain.com (back-part, my server) also I`ve got conf.mydomain.com (front-part, web portal on Wordpress), but thats not matter right now. Server has connected to router Fortigate 60D (i suspect that it is all his fault). External IP is fully bound to internal IP in all ports and protocols. Next...

Installation was done strongly upon: https://code.google.com/p/bigbluebutton/wiki/090InstallationUbuntu
/etc/hosts was updated as needed (looking on my bbb.mydomain.com)

All steps was completed and tested many times: https://code.google.com/p/bigbluebutton/wiki/090InstallationUbuntu#Audio_not_working (+ some of my experiments with configs)

My info:

admin@conf:~$ sudo bbb-conf --check

BigBlueButton Server 0.9.0-beta (730)
                    Kernel version: 3.13.0-49-generic
                      Distribution: Ubuntu 14.04.2 LTS (64-bit)
                            Memory: 20043 MB

/var/www/bigbluebutton/client/conf/config.xml (bbb-client)
          Port test (tunnel): bbb.mydomain.com
                              Red5: bbb.mydomain.com
              useWebrtcIfAvailable: true

/opt/freeswitch/conf/sip_profiles/external.xml (FreeSWITCH)
                    websocket port: 5066
                    WebRTC enabled: true

/etc/nginx/sites-available/bigbluebutton (nginx)
                       server name: bbb.mydomain.com
                              port: 80
                    bbb-client dir: /var/www/bigbluebutton

/var/lib/tomcat7/webapps/bigbluebutton/WEB-INF/classes/bigbluebutton.properties (bbb-web)
                      bbb-web host: bbb.mydomain.com

/var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp (API demos)
                           api url: bbb.mydomain.com

/var/www/bigbluebutton/check/conf/config.xml (client check)
                      client check: bbb.mydomain.com

/usr/share/red5/webapps/bigbluebutton/WEB-INF/red5-web.xml (red5)
                  voice conference: FreeSWITCH
                     capture video: true
                   capture desktop: true

/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
                     playback host: bbb.mydomain.com


** Potential problems described below **
# IP does not match:
#                           IP from ifconfig: 172.16.1.7
#   /etc/nginx/sites-available/bigbluebutton: bbb.mydomain.com
# Warning: API URL IPs do not match host:
#
#                                IP from ifconfig: 172.16.1.7
#  /var/lib/tomcat7/webapps/demo/bbb_api_conf.jsp: bbb.mydomain.com

# Warning: The API demos are installed and accessible from:
#
#    http://bbb.mydomain.com/
#
# These API demos allow anyone to access your server without authentication
# to create/manage meetings and recordings. They are for testing purposes only.
# If you are running a production system, remove them by running:
#
#    sudo apt-get purge bbb-demo

# Warning: The client self check is installed and accessible from:
#
#    http://bbb.mydomain.com/check
#
Enter code here...

/opt/freeswitch/conf/vars.xml

-<X-PRE-PROCESS cmd="set" data="local_ip_v4=172.16.1.7"/>
-<X-PRE-PROCESS cmd="set" data="bind_server_ip=auto"/>
+<X-PRE-PROCESS cmd="set" data="bind_server_ip=bbb.mydomain.com"/>
-<X-PRE-PROCESS cmd="set" data="external_rtp_ip=stun:stun.freeswitch.org"/>
+<X-PRE-PROCESS cmd="set" data="external_rtp_ip=host:bbb.mydomain.com"/>
-<X-PRE-PROCESS cmd="set" data="external_sip_ip=stun:stun.freeswitch.org"/>
+<X-PRE-PROCESS cmd="set" data="external_sip_ip=host:bbb.mydomain.com"/>

/opt/freeswitch/conf/sip_profiles/external.xml

-<param name="ext-rtp-ip" value="$${local_ip_v4}"/>
-<param name="ext-sip-ip" value="$${local_ip_v4}"/>
+<param name="ext-rtp-ip" value="$${external_rtp_ip}"/>
+<param name="ext-sip-ip" value="$${external_sip_ip}"/>

/usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties

bbb.sip.app.ip=172.16.1.7
bbb.sip.app.port=5070

freeswitch.ip=172.16.1.7
freeswitch.port=5060

/etc/bigbluebutton/nginx/sip.nginx

location /ws {
        proxy_pass http://bbb.mydomain.com:5066;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_read_timeout 6h;
        proxy_send_timeout 6h;
        client_body_timeout 6h;
        send_timeout 6h;
}

Thats it. Firewall (i disabled it for test... not helps)

admin@conf:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
1935                       ALLOW       Anywhere
9123                       ALLOW       Anywhere
5066                       ALLOW       Anywhere
16384:32768/udp            ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
1935 (v6)                  ALLOW       Anywhere (v6)
9123 (v6)                  ALLOW       Anywhere (v6)
5066 (v6)                  ALLOW       Anywhere (v6)
16384:32768/udp (v6)       ALLOW       Anywhere (v6)

http://demo.bigbluebutton.org/ - works

Pls help my with advice, what Iam doing wrong? bbb.mydomain.com was changed to direct IP in that configs, firewall disabled... nothing helps. The servers is now available in Internet, i can give i web-access to it (but I cant write an address directly here). All checks was make by feature: bbb.mydomain.com/check (and got "Failed WebRTC Echo Test: 1007") that was confirmed by joining my demo.

Thanks.

[Michael]

Added:

Telnet is ok by that info: https://code.google.com/p/bigbluebutton/wiki/FAQ#Can_I_provide_external_access_to_a_BigBlueButton_server_behind_m
Ports: 80, 1935, 9123 telnet`ed as described.

darkfess@DFZ:~$ telnet bbb.mydomain.com  5066
Trying xxx.xxxx.xxxxx....
Connected to bbb.mydomain.com.
Escape character is '^]'.
HTTP/1.1 400 Bad Request
Sec-WebSocket-Version: 13

Connection closed by foreign host.

Don`t know is that okey..

[Fred Dixon]

Hi Michael,

Try this: on your firewall, can you forward UDP ports 16384 - 32768 to 172.16.1.7 and try again.  

The webRTC audio goes over UDP and Error 1007 is browser was unable to setup the media connection.

  https://code.google.com/p/bigbluebutton/wiki/090InstallationUbuntu#Client_WebRTC_Error_Codes

Let us know if the above gets you going.

Regards,... Fred

Regards,... Fred

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.

--

BigBlueButton Developer

http://bigbluebutton.org/
http://code.google.com/p/bigbluebutton

BigBlueButton on twitter: @bigbluebutton

[Michael]

Hi Fred,

I will try specifying direct forwarding of those UDP ports. Thanks for the idea, I will keep you informed.

[Fred Dixon]

Hi Michael,

After you make the change, try connecting again from BigBlueButton and, if it fails to connect, post the output of the browser console to pastebin -- this will give us more information to figure out why the browser is unable to connect via webRTC audio.

Regards,... Fred

On Fri, Apr 10, 2015 at 3:11 PM, Michael <darkfess...@gmail.com> wrote:

Hi Fred,

I will try specifying direct forwarding of those UDP ports. Thanks for the idea, I will keep you informed.

--

You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.

[HostBBB.com]

Michael

+<X-PRE-PROCESS cmd="set" data="external_sip_ip=host:bbb.mydomain.com"/>

try adding the actual external xx.xx.xx.xx  instead on all the freeswitch configs.

since inside your firewall fqdn should resolve to localip, and outside should resolve to external

regards,

Stephen

hostbbb.com

On Friday, April 10, 2015 at 4:19:47 PM UTC-4, Fred Dixon wrote:

Hi Michael,

After you make the change, try connecting again from BigBlueButton and, if it fails to connect, post the output of the browser console to pastebin -- this will give us more information to figure out why the browser is unable to connect via webRTC audio.

Regards,... Fred

On Fri, Apr 10, 2015 at 3:11 PM, Michael <darkfess...@gmail.com> wrote:

Hi Fred,

I will try specifying direct forwarding of those UDP ports. Thanks for the idea, I will keep you informed.

--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.

To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-setup+unsub...@googlegroups.com.

To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.

[Michael]

Good day, Fred!

