STUN/Turn Servers

[Carlos Fernandez]

I have an Janus-gateway working, but when I am using network with a firewall it does not work.  It gives me an error saying "Is the gateway down?"  

I have modify the list of iceservers to include both stun and turn servers but I still cannot connect to the gateway from behind the firewall. 

[Carlos Fernandez]

iceServers : [{"url": "stun:stun.l.google.com:19302"}, {"url": "stun:stun.anyfirewall.com:3478"}, {"credential": "XXX", "url": "turn:turn.bistri.com:80", "username": "XXX"}, {"credential": "XXX", "url": "turn.turn.anyfirewall.com:443?transport=tcp", "username": "XXX"}],

here is what I am using for iceServers.

[Lorenzo Miniero]

"Is the gateway down" either means the API server is not reachable or Janus is down. STUN/TURN configuration have no effect on this.

Lorenzo

[Carlos Fernandez]

Thank you for answering, when I start the server I get:

---------------------------------------------------

  Starting Meetecho Janus (WebRTC Gateway) v0.0.6

---------------------------------------------------

Reading configuration from /opt/janus/etc/janus/janus.cfg

Checking command line arguments...

Debug/log level is 4

Adding 'vmnet' to the ICE ignore list...

Using 104.236.45.65 as local IP...

Initializing ICE stuff (IPv6 candidates disabled)

Fingerprint of our certificate: 85:73:68:7F:1C:26:71:56:07:5E:5A:E7:DE:6D:FA:EA:60:36:57:95:03:C1:8B:0A:B3:7E:60:7A:AF:94:FC:74

Plugins folder: /opt/janus/lib/janus/plugins

Loading plugin 'libjanus_recordplay.so'...

JANUS Record&Play plugin initialized!

Record&Play watchdog started

Loading plugin 'libjanus_videoroom.so'...

JANUS VideoRoom plugin initialized!

VideoRoom watchdog started

Loading plugin 'libjanus_streaming.so'...

JANUS Streaming plugin initialized!

Loading plugin 'libjanus_videocall.so'...

JANUS VideoCall plugin initialized!

Loading plugin 'libjanus_voicemail.so'...

Streaming watchdog started

VideoCall watchdog started

JANUS VoiceMail plugin initialized!

Loading plugin 'libjanus_audiobridge.so'...

VoiceMail watchdog started

JANUS AudioBridge plugin initialized!

Loading plugin 'libjanus_echotest.so'...

AudioBridge watchdog started

JANUS EchoTest plugin initialized!

Echotest watchdog started

Loading plugin 'libjanus_sip.so'...

JANUS SIP plugin initialized!

SIP watchdog started

HTTP webserver started (port 8088, /janus path listener)...

HTTPS webserver started (port 8889, /janus path listener)...

WebSockets server started (port 8188)...

[WARN] Secure WebSockets server disabled

[WARN] RammitMQ support disabled

Admin/monitor HTTP webserver started (port 7088, /admin path listener)...

[WARN] Admin/monitor HTTPS webserver disabled

Sessions watchdog started

I also tried: (Yes I know I would not be able to telnet but just wanted to see if it is reachable)

Carloss-MacBook-Pro:~ carfernandez$ telnet janusgateway.dinforums.com 8088

Trying 104.236.45.65...

telnet: connect to address 104.236.45.65: Connection refused

telnet: Unable to connect to remote host

How else can I test it?

[Lorenzo Miniero]

I guess this means the port is not reachable from outside. You can confirm whether or not Janus has bound on port 8088 using fuser:

    fuser -n tcp 8088

L.

[Carlos Fernandez]

It appears that 8088 is open. 

Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-03 00:43 EET 
Initiating Ping Scan at 00:43 
Scanning 104.236.45.65 [4 ports] 
Completed Ping Scan at 00:43, 0.16s elapsed (1 total hosts) 
Initiating SYN Stealth Scan at 00:43 
Scanning janusgateway.dinforums.com (104.236.45.65) [2 ports] 
Discovered open port 8088/tcp on 104.236.45.65 
Completed SYN Stealth Scan at 00:43, 0.16s elapsed (2 total ports) 

Nmap scan report for janusgateway.dinforums.com (104.236.45.65) 
Host is up (0.11s latency). 

PORT STATE SERVICE 
8088/tcp open radan-http 
8089/tcp closed unknown 

[Nicholas Wylie]

Are you accessing the test pages on HTTP or HTTPS?

It looks like your HTTPS interface for the gateway is listening on port 8889, but I think the JavaScript code will try and use 8089 by default if you're using HTTPS.

[Carlos Fernandez]

I have tried both and I can access the page, but it does not seem able to connect to the gateway.

[Carlos Fernandez]

Keep in mind if I am working from home Home network it works fine.  If I join a domain then it does not work.  This is why I think is a STUN/TURN issue.

On Tuesday, December 2, 2014 3:28:04 PM UTC-5, Carlos Fernandez wrote:

[Carlos Fernandez]

I am trying to mimic someone not working from home, so I created an active director and I am login into a domain; once I do that I cannot find the gateway....

[Nicholas Wylie]

STUN/TURN is only used for establishing the actual WebRTC data channels.

From what you said it sounds like Janus is running on a machine in your local network behind a router. If this is the case, you need to make sure that the router is forwarding all requests on the public interface through to Janus.

i.e. you probably need some form of port forwarding from the router to the machine running Janus.

