Pfsense jitsi ICE failed
I have an issue with jitsi for video/audio external calls, get an ICE failed https://jitsi.org/Documentation/FAQ#ice-failed
TCP port is open
UDP port range is open
Anyone have any ideas (as it worked on my old router).
Does it require static port mapping?
will try switching to Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) and see if that works
tried changing to Manual Outbound NAT rule generation, same problem
cmb last edited by
Not just manual outbound, with static port.
new outbound rule at top
WAN 192.168.1.0/24 * * * WAN address * YES Auto created rule for LAN to WAN
outbound rule setup
Translation interface address
No XMLRPC Sync unticked
still ICE failed
Am i missing something?
chat works just not audio or video calls
Hmm, I've never used jitsi so I can't comment directly but I can't believe it's much different from other video conferencing systems. A quick glance through the FAQs shows it has multiple methods for traversing NAT, I would have thought one of them should be working. I can see no mention of specific ports required so I assume it used dynamic ports. It could be that your previous router had UPnP enabled by default and it was using that. pfSense does not enable it by default so you could try that. Be aware of the security implications of doing so.
I have it going through openfire jitsi videobridge with udp ports 50000-60000 tcp port 5222 both are open in nat.
So the setup
Server running openfire with jitsi videobridge
tcp port 5222 open for server's ip
udp ports 50000-60000 open for the server's ip
Chat works and the users are able to connect.
jitsi has a fall back dns (enable parallel DNS resolving)
on port 53
Could it be that it wants to connect to the fall back dns but it can't?
How would I allow the above dns?
You will either need to run openfire with a public IP on the machine running openfire.
Or run a stun server with public IPs on that.
FYI - been running openfire chat servers for many years and its only ever worked with RTP video/audio streams for me on public IPs.
I keep my personal server behind pfsense and behind NAT to reduce its exposure to the web but I've had one running with a public IP also and that one has great video/audio and security features of jitsi work great with that also.
But if i use a standard router I do not get any ICE errors.
I will try using the openfire STUN server plugin and see how that goes
So, you have had success running openfire with audio/video with both clients behind NAT and pfsense behind NAT without STUN?
That would make you smarter than me for sure (-:
The stun plugin requires an interface with public IP on the interface.
The stun plugin worked :)