You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by "Coscend@OM" <OM...@Coscend.com> on 2019/11/19 17:10:06 UTC
OM5: Reverse Proxy - CoTURN NAT
Dear OM Community,
Could you guide us on this problem: video not appearing in our OM5
installation?
Even in the intranet / LAN,
. We cannot see others' video.
. we can see own video (self).
Same result in WAN via NAT, reverse proxy.
--------------
Here is our setup:
Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A
9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim's overall and
ImageMagick guidance
- - > Kurento, docker: Alvaro's tutorial on Docker, Kurento in CentOS 7/8
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education,
Telepresence Services, on the fly.
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
Messages from Coscend Communications Solutions' posted at:
<http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Maxim Solodovnik <so...@gmail.com>.
Most probably you have issues with coturn configuration
And/or it might be connectivity issues due to you are using partially
dockerized environment
You need to check everything one more time
On Mon, Dec 9, 2019, 18:47 Alvaro <zu...@gmail.com> wrote:
> Coscend,
>
> The libraries you refer are to compile ffmpeg. The scripts
> to compile it, if you follow the tutorials, are different for
> Centos 7 or Centos 8.
>
> Also the tutorials are differents for Centos 7 or Centos 8.
>
> Regards
>
>
>
> ------------------------
>
>
> El lun, 09-12-2019 a las 16:35 +0530, Coscend@OM escribió:
>
> Dear Maxim,
>
>
>
> >>Does demo-next work for you?
>
> Thank you for this lead that helped narrow down potential causes of our
> issue.
>
>
>
> Demo-next WORKS from within our intranet that is guarded by our “strict
> firewall” as well as from extranet and a combination of extra- and
> intra-net.
>
>
>
> This helped conclude our issue to be:
>
> 1. our AV libraries installation and / or
>
> 2. CoTURN configuration.
>
>
>
> Seeking your and Alvaro’s insight
>
> --------------------------------------------
>
> Source: Alvaro’s tutorial.
>
>
>
> We do not have these libraries installed: Could this be the cause of the
> issue?
>
> alsa-lib
>
> imlib2
>
> gsm
>
> vorbis-tools
>
> libass
>
> libao
>
> faac, faad2—perhaps for iPod
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, December 9, 2019 11:11 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Does demo-next work for you?
>
> It sounds really weird m3 is so much worse than m2 ...
>
>
>
> On Mon, 9 Dec 2019 at 12:32, Coscend@OM <OM...@coscend.com> wrote:
>
> Dear Maxim,
>
>
>
> CoTURN is installed—we included in subject line of the message—and passing
> trickle ICE test for STUN:3478, but not for TURN:3478. Could this be an
> issue?
>
>
>
> *5.0.0-M2 IS transmitting video or audio to the other users, but NOT at
> the same time—i.e., transmitting only video or audio at any time.
> Therefore, CoTURN is working and firewall is not blocking.
>
>
>
> *5.0.0-M3 (build 2367) is NOT transmitting both video and audio.
>
>
>
> No configuration changes except SSL and MariaDB (mysql_persistence.xml).
>
>
>
> If it is not firewall, CoTURN or OM code logic, is there any other area we
> should look at that we are missing now?
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, December 9, 2019 10:30 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> You don't need to change any logic
>
> You should install STUN/TURN server
>
> please search mailing lists `coturn`
>
>
>
> On Sun, 8 Dec 2019 at 15:45, Coscend@OM <OM...@coscend.com> wrote:
>
> Further, to clarify,
>
> 1. The server hosting OM, Kurento and Docker is in the DMZ.
>
> 2. The client devices are in the one single subnet, connected to a
> switch.
>
>
>
> That is, even though the devices are in one subnet, they still receive the
> stream from a different subnet. The stream has to pass through a firewall
> and router to reach the two devices. Only peer-to-peer connection is in
> the same sub-net and does not go through the firewall.
>
>
>
> So, all these video and audio effects are due to streaming across the
> firewall.
>
>
>
> -------------------------
>
> In sum, we need to change the logic in the following sections of the code
> to get the stream (video and audio) at the same time through the firewall
> to the users. Any insight into this would be appreciated.