We specifying direct forwarding of: TCP 1-10000 and UDP 16384-32768. Nothing changed at all. Still got 1007. Here is browser-console log: http://pastebin.com/kXWzk2f7 (domain and IP changed). What can be the source of error?
We also disabled ALG SIP on router as mentioned here: http://www.3cx.com/blog/docs/disable-sip-alg-on-fortigate/

Still nothing. I am really confused.

[Michael]

Hello HostBBB.com!

As i mentioned in my first message "bbb.mydomain.com was changed to direct IP in that configs, firewall disabled... nothing helps" it still gave nothing. This FQDN is fully synced in all DNS servers on the Inet, and even Google-Public DNS knows it. So, pings from router to him resolve to us a correct external IP (checked).



суббота, 11 апреля 2015 г., 15:21:35 UTC+3 пользователь HostBBB.com написал:

[Michael]

Here is some more... Its connection log, from config:webrtc of Firefox browser.

http://pastebin.com/6nQhFpKs

Where 1.1.5.177 - office PC local IP, 172.16.1.7 -  server IP in DC.

[Chad Pilkey]

Freeswitch is still passing what I think is your local IP to the clients as the only ICE candidate. The following line can be found in the reply from Freeswitch after a call has been initiated.

a=candidate:1729486585 1 udp 659136 172.16.1.7 20090 typ host generation 0

The IP is unreachable and the ICE negotiation fails. I don't know how to fix Freeswitch so that it uses your external IP in the candidate list unfortunately.

[Michael]

Hi Chad!

Seems that way... but how do I fix this? Is "scenario 2" in FS discribes NAT situation? https://wiki.freeswitch.org/wiki/General_NAT_example_scenarios#Scenario_2

[Chad Pilkey]

Scenario 2 looks the same as your problem. That wiki page is deprecated though so I wouldn't follow the examples on that page.

The correct NAT documentation for Freeswitch can be found here, here, and here.

[Michael]

Thans. But I knows that docs, and it completely repeats our docs: https://code.google.com/p/bigbluebutton/wiki/090InstallationUbuntu#Audio_not_working

We got NAT and FreeSwitch + external IP. So, we don`t use "auto-nat", we use "external sip profile". All corect... and still - nothing.

Who knows, what here /opt/freeswitch/conf/vars.xml option  <X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/> (mb true?) does? It wont help (checked), but still interesting..

[Michael]

Here is goes freeswitch log: http://pastebin.com/LeZhaakF (office_ext_ip = external IP in other office)

Ive had little modification of config due to links bellow. It wont work anyway. But due to the log, FS see incoming connection, they even got port exchanged... but. Anyone have some ideas?

PS. ports 5060 and 5070 is only for internal use of FS? Should it need be opened in Firewall?

[Richard Alam]

On Fri, Apr 10, 2015 at 1:03 PM, Михаил Михайлович <darkfess...@gmail.com> wrote:

Good day, dear developers.

I encountered with issue: WebRTC don`t want to work behind NAT (Error 1007: https://code.google.com/p/bigbluebutton/wiki/090InstallationUbuntu#Client_WebRTC_Error_Codes). Al correctly works in local network, in external - WebRTC got error 1007. Nothing helps.

I`ve got battle installation of bbb on dedicated physical server. Version 0.9 was chosen because of the large number of advantages over stable 0.81. One of them - WebRTC and right now I`am got issues with that. So... i got external IP address and bound to it sub-domain bbb.mydomain.com (back-part, my server) also I`ve got conf.mydomain.com (front-part, web portal on Wordpress), but thats not matter right now. Server has connected to router Fortigate 60D (i suspect that it is all his fault). External IP is fully bound to internal IP in all ports and protocols. Next...

Installation was done strongly upon: https://code.google.com/p/bigbluebutton/wiki/090InstallationUbuntu
/etc/hosts was updated as needed (looking on my bbb.mydomain.com)

All steps was completed and tested many times: https://code.google.com/p/bigbluebutton/wiki/090InstallationUbuntu#Audio_not_working (+ some of my experiments with configs)

My info:

admin@conf:~$ sudo bbb-conf --check

Can you try these settings?