[Carlos Fernandez]

What I find very strange is that it works from one location, but not from other locations.  If it was a port not been forward, then it shouldn't work from any location.

[Carlos Fernandez]

I have more info, I hope this helps: 

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

tcp        0      0 *:ssh                   *:*                     LISTEN      1110/sshd

tcp        0    232 janusgateway.dinfor:ssh 208.91.164.254:9206     ESTABLISHED 3194/1

root@janusgateway:~# sudo iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

On Tuesday, December 2, 2014 3:28:04 PM UTC-5, Carlos Fernandez wrote:

[Nicholas Wylie]

It is a bit strange. Can you try and describe your setup a little better?

Where is the gateway running, where is the web content hosted, what are the network locations you are trying to access the gateway from?

[Carlos Fernandez]

I have Ubuntu box running in Digital Ocean.  The box has the Janus gateway and Apache2.  I can hitting the box from home using WIFI (not joining a domain)  The second location has a domain which I join, once I join that domain I cannot hit the gateway.  You would think is something with the domain or firewall but here is the strange part.   If I go to your URL: http://janus.conf.meetecho.com/videomcutest.html from either location it works 100%, my demo url is : janusgateway.dinforums.com and url only works from home.  So, am sure is something with the way I have setup either apache or the gateway.  Just not sure where else to look.

If you guys are available for some work I would to hire you to take a look at the server configuration.

[Gatecrasher777]

janusgateway.dinforums.com works for me.

[Carlos Fernandez]

It works for me too, just NOT from every location.  While your demo at meetecho.com works from every location. 

[Lorenzo Miniero]

You are still using port 8088 in videomcutest.js

Read the commented text at the beginning of that file to see what to change.

L.

--
You received this message because you are subscribed to the Google Groups "meetecho-janus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to meetecho-janu...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Carlos Fernandez]

The server is listening on ports 8088 and 8889 so my code looks like this:

var server = null;

if(window.location.protocol === 'http:')

    server = "http://janusgateway.dinforums.com:8088/janus";

else

    server = "https://janusgateway.dinforums.com:8889/janus";

I can change the janus config and make it point to 8089 if that would help.

Here is the output when I start the gateway:

Reading configuration from /opt/janus/etc/janus/janus.cfg

Checking command line arguments...

Debug/log level is 4

Adding 'vmnet' to the ICE ignore list...

Using 104.236.45.65 as local IP...

Initializing ICE stuff (IPv6 candidates disabled)

Fingerprint of our certificate: 85:73:68:7F:1C:26:71:56:07:5E:5A:E7:DE:6D:FA:EA:60:36:57:95:03:C1:8B:0A:B3:7E:60:7A:AF:94:FC:74

Plugins folder: /opt/janus/lib/janus/plugins

Loading plugin 'libjanus_recordplay.so'...

JANUS Record&Play plugin initialized!

Record&Play watchdog started

Loading plugin 'libjanus_videoroom.so'...

JANUS VideoRoom plugin initialized!

Loading plugin 'libjanus_streaming.so'...

VideoRoom watchdog started

JANUS Streaming plugin initialized!

Loading plugin 'libjanus_videocall.so'...

Streaming watchdog started

JANUS VideoCall plugin initialized!

Loading plugin 'libjanus_voicemail.so'...

VideoCall watchdog started

JANUS VoiceMail plugin initialized!

Loading plugin 'libjanus_audiobridge.so'...

VoiceMail watchdog started

JANUS AudioBridge plugin initialized!

Loading plugin 'libjanus_echotest.so'...

AudioBridge watchdog started

JANUS EchoTest plugin initialized!

Loading plugin 'libjanus_sip.so'...

Echotest watchdog started

JANUS SIP plugin initialized!

SIP watchdog started

HTTP webserver started (port 8088, /janus path listener)...

HTTPS webserver started (port 8889, /janus path listener)...

[Lorenzo Miniero]

Yes Carlos but the whole point was to add the Janus API behind apache/nginx, which you did (http://janusgateway.dinforums.com/janus/info works), but then instead of contacting the API through port 80 using just "/janus" as server, you're still trying to connect through port 8088, which is probably filtered in the networks where it doesn't work. You don't need to connect to 8088 yourself, the web server will do that for you by proxying. If this is still unclear, please read this brief explaination of the whole process: http://en.wikipedia.org/wiki/Reverse_proxy

L.

[Carlos Fernandez]

I have changed the config file to use 8089 for SSL.  Let me try from the second location.

On Thursday, December 4, 2014 1:41:56 PM UTC-5, Lorenzo Miniero wrote:

[Lorenzo Miniero]

No need to do that... please read my other reply.

L.

[Carlos Fernandez]

From the second location I get:   OPTIONS https://janusgateway.dinforums.com:8089/janus net::ERR_CONNECTION_REFUSED

From the first location, everything works fine. 

Very strange

On Thursday, December 4, 2014 1:41:56 PM UTC-5, Lorenzo Miniero wrote:

[Carlos Fernandez]

Got it!  

Thank you.

Is there way to send a custom message using the send function?

[Carlos Fernandez]

Now it is working with HTTP but not with HTTPS, when I run in HTTPS I get:  POST https://janusgateway.dinforums.com/janus 502 (Proxy Error)

On my default-ssl.conf I have: 

                Header set Access-Control-Allow-Origin "*"

                ProxyRequests Off

                ProxyVia Off

                ProxyPass /janus http://127.0.0.1:8089/janus

                ProxyPassReverse /janus http://127.0.0.1:8089/janus