>
>
>
> om-web/…raw-video.js:
>
> getVideoStream:
> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js#L57
>
>
>
> om-web/…raw-video-manager.js:
>
> onBroadcast:
> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video-manager.js#L27
>
>
>
> activityAllowed, activityToggle, hasActivity, Client set(Activity a),
> Client toggle(Activity a)
>
> om-core/…StreamProcessor.java:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
>
>
>
> om-core/…KurentoHandler.java:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
>
>
>
> om-db/…Client.java:
> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com]
> *Sent:* Sunday, December 8, 2019 4:23 AM
> *To:* 'Openmeetings user-list' <us...@openmeetings.apache.org>
> *Subject:* RE: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Dear Maxim,
>
>
>
> We tested both:
>
> 5.0.0-M2 (BEFORE issues 2101 and 2132 were fixed) and
>
> 5.0.0-M3 (AFTER issues were fixed)
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2101
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2132
>
> Setup: CentOS 8 + Coturn + Kurento via Docker-CE-3:19.03.5-3
>
> -----------
>
> M2:
>
> Intranet (no router / firewall)
>
> Either audio or video are transmitting individually.
>
> The users can either see OR hear each other. But the users cannot do both
> at the same time.
>
> But when both video and audio are turned on, both video and audio
> disappears on users’ own as well as other users’ screen. Only a green
> boundary highlighter appeared when someone spoke.
>
>
>
> Extranet (with firewall and router): Same result. This means firewall
> and router ports are open and transmission is enabled.
>
>
>
> M3:
>
> Intranet (no router / firewall)
>
> Both audio and video are NOT transmitting.
>
> Each user can see itself on its own screen. They cannot see other users
> on their screen. They cannot hear other users.
>
>
>
> Extranet (with firewall and router): Same result.
>
>
>
> ---------
>
> Another issue: Start Recording Test: This does not stop.
>
> ---------
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com
> <so...@gmail.com>]
> *Sent:* Wednesday, December 4, 2019 10:40 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> This might be one of
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2101
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2132
>
>
>
> On Wed, 4 Dec 2019 at 04:43, Coscend@OM <OM...@coscend.com> wrote:
>
> Dear Maxim,
>
>
>
> All stable releases:
>
> Kurento: Installed using docker command. How do we find its version?
>
> OM 5.0.0-M2
>
> Docker-CE-3:19.03.5-3
>
> CentOS 8
>
> MariadB 10.3.18
>
>
>
> Steps used:
>
> Intranet: Two devices connected via a switch. No router. (Extranet
> gives same result with the same steps.)
>
> Hardware Firewall ports open: Tomcat 443, 49152-63555, Coturn 3478, 8888
>
>
>
> Start coturn
>
> Start Docker
>
> Start Kurento: docker run -d --name kms -p 8888:8888 --mount
> type=bind,source= …,target=…
>
> Start MariaDB
>
> Start Tomcat (SSL)
>
> Install OM – 5.0.0-M2 successful.
>
> Create a user.
>
>
>
> OM Admin / Moderator enters Presentation room.
>
> User enters room.
>
> Moderator allows user all moderation rights.
>
> Moderator turns on video.
>
> User turns on video.
>
> ---- > both can see each other.
>
> Both turn off videos.
>
> Moderator turns on audio.
>
> User turns on audio.
>
> ------ > Both can hear each other.
>
> Both turn off audio.
>
>
>
> -------------ISSUE STARTS BELOW.
>
> ISSUE 1---
>
> Moderator turns on video.
>
> User turns on video.
>
> --- > Both can see each other.
>
> Moderator turns on audio.
>
> --- > Moderator can see himself. User video turns off on moderator
> screen. User can see his video on his own screen.
>
> ---- > Both cannot hear each other.
>
> Moderator turns off audio.
>
> --- > Moderator can see himself. User video still off on his screen.
> User can see his video on his own screen.
>
> Moderator turns off video.
>
> User turns off video.
>
> --------------REPEAT THE ABOVE ISSUE
>
> ISSUE 2---
>
> …Repeat steps in ISSUE 1 with roles in reversed order (User going first
> and moderator following it). Same result.
>
> User turns on video.
>
> Moderator turns on video.
>
> --- > Both can see each other.
>
>
>
> --------------REPEAT ISSUE 1 and ISSUE 2
>
> Moderator starts with audio.
>
> User turns on audio.
>
> --- > both can hear each other
>
> Moderator turns on video.
>
> --- > Moderator can see the green bar rising for audio. User can see
> the green boundary of moderator video frame glowing. Both cannot hear each
> other.