 

/opt/freeswitch/conf/vars.xml

<X-PRE-PROCESS cmd="set" data="bind_server_ip=172.16.1.7"/>
<X-PRE-PROCESS cmd="set" data="external_rtp_ip=172.16.1.7"/>
<X-PRE-PROCESS cmd="set" data="external_sip_ip=172.16.1.7"/>

/opt/freeswitch/conf/sip_profiles/external.xml

<param name="ext-rtp-ip" value="$${external_rtp_ip}"/>

<param name="ext-sip-ip" value="$${external_sip_ip}"/>

/usr/share/red5/webapps/sip/WEB-INF/bigbluebutton-sip.properties

bbb.sip.app.ip=172.16.1.7
bbb.sip.app.port=5070

freeswitch.ip=172.16.1.7
freeswitch.port=5060

/etc/bigbluebutton/nginx/sip.nginx

location /ws {
        proxy_pass http://172.16.1.7:5066;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_read_timeout 6h;
        proxy_send_timeout 6h;
        client_body_timeout 6h;
        send_timeout 6h;
}

Thats it. Firewall (i disabled it for test... not helps)

admin@conf:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
1935                       ALLOW       Anywhere
9123                       ALLOW       Anywhere
5066                       ALLOW       Anywhere
16384:32768/udp            ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
1935 (v6)                  ALLOW       Anywhere (v6)
9123 (v6)                  ALLOW       Anywhere (v6)
5066 (v6)                  ALLOW       Anywhere (v6)
16384:32768/udp (v6)       ALLOW       Anywhere (v6)

Open 5060 UDP in your firewall.

Let us know how it goes.

Richard

 

http://demo.bigbluebutton.org/ - works

Pls help my with advice, what Iam doing wrong? bbb.mydomain.com was changed to direct IP in that configs, firewall disabled... nothing helps. The servers is now available in Internet, i can give i web-access to it (but I cant write an address directly here). All checks was make by feature: bbb.mydomain.com/check (and got "Failed WebRTC Echo Test: 1007") that was confirmed by joining my demo.

Thanks.

--

You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.

To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.

To post to this group, send email to bigbluebu...@googlegroups.com.
Visit this group at http://groups.google.com/group/bigbluebutton-setup.
For more options, visit https://groups.google.com/d/optout.

--

-----
BigBlueButton Developer
http://www.bigbluebutton.org
http://code.google.com/p/bigbluebutton

[Michael]

Hi Richard!

I try this setting, wont help. I try FQDN-noFQDN internal hostname of the server. I have a conclusion, that no-FQDN is better option (pings bbb.mydomain.com goes directly outside). So, thats my hosts now:

/etc/hosts

127.0.0.1       localhost
#127.0.0.1      bbb.mydomain.com bbb localhost
172.16.1.7      bbb
xxx.xxx.xx.xx   bbb.mydomain.com

# The following lines are desirable for IPv6 capable hosts
#::1     localhost ip6-localhost ip6-loopback
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters

Nothing changed behind firewall. 1007 error. I disabled IPv6 in system... Local connection to the server shows, that it somehow use IPv6 for WebRTC. Its very interesting, no IPv6 address was configured. Logs of Freeswitch shows this:

fdb90d26-e2c9-11e4-b575-f52349676698 2015-04-14 20:16:30.101137 [NOTICE] switch_core_media.c:2953 setting remote audio ice addr to 2002:101:1ce::101:1ce:64092 based on candidate
fdb90d26-e2c9-11e4-b575-f52349676698 2015-04-14 20:16:30.101137 [NOTICE] switch_core_media.c:2978 setting remote rtcp audio addr to 2002:101:1ce::101:1ce:64092 based on candidate
fdb90d26-e2c9-11e4-b575-f52349676698 2015-04-14 20:16:30.101137 [DEBUG] switch_core_media.c:5163 AUDIO RTP [sofia/external/12345-bbbID-bbbTestUser@bbb.mydomain.com] 172.16.1.7 port 25112 -> 2002:101:1ce::101:1ce port 64092 codec: $
fdb90d26-e2c9-11e4-b575-f52349676698 2015-04-14 20:16:30.101137 [DEBUG] switch_rtp.c:3558 Starting timer [soft] 960 bytes per 20ms

With current configuration i`ve got 1004 Internal error with connection to WebRTC and 1007 error with external. Tomorrow I will get config back to normal and continue trying. But my time is running short :(

[Michael]

I confirm that. Local connection to FS is going with IPv6 somehow.... disabling it giver error 1004. I am realy confused now...

