--
--
--
--
--
--
--
-- Regards, Adam
Thanks for the response, Justin. Some more questions (sorry!):(1) Is an Active Directory policy the only way to restrict the range of ports being used? In other words, is there a way to control this (say) for Macs, or in a non-AD environment? I'm thinking that being able to set the range of ports via JavaScript would be very helpful.
(2) If, as others have suggested, this is what a TURN server is for, what's the simplest way to tell WebRTC, "Use UDP peer-to-peer if you can get it to work, and then fallback to using this TURN server as a relay if that doesn't work, over UDP first, and then (if nothing else works) over TCP?" Or do you get this for free just by referencing a TURN server rather than a STUN server?
(3) I like the sound of what you say ICE-TCP can do, namely, being able to push out through (say) TCP ports 80 or 443 if nothing else works. How do you get that to happen? Or is it something that WebRTC does automatically, and I don't need to worry about it? (So far I'm only seeing UDP ICE candidates get sent.)
--
--
On B, the TURN server would be deployed in, or across, the DMZ to allow it to have an internal and external internet address. The peerconnection config would have to have 2 entries for this server, one for the internal and for the external addressing. Or you could have split dns config, so the right IP is resolved depending on internal or external source.
Warren
Sorry for this late question. Could you please clarify
A) Do you expect ICE-TCP (esp on TLS) to go over a http proxy where DPI is not present.
B) On your point 3, how does this enterprise TURN server work? Would there be an option in
the proxy settings of the browser (eg: chrome) to specify the enterprise TURN proxy address? Would this enterprise TURN server then proxy the STUN/TURN traffic to the real TURN server in the internet?
--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
I would like to know the answer A.
On B, the TURN server would be deployed in, or across, the DMZ to allow it to have an internal and external internet address. The peerconnection config would have to have 2 entries for this server, one for the internal and for the external addressing. Or you could have split dns config, so the right IP is resolved depending on internal or external source.
Warren
On Tue, Feb 19, 2013 at 10:00 PM, BP Gangadharan <bp.gang...@gmail.com> wrote:
Sorry for this late question. Could you please clarify
A) Do you expect ICE-TCP (esp on TLS) to go over a http proxy where DPI is not present.
If the proxy supports HTTPS, e.g. tunnelling via HTTP CONNECT, then yes. If not, then no.
B) On your point 3, how does this enterprise TURN server work? Would there be an option in
the proxy settings of the browser (eg: chrome) to specify the enterprise TURN proxy address? Would this enterprise TURN server then proxy the STUN/TURN traffic to the real TURN server in the internet?
Yes, this would be configured via settings/enterprise policies. In this case a "real TURN server" would probably not be needed.
On Thu, Feb 21, 2013 at 5:57 AM, Justin Uberti <jub...@google.com> wrote:
Thanks Justin for the quick response. Please see comments below.
On Tue, Feb 19, 2013 at 10:00 PM, BP Gangadharan <bp.gang...@gmail.com> wrote:
Sorry for this late question. Could you please clarify
A) Do you expect ICE-TCP (esp on TLS) to go over a http proxy where DPI is not present.
If the proxy supports HTTPS, e.g. tunnelling via HTTP CONNECT, then yes. If not, then no.
I guess, this would require every browser to honour http proxy settings for TURN as well and send a CONNECT to the proxy for establishing TURN traffic. Right?
Will this be specified in any w3c or ietf speficiations? Or will this be an implementation specific behaviour of the browser?
B) On your point 3, how does this enterprise TURN server work? Would there be an option in
the proxy settings of the browser (eg: chrome) to specify the enterprise TURN proxy address? Would this enterprise TURN server then proxy the STUN/TURN traffic to the real TURN server in the internet?
Yes, this would be configured via settings/enterprise policies. In this case a "real TURN server" would probably not be needed.
If I understand your answer correctly, this TURN proxy settings will not be as visible as an HTTP proxy setting. The enterprise will have to use something like
a mechanism specified in the pages below for setting it up.
http://support.google.com/chromeos/a/bin/answer.py?hl=en&answer=187202
http://support.google.com/chromeos/a/bin/answer.py?hl=en&answer=187204
Could you please confirm?
On Wed, Feb 20, 2013 at 2:01 PM, Warren McDonald <warren....@gmail.com> wrote:
I would like to know the answer A.
On B, the TURN server would be deployed in, or across, the DMZ to allow it to have an internal and external internet address. The peerconnection config would have to have 2 entries for this server, one for the internal and for the external addressing. Or you could have split dns config, so the right IP is resolved depending on internal or external source.
No, the PeerConnection config would only have the internal address. It learns the external address via the TURN protocol.