Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NAT workaround for mediasoup in 2.5 or later #223

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

NAT workaround for mediasoup in 2.5 or later #223

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f82bb3a
NAT workaround for mediasoup in 2.5 or later
qubex22 Jul 2, 2022
49bf22a
Add freeswitch step
qubex22 Jul 4, 2022
4ef603f
Update behind-nat.md
qubex22 Jul 4, 2022
3b9887a
Update behind-nat.md
qubex22 Sep 30, 2023
0c99368
Update behind-nat.md
qubex22 Sep 30, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 37 additions & 7 deletions docs/behind-nat.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,44 @@
# Note if you use a Firewall / NAT
Kurento binds somehow always to the external IP instead of the local one or `0.0.0.0`. For that reason you need to add your external IP to your interface.
# Note if you use a Firewall / NAT in BBB 2.5 or later
1. When the **setup script** asks for your **external IPv4** select NO and then put the **private ip** of your host.
> Is x.x.x.x your external IPv4 address? (y/n): *n*
> Please enter correct IPv4 address: *192.168.1.100*

#### Temporary way (until next reboot)
This is because the variable **EXTERNAL_IPv4** in .env should be the private ip of the host. If you put the public ip and port forward in your router when the packets reach bbb they would be searching for your PublicIP:port and finally the result would be port unreachable.

2. Now freeswitch and mediasoup bind to the private ip, and we have port forwarded every needed udp port 16384-32768. The problem now is that Mediasoup have an ***announcedIp*** variable that sould ALWAYS be the Public IP, if not, webrtc won't work

3. To change this, we should edit the `docker-compose.yml` at these lines:
```
MS_WEBRTC_LISTEN_IPS: '[{"ip":"${EXTERNAL_IPv4}", "announcedIp":"x.x.x.x"}]'
MS_RTP_LISTEN_IP: '{"ip":"0.0.0.0", "announcedIp":"x.x.x.x"}'
```
where x.x.x.x is your public ip

4. As indicated in https://github.com/bigbluebutton/bigbluebutton.github.io/issues/126 these 2 variables in `bbb-docker/mod/freeswitch/conf/vars.xml` file of freeswitch should point to the external ip:
```
$ ip addr add 144.76.97.34/32 dev ens3
<X-PRE-PROCESS cmd="set" data="external_rtp_ip=autonat:x.x.x.x"/>
<X-PRE-PROCESS cmd="set" data="external_sip_ip=autonat:x.x.x.x"/>
```
where x.x.x.x is your public ip

#### Permanent way
Specific to your linux distribution. Use a search engine of your choice. ;)
5. In the `docker-compose.yml` file comment the image line of freeswitch in order to build it locally when you run docker compose up -d
```
freeswitch:
container_name: bbb-freeswitch
build:
context: mod/freeswitch
args:
BBB_BUILD_TAG: v2022-12-29-grails-524
TAG_FS_BUILD_FILES: v2.6.0
TAG_FS_CONFIG: v2.6.0
TAG_FREESWITCH: v1.10.9
#image: alangecker/bbb-docker-freeswitch:v2.6.0
restart: unless-stopped
cap_add:
- IPC_LOCK
- NET_ADMIN
- NET_RAW
```

## Ports
Also don't forget to forward all necassary ports listed in https://docs.bigbluebutton.org/admin/configure-firewall.html