[Michael]

Soo.. guys. I think i`am close now. What I have done:

1) disable IPv6 in system
2) delete IPv6 internal and external sip-profiles from FS
3) in internal and external profile added options (internal in internal, external in external):

<param name="auth-calls" value="$${internal_auth_calls}"/>
<param name="auth-calls" value="$${external_auth_calls}"/>

4) Set in /opt/freeswitch/conf/vars.xml

  <!-- External SIP Profile -->
  <X-PRE-PROCESS cmd="set" data="external_auth_calls=true"/>

And now I`ve got error 1004 both inside and outside NAT. Any help are very appreciated.

[HostBBB.com]

Michael,  not sure if you can install a fresh instance of the Freeswitch configs.

But I have configured a few servers in .90 and ran into similar issues behind corporate firewalls, I have a hack workaround but still trying to figure out how to do it right. 

This is what I believe is occurring with you,

1) can you test on a fresh install.

2) follow the extra steps in install instructions as instructed to set the external address in config files.

3) run bbb-conf --clean

From your BBB server, now try to telnet to your external ip address

telnet 172.16.1.7 5066  <<< and see if the server can go out your firewall and back into your server and connect to websockets.

If this fails web-rtc will not work for sure.    I have had customers change policy on firewall to allow this and everything works fine.

Another check is

 sudo /opt/freeswitch/bin/fs_cli -x "sofia status profile external"

I have noticed playing around with different senarios,  that websockets bind urls always follow the ip address of the websocket interface in sip,nginx and ignore the current external_ip settings.  This is what causes the sdp to show the local IP when the client is trying to connect.

A hack work around for this is to modify bbb_webrtc_bridge_sip so ws::/server/ws is now direct to ws:/server:5066.

This by passes the port 80 proxy, but the sdp now correctly sends the external ip address.

Im still looking for correct fix, in freeswitch docs, and forums, but either of these methods should get you up and going for now.

The root issue is the ws bind url is not set to external ip in some senarios,  causing the 1007.

regards,

Stephen

hostbbb.com

[Michael]

Hi HostBBB.com

Thanks, your comment was the most useful!

1) Fresh install is the last option in my case.. server is already standing in datacenter. But i`ve saved all default config files after installation. So I just restore them time to time. The main installation instructions I am already know by heart.)
2) I run 'bbb-conf --clean' after every config change.)
3) I run command: 'telnet xxx.xx.xx.xx 5066' (exernal) -  the answer is like in local network. I think, this is ok?

admin@bbb:~$ telnet xxx.xxx.xx.xx 5066
Trying xxx.xxx.xx.xx...
Connected to xxx.xxx.xx.xx.

Escape character is '^]'.
HTTP/1.1 400 Bad Request
Sec-WebSocket-Version: 13

Connection closed by foreign host.

4) I`ve remove all FQDN and domain names from config, and change it with just external IP (and internal, when needed).

5) sudo /opt/freeswitch/bin/fs_cli -x "sofia status profile external" - this is awsome! It is fully diagnose all problems and fully comply with your words.

admin@bbb:~$ sudo /opt/freeswitch/bin/fs_cli -x "sofia status profile external"
[sudo] password for admin:
=================================================================================================
Name                    external
Domain Name             N/A
Auto-NAT                false
DBName                  sofia_reg_external
Pres Hosts
Dialplan                XML
Context                 public
Challenge Realm         auto_to
RTP-IP                  172.16.1.7
Ext-RTP-IP              xxx.xxx.xxx.xx
SIP-IP                  172.16.1.7
Ext-SIP-IP              xxx.xxx.xxx.xx
URL                     sip:mod_sofia@xxx.xxx.xxx.xx:5060
BIND-URL                sip:mod_sofia@xxx.xxx.xxx.xx:5060;maddr=172.16.1.7;transport=udp,tcp
WS-BIND-URL             sip:mod_sofia@172.16.1.7:5066;transport=ws
HOLD-MUSIC              local_stream://moh
OUTBOUND-PROXY          N/A
CODECS IN               OPUS,speex@16000h@20i,speex@8000h@20i,G7221@32000h,G7221@16000h,G722,PCMU,PCMA,GSM
CODECS OUT              speex@16000h@20i,PCMU,PCMA,GSM
TEL-EVENT               101
DTMF-MODE               info
CNG                     13
SESSION-TO              0
MAX-DIALOG              0
NOMEDIA                 false
LATE-NEG                true
PROXY-MEDIA             false
ZRTP-PASSTHRU           true
AGGRESSIVENAT           false
CALLS-IN                68
FAILED-CALLS-IN         67
CALLS-OUT               0
FAILED-CALLS-OUT        0
REGISTRATIONS           1

