Re: [discuss-webrtc] WebRTC peerconnection and sonicwall problems ?
756 views
Skip to first unread message
Justin Uberti
Jul 26, 2012, 3:27:55 PM7/26/12
to discuss...@googlegroups.com
I'm guessing SonicWall implements endpoint-dependent mappings. This type of firewall won't work with WebRTC until we land our TURN support.
You can verify the type of NAT using the tools at http://sourceforge.net/projects/stun/. (This type of NAT classification is obsolete, but still useful to understand whether TURN will be needed or not)
ex:
juberti-mbp:stund juberti$ ./client stunserver.org
STUN client version 0.97
Primary: Dependent Mapping, random port, no hairpin
On Thu, Jul 26, 2012 at 7:26 AM, andyf <flyi...@gmail.com> wrote:
I'm playing with the Chrome peerconnection to get a video chat between two browsers. When I try it with one end protected with a sonicwall firewall, the connection for video never gets made; the sonicwall log reports a UDP packet dropped. The same thing happens with the apprtc demo. When the sonicwall is involved, the two sides notice each other through the STUN connection, but never connect the call.Has anyone else tried it with a SonicWall (or Cisco) firewall blocking one of the ends ? If so, did you have to make changes to get it to work ?Thanks,Andy Finkel--
andyf
Jul 27, 2012, 1:50:55 PM7/27/12
to discuss...@googlegroups.com
Thanks. Still investigating, it might be a SonicWall version problem; the firmware version is kind of old, and in a subsequent release they made a lot of changes for SIP video. I'm hoping we can get it updated to the current release, otherwise we'll have to set up a DMZ.
On Thursday, July 26, 2012 3:27:55 PM UTC-4, Justin Uberti wrote:
Andy
On Thursday, July 26, 2012 3:27:55 PM UTC-4, Justin Uberti wrote:
I'm guessing SonicWall implements endpoint-dependent mappings. This type of firewall won't work with WebRTC until we land our TURN support.You can verify the type of NAT using the tools at http://sourceforge.net/projects/stun/. (This type of NAT classification is obsolete, but still useful to understand whether TURN will be needed or not)ex:juberti-mbp:stund juberti$ ./client stunserver.orgSTUN client version 0.97Primary: Dependent Mapping, random port, no hairpin
Eric Thomas
Jan 22, 2013, 1:59:28 PM1/22/13
to discuss...@googlegroups.com
Hi,
I would like to know the update on this SonicWall firewall using with WebRTC. Is it now supported with https://apprtc.appspot.com , as i have tried it and it did not worked.
Machine A: Using https://apprtc.appspot.com with SonicWall firewall installed.
Machine B: Using https://apprtc.appspot.com , no SonicWall firewall installed.
The Videos are not loading using apprtc website. Please provide an update on this on how to solve this problem.
Thanks,
Eric
Vikas
Jan 22, 2013, 3:27:16 PM1/22/13
to discuss-webrtc
Hi Eric,
Based on Justin's earlier comment have you verified the type of NAT?
Most likely you might need TURN. Chrome added support for TURN in M24.
I do not think apprtc demo is using TURN by default. However you can
specify TURN credentials by adding &ts = server_address and &tp =
password at the end of apprtc url to test TURN. You would need a TURN
server to test this.
/Vikas
On Jan 22, 10:59 am, Eric Thomas <mailerictho...@gmail.com> wrote:
> Hi,
>
> I would like to know the update on this SonicWall firewall using with
> WebRTC. Is it now supported withhttps://apprtc.appspot.com, as i have
> installed.
> Machine B: Usinghttps://apprtc.appspot.com, no SonicWall firewall
Based on Justin's earlier comment have you verified the type of NAT?
Most likely you might need TURN. Chrome added support for TURN in M24.
I do not think apprtc demo is using TURN by default. However you can
specify TURN credentials by adding &ts = server_address and &tp =
password at the end of apprtc url to test TURN. You would need a TURN
server to test this.
/Vikas
On Jan 22, 10:59 am, Eric Thomas <mailerictho...@gmail.com> wrote:
> Hi,
>
> I would like to know the update on this SonicWall firewall using with
> tried it and it did not worked.
>
> Machine A: Usinghttps://apprtc.appspot.comwith SonicWall firewall
>
> installed.
> Machine B: Usinghttps://apprtc.appspot.com, no SonicWall firewall
> installed.
>
> The Videos are not loading using apprtc website. Please provide an update
> on this on how to solve this problem.
>
> Thanks,
> Eric
>
>
>
>
>
>
>
> On Thursday, July 26, 2012 12:27:55 PM UTC-7, Justin Uberti wrote:
>
> > I'm guessing SonicWall implements endpoint-dependent mappings. This type
> > of firewall won't work with WebRTC until we land our TURN support.
>
> > You can verify the type of NAT using the tools at
> >http://sourceforge.net/projects/stun/. (This type of NAT classification
> > is obsolete, but still useful to understand whether TURN will be needed or
> > not)
>
> > ex:
> > juberti-mbp:stund juberti$ ./client stunserver.org
> > STUN client version 0.97
> > Primary: Dependent Mapping, random port, no hairpin
>
>
> The Videos are not loading using apprtc website. Please provide an update
> on this on how to solve this problem.
>
> Thanks,
> Eric
>
>
>
>
>
>
>
> On Thursday, July 26, 2012 12:27:55 PM UTC-7, Justin Uberti wrote:
>
> > I'm guessing SonicWall implements endpoint-dependent mappings. This type
> > of firewall won't work with WebRTC until we land our TURN support.
>
> > You can verify the type of NAT using the tools at
> >http://sourceforge.net/projects/stun/. (This type of NAT classification
> > is obsolete, but still useful to understand whether TURN will be needed or
> > not)
>
> > ex:
> > juberti-mbp:stund juberti$ ./client stunserver.org
> > STUN client version 0.97
> > Primary: Dependent Mapping, random port, no hairpin
>
Eric Thomas
Jan 22, 2013, 10:15:11 PM1/22/13
to discuss...@googlegroups.com
Hi,
I have one doubt, if i am using TURN server while doing peer connection, do i have to mention the STUN server IP also or We should go for either TURN or STUN only while writing their respective ip's in the peer connection code.
Thanks,
Eric
I have one doubt, if i am using TURN server while doing peer connection, do i have to mention the STUN server IP also or We should go for either TURN or STUN only while writing their respective ip's in the peer connection code.
Thanks,
Eric
Vikas Marwaha
Jan 23, 2013, 12:35:32 AM1/23/13
to discuss...@googlegroups.com
Hi,
You can specify a TURN server only. The TURN protocol builds on top of STUN protocol in order to build a relay service. I think a TURN server would also function as a STUN server so no need for both TURN & STUN servers.
/Vikas
--
Reply all
Reply to author
Forward
0 new messages