use digiges STUN servers
Closed this issue · 10 comments
@datenreisen
I remember you said that we have STUN servers at digiges? Who should I talk too?
@datenreisen
I remember you said that we have STUN servers at digiges? Who should I talk too?
This is @packi (STUN, TURN for BigBlueButton)
Btw. Die coturn config von jitsi-meet ist sehr viel besser als das was in der BBB doku steht:
https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet-turn/turnserver.conf
Die config berücksichtigt auch die Erkenntnisse aus:
https://www.rtcsec.com/post/2020/04/how-we-abused-slacks-turn-servers-to-gain-access-to-internal-services/
Upstream now has configurable stun servers. Thus, merged upstream and configured @packi stun server (see #31). Note that this will work in 99% of all cases. In my experience TURN is only necessary if people use tethering via mobile phone (which results in cascaded NAT, i.e., IPv4 NAT on phone, IPv4 CGNAT on mobile access network).
so the remaining part is that we need to use the TURN servers, as discussed with the digiges team we will create our own TURN servers inside the k8s cluster in order to be resilient against outages from the current infrastructure (to not overload it)
Oh, okay. If you like to set it up using ansible, then use systemli/coturn from master branch (edit: they released 1.2.0 recently). Also note that this one will use the TURN REST Authentication (like virtually all WebRTC applications), so you need to configure TURN_STATIC_AUTH_SECRET in (and not TURN_USER / TURN_PASSWORD).
@znerol yea I'm looking into a kubernetes solution as this is currently what I have running WorkAdventure with, so in the future we might be able to publish this as a package for others to use. but if I fail with kubernetes I will use that one, thanks!
Done in #36
Tested with Firefox about:config setting media.peerconnection.ice.relay_only set to true. Verified by inspecting selected peer candidates in about:webrtc. Thanks @Schnitzel