Thats it! WS-BIND-URL is internal IP.. I`am ready fot hardcoding of bbb_webrtc_bridge_sip.js that was found here: /var/www/bigbluebutton/check/resources/lib/ and here /var/www/bigbluebutton/client/lib/ but i don`t know exactly how to do it correct.

I`ve tried:

-wsServers: 'ws://' + server + '/ws',
+wsServers: 'ws://' + server:5066,
+wsServers: 'ws://' + server + '5066;,
+wsServers: 'ws://' + '/ws',
+wsServers: 'xxx.xxx.xx.xx:5066',
+wsServers: 'ws://' + server + '172.16.1.7',

And nothing really helps.. or modifing it isn`t so simple?

[HostBBB.com]

try this

wsServers: 'ws://xx.xx.xx.xx:5066',

[Michael]

Just tried.... nothing! Output of: sudo /opt/freeswitch/bin/fs_cli -x "sofia status profile external" - not changed. 

WS-BIND-URL         sip:mod_sofia@172.16.1.7:5066;transport=ws

In other tests - error 1007, as always.

I`ve enabled IPv6 again like here: http://askubuntu.com/questions/440649/how-to-disable-ipv6-in-ubuntu-14-04 and uncomment IPv6 setting in /etc/hosts and... mystery! Local connection to WebRTC worked again (error 1004 when IPv6 disabled). External still error 1007. When testing websocket I`ve tried script that described here: https://www.websocket.org/echo.html

WebSocket Test

CONNECTED

SENT: WebSocket rocks

The output of command 'sudo /opt/freeswitch/bin/fs_cli -x "sofia status profile internal"' is like external.. but there is no WS-BIND-URL.

It seems that i have no other option, except somehow connect server to provider without NAT and datacenter router.. or start the service without WebRTC option :(

[Bruno Amaral]

Exactly, I've faced the same problem here, and the solution was to get an extra IP address from my ISP and set it directly on my BBB server. Dislike the idea of having a service running outside our firewall, but WebRTC audio is a great enhancement to the system...

I've gived up on the idea of making this work behind NAT right now, but I`m monitoring this thread, so if you have any success, please share it Michael. Thanks.

[Michael]

Sure thing)  But i`am afraid I have no more options left. I think I`ll try everything, even hardcode BBB modules. No result. The only way - fresh install + no NAT. I have half a day for more research...

It`s not working behind "double NAT" (NAT at server and NAT at client). Why is it so? No idea. Maybe our routers are cursed or something :)  WebRTC is tricky thing.

[Michael]

So, resuming our efforts... Fresh install + the server connected directly to Internet is worked perfectly. Almost "out-of-the-box", without "Audio not working" section. Ideal solution.

I think, that it would be wise to mention somewhere if official docs, that words such as: "WebRTC"-"NAT"-"Enterprise Firewall" - are not compatible in any order.

[HostBBB.com]

For really nasty enterprise firewall configurations, you can use a STUN/TURN server that can help traverse the NAT and UDP protocols issues that exist in some corporate networks.  There are a couple of open source servers that can be installed, and some commmerical services you can subscribe to that offer this pretty inexpensively.

The problem is the default server is using free and not necessarily production stun servers from barracuda (freeswitch stun) and google. Neither of these offer turn services.

A recent report on on webrtc adoption shows about 6-10% of users are not able to connect with standard stun services.   But the good news in BigBlueButton has flash fallback.

Here is more info on one solution.

http://code.google.com/p/coturn/

regards,

Stephen

hostbbb.com

On Thursday, April 23, 2015 at 11:27:12 AM UTC-4, Michael wrote: