Pfsense jitsi ICE failed

stephenw10 · Oct 22, 2014, 1:28 AM

Does it require static port mapping?
https://doc.pfsense.org/index.php/Static_Port

Steve

aGeekhere · Oct 22, 2014, 1:35 AM

will try switching to Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) and see if that works

aGeekhere · Oct 22, 2014, 2:43 AM

tried changing to Manual Outbound NAT rule generation, same problem

cmb · Oct 22, 2014, 4:07 AM

Not just manual outbound, with static port.
https://doc.pfsense.org/index.php/Static_Port

aGeekhere · Oct 22, 2014, 4:50 AM

Hi
new outbound rule at top
WAN 192.168.1.0/24 * * * WAN address * YES Auto created rule for LAN to WAN

outbound rule setup

interface wan
protocol any
source network
192.168.1.0/24
Destination unticked

Translation interface address
Static-port ticked
No XMLRPC Sync unticked

still ICE failed

Am i missing something?
chat works just not audio or video calls

stephenw10 · Oct 22, 2014, 1:50 PM

Hmm, I've never used jitsi so I can't comment directly but I can't believe it's much different from other video conferencing systems. A quick glance through the FAQs shows it has multiple methods for traversing NAT, I would have thought one of them should be working. I can see no mention of specific ports required so I assume it used dynamic ports. It could be that your previous router had UPnP enabled by default and it was using that. pfSense does not enable it by default so you could try that. Be aware of the security implications of doing so.

Steve

aGeekhere · Oct 22, 2014, 9:42 PM

I have it going through openfire jitsi videobridge with udp ports 50000-60000 tcp port 5222 both are open in nat.

So the setup

Server running openfire with jitsi videobridge
tcp port 5222 open for server's ip
udp ports 50000-60000 open for the server's ip

Chat works and the users are able to connect.

jitsi has a fall back dns (enable parallel DNS resolving)
8.8.8.8
on port 53
Could it be that it wants to connect to the fall back dns but it can't?

How would I allow the above dns?

kejianshi · Oct 22, 2014, 10:34 PM

You will either need to run openfire with a public IP on the machine running openfire.

Or run a stun server with public IPs on that.

kejianshi · Oct 22, 2014, 10:44 PM

FYI - been running openfire chat servers for many years and its only ever worked with RTP video/audio streams for me on public IPs.

I keep my personal server behind pfsense and behind NAT to reduce its exposure to the web but I've had one running with a public IP also and that one has great video/audio and security features of jitsi work great with that also.

aGeekhere · Oct 22, 2014, 11:21 PM

But if i use a standard router I do not get any ICE errors.

I will try using the openfire STUN server plugin and see how that goes

kejianshi · Oct 22, 2014, 11:25 PM

So, you have had success running openfire with audio/video with both clients behind NAT and pfsense behind NAT without STUN?

That would make you smarter than me for sure (-:

kejianshi · Oct 22, 2014, 11:26 PM

The stun plugin requires an interface with public IP on the interface.

aGeekhere · Oct 22, 2014, 11:35 PM

The stun plugin worked :)

Thank you

kejianshi · Oct 22, 2014, 11:37 PM

Anytime.