Janus Gateway with ICE/STUN/TURN Server

[Kannan Murali]

Hi:

I have the following general questions when Janus Gateway is placed behind the Firewall/NAT:

1. If the Firewall/NAT doesn't allow UDP ports to be pass through:

    a). Say the corporate IT allows the ICE/STUN/TURN server to placed in the DMZ zone, what are the configuration that we need to do 

         for the Janus Gateway to work with this setup.

    b). Is it possible to have the ICE/STUN/TURN server behind the Firewall/NAT and have the Janus Gateway work with this setup? If so, 

         what are the configuration that we need to take are for Janus Gateway to work.

         NOTE: Do we need to take care any special configuration in the Firewall/NAT for the above cases #a and #b???

2. If the Firewall/NAT allows a limited set of  UDP ports (say up to 20 ports) to be pass through:

    a). Having the Janus Gateway behind the Firewall/NAT and allowing a set of UDP ports will it work? Meaning, whether the Janus Gateway 

         supports the same set of UDP ports for all the clients connecting through Janus Gateway???  This needs Janus Gateway to bind the socket 

         with both the source (local) and destination (remote) addresses (IP address and UDP ports).

    b). Will this scenario works - Whether the Janus Gateway takes care of the WebRTC client being connected directly from the Internet 

         (no Firewall/NAT restrictions), the WebRTC client being connected from the corporate network (going through all Firewall/NAT restrictions), 

         the WebRTC client being connected through the corporate VPN (going through all  Firewall/NAT restrictions).

    c). If Janus Gateway doesn't take care of all the scenarios listed in #b, then I assume we still need the ICE/STUN/TURN server support.

         If so, what kind ICE/STUN/TURN server support we may need to support???  Like the ones listed for #a and #b for #1.

3. We tried the Janus Gateway to limit the RTP  port range to 20000 to 20100 (just 100 UDP ports) in the janus.cfg file, but that didn't work. 

   Janus Gateway allocated UDP ports out of this range. Do I need to do any other configuration apart from setting up the range and un-commenting 

   the "[media]" line?

-KMurali

[Lorenzo Miniero]

The janus.cfg has tons of comments, please check that and the online documentation for answers to your question.

Not sure what a STUN/TURN server behind a NAT is useful for: their main purpose is allow traffic to traverse a NAT by providing publicly reachable addresses. Putting them within the infrastructure isn't going to solve that at all.

20 ports are not going to be enough. If you have so few ports available just open a single one to reach an external TURN server and use that one (although forcxing everything through a relay s going to pretty much suck). That said, the RTP range only works if you have a more recent version of libnice: if that's not happening for you I guess the libnice version is not new enough.

L.