>
> --- > Both cannot see each other.
>
> --------------REPEAT THE ABOVE ISSUE with roles in reversed order.
>
> …Repeat steps with roles in reversed order (User going first and moderator
> following it). Same result.
>
> User starts with audio.
>
>
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Tuesday, December 3, 2019 12:40 PM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Cc:* Coscend@OM <OM...@coscend.com>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Please provide
>
>
>
> 1) OM version you are using
>
> 2) KMS version you are using
>
> 3) What are the steps to reproduce the issue
>
>
>
> Thanks in advance
>
>
>
>
>
> On Tue, 3 Dec 2019 at 05:58, Daniel Baker <in...@collisiondetection.biz>
> wrote:
>
> Can you try for testing purposes on a real server. Help to eliminate
> possibilities.
>
> On 12/3/2019 1:44 AM, Coscend@OM wrote:
>
> Dear Daniel,
>
>
>
> Thank you for the pointer. Unfortunately, our servers are
> enterprise-grade (meaning prohibitively expensive) and hence, need to have
> VMs to be cost-effective.
>
>
>
>
>
> Dear Maxim,
>
>
>
> After over 50 tests with different configurations of coturn and firewall
> ports, we are now able to stream in intranet as well as extranet:
>
> Videos of all participants
>
> Audio of all participants
>
>
>
> The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME
> TIME.
>
> We would appreciate any insight the solution.
>
>
>
> ----
>
> Possible cause
>
> Firewall ports (both hardware and software) are not blocking because the
> users can:
>
> 1. See either video or audio at any time, but not both concurrently.
>
> 2. Giving the same result in the following use cases:
>
> both intranet (two devices connected to one switch, and no router between
> the devices) and
>
> extranet (router+firewall).
>
>
>
> We are attempting to refine the logic of methods, variables and their
> values stored in and retrieved from OM database:
>
> activityAllowed, activityToggle, hasActivity, Client set(Activity a),
> Client toggle(Activity a)
>
>
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
>
>
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
>
>
>
> om-db:
> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
> *From:* Daniel Baker [mailto:info@collisiondetection.biz
> <in...@collisiondetection.biz>]
> *Sent:* Saturday, November 30, 2019 1:28 PM
> *To:* OM.Insights@Coscend.com; user@openmeetings.apache.org
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Went to a real server ( laptop , ubuntu ) . No VM.
>
> On 11/30/2019 2:06 PM, Coscend@OM wrote:
>
> Hello Daniel,
>
>
>
> Thank you for highlighting one of the possibilities. What was the
> solution you implemented in your case? How did it go?
>
>
>
> Perhaps we can learn from your use case and implement it in our context.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
> *From:* Daniel Baker [mailto:info@collisiondetection.biz
> <in...@collisiondetection.biz>]
> *Sent:* Friday, November 29, 2019 3:14 AM
> *To:* user@openmeetings.apache.org; Maxim Solodovnik
> <so...@gmail.com> <so...@gmail.com>; OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> I had a similar issue but put it down to it being in a VM (virtualbox)
>
> On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
>
> This "We can see our own video/audio. We are not getting the video and
> audio of other users"
>
> most probably mean audio/video is NOT working on your server
>
>
>
> I would:
>
> 1) check if audio/video works on localhost
>
> (I'm using FF + Chrome in the same room to check video is transferred)
>
> 2+) add network levels one by one and check if video is being transferred
>
>
>
> config looks good, but there are lots of options ....
>
>
>
> On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM...@coscend.com> wrote:
>
> Dear Maxim and Rene,
>
>
>
> We are serving HTTPS by Tomcat9/OM5 binary. We can see our own
> video/audio. We are not getting the video and audio of other users.
>
> Below is our config. Perhaps you could suggest what we are missing.
>
>
>
> -----------------------------------------------
>
>
>
> Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn.
> 443 for Tomcat
>
>
>
> - - >Coturn config:
>
> Listening port=3478
>
> Tls-listening-port=5439
>
> listening-ip=<Local IP of server hosting coturn>
>
> relay-ip=<Local IP of server hosting Tomcat>
>
> external-ip=<Public IP>/<Local IP of server hosting coturn>
>
>
>
> verbose
> fingerprint
> lt-cred-match
>
> use-auth-secret
> static-auth-secret=<SECRETVALUE>
> realm=<OURFQDN.com>
> min-port=49152
> max-port=65535
> no-stun
>
>
>
> - - >Tomcat
>
> Rest is same as in vanilla OM binary
>
>
>
> <Server port="8005" shutdown="SHUTDOWN">
>
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>
> maxThreads="150" SSLEnabled="true" >
>
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> />
>
> <SSLHostConfig>
> <Certificate
> certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
>
> certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
> </SSLHostConfig>
> </Connector>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
>
> [snipped]
>
>
>
>
>
> - - >applicationContext.xml
>
> Rest is same as in vanilla OM binary
>
> p:turnUrl="<External_IP>:5349" (We
> have tried both 3478 and 5349)
>
> p:turnUser=""
>
> p:turnSecret="<SECRETVALUE>"
>
>
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, November 25, 2019 10:23 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Unfortunately I don't get your last email :(
>
>
>
> You can
>
> 1) serve HTTPS by OM
>
> OR
>
> 2) serve HTTPS by reverse proxy
>
> NOT both
>
>
>
> what is your configuration?
>
>
>
> On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM...@coscend.com> wrote:
> <blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in
> 0in 0in 6.0pt;margin-left:4.8pt;marg
>
>
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Alvaro <zu...@gmail.com>.
Coscend,
The libraries you refer are to compile ffmpeg. The scriptsto compile
it, if you follow the tutorials, are different forCentos 7 or Centos 8.
Also the tutorials are differents for Centos 7 or Centos 8.
Regards
------------------------
El lun, 09-12-2019 a las 16:35 +0530, Coscend@OM escribió:
> Dear Maxim,
>
> >>Does demo-next work for you?
> Thank you for this lead that helped narrow down potential causes of
> our issue.
>
> Demo-next WORKS from within our intranet that is guarded by our
> “strict firewall” as well as from extranet and a combination of
> extra- and intra-net.
>
> This helped conclude our issue to be:
> 1. our AV libraries installation and / or
> 2. CoTURN configuration.
>
> Seeking your and Alvaro’s insight
> --------------------------------------------
> Source: Alvaro’s tutorial.
>
> We do not have these libraries installed: Could this be the cause of
> the issue?
> alsa-lib
> imlib2
> gsm
> vorbis-tools
> libass
> libao
> faac, faad2—perhaps for iPod
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
> www.Coscend.com
> ------------------------------------------------------------------
> Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-
> education, Telepresence Services, on the fly…
> ------------------------------------------------------------------
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at: http://www
> .Coscend.com/Anchor/Common/Terms_and_Conditions.html
>
>
>
> From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> Sent: Monday, December 9, 2019 11:11 AM
> To: Openmeetings user-list <us...@openmeetings.apache.org>; OM.Insight
> s@coscend.com
> Subject: Re: OM5: Reverse Proxy - CoTURN NAT
>
> Does demo-next work for you?
> It sounds really weird m3 is so much worse than m2 ...
>
> On Mon, 9 Dec 2019 at 12:32, Coscend@OM <OM...@coscend.com>
> wrote:
> Dear Maxim,
>
> CoTURN is installed—we included in subject line of the message—and
> passing trickle ICE test for STUN:3478, but not for TURN:3478. Could
> this be an issue?
>
> *5.0.0-M2 IS transmitting video or audio to the other users, but NOT
> at the same time—i.e., transmitting only video or audio at any time.
> Therefore, CoTURN is working and firewall is not blocking.
>
> *5.0.0-M3 (build 2367) is NOT transmitting both video and audio.
>
> No configuration changes except SSL and MariaDB
> (mysql_persistence.xml).
>
> If it is not firewall, CoTURN or OM code logic, is there any other
> area we should look at that we are missing now?
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
> www.Coscend.com
> ------------------------------------------------------------------
> Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-
> education, Telepresence Services, on the fly…
> ------------------------------------------------------------------
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at: http://www
> .Coscend.com/Anchor/Common/Terms_and_Conditions.html
>
> From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> Sent: Monday, December 9, 2019 10:30 AM
> To: Openmeetings user-list <us...@openmeetings.apache.org>; OM.Insight
> s@coscend.com
> Subject: Re: OM5: Reverse Proxy - CoTURN NAT
>
> You don't need to change any logic
> You should install STUN/TURN server
> please search mailing lists `coturn`
>
> On Sun, 8 Dec 2019 at 15:45, Coscend@OM <OM...@coscend.com>
> wrote:
> Further, to clarify,
> 1. The server hosting OM, Kurento and Docker is in the DMZ.
> 2. The client devices are in the one single subnet, connected to
> a switch.
>
> That is, even though the devices are in one subnet, they still
> receive the stream from a different subnet. The stream has to pass
> through a firewall and router to reach the two devices. Only peer-
> to-peer connection is in the same sub-net and does not go through the
> firewall.
>
> So, all these video and audio effects are due to streaming across the
> firewall.
>
> -------------------------
> In sum, we need to change the logic in the following sections of the
> code to get the stream (video and audio) at the same time through the
> firewall to the users. Any insight into this would be appreciated.
>
> om-web/…raw-video.js:
> getVideoStream: https://github.com/apache/openmeetings/blob/master/op
> enmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-
> video.js#L57
>
> om-web/…raw-video-manager.js:
> onBroadcast: https://github.com/apache/openmeetings/blob/master/open
> meetings-web/src/main/java/org/apache/openmeetings/web/room/raw-
> video-manager.js#L27
>
> activityAllowed, activityToggle, hasActivity, Client set(Activity a),
> Client toggle(Activity a)
> om-core/…StreamProcessor.java: https://github.com/apache/openmeetings
> /blob/master/openmeetings-
> core/src/main/java/org/apache/openmeetings/core/remote/StreamProcesso
> r.java#L211
>
> om-core/…KurentoHandler.java: https://github.com/apache/openmeetings/
> blob/master/openmeetings-
> core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler
> .java#L243
>
> om-db/…Client.java: https://github.com/apache/openmeetings/blob/maste
> r/openmeetings-
> db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#
> L175
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
> www.Coscend.com
> ------------------------------------------------------------------
> Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-
> education, Telepresence Services, on the fly…
> ------------------------------------------------------------------
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at: http://www
> .Coscend.com/Anchor/Common/Terms_and_Conditions.html
>
>
>
> From: Coscend@OM [mailto:OM.Insights@Coscend.com]
> Sent: Sunday, December 8, 2019 4:23 AM
> To: 'Openmeetings user-list' <us...@openmeetings.apache.org>
> Subject: RE: OM5: Reverse Proxy - CoTURN NAT
>
> Dear Maxim,
>
> We tested both:
> 5.0.0-M2 (BEFORE issues 2101 and 2132 were fixed) and
> 5.0.0-M3 (AFTER issues were fixed)
> https://issues.apache.org/jira/browse/OPENMEETINGS-2101
> https://issues.apache.org/jira/browse/OPENMEETINGS-2132
> Setup: CentOS 8 + Coturn + Kurento via Docker-CE-3:19.03.5-3
> -----------
> M2:
> Intranet (no router / firewall)
> Either audio or video are transmitting individually.
> The users can either see OR hear each other. But the users cannot do
> both at the same time.
> But when both video and audio are turned on, both video and audio
> disappears on users’ own as well as other users’ screen. Only a
> green boundary highlighter appeared when someone spoke.
>
> Extranet (with firewall and router): Same result. This means
> firewall and router ports are open and transmission is enabled.
>
> M3:
> Intranet (no router / firewall)
> Both audio and video are NOT transmitting.
> Each user can see itself on its own screen. They cannot see other
> users on their screen. They cannot hear other users.
>
> Extranet (with firewall and router): Same result.
>
> ---------
> Another issue: Start Recording Test: This does not stop.
> ---------
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
> www.Coscend.com
> ------------------------------------------------------------------
> Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-
> education, Telepresence Services, on the fly…
> ------------------------------------------------------------------
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at: http://www
> .Coscend.com/Anchor/Common/Terms_and_Conditions.html
>
>
>
>
>
> From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> Sent: Wednesday, December 4, 2019 10:40 AM
> To: Openmeetings user-list <us...@openmeetings.apache.org>; OM.Insight
> s@coscend.com
> Subject: Re: OM5: Reverse Proxy - CoTURN NAT
>
> This might be one of
> https://issues.apache.org/jira/browse/OPENMEETINGS-2101
> https://issues.apache.org/jira/browse/OPENMEETINGS-2132
>
> On Wed, 4 Dec 2019 at 04:43, Coscend@OM <OM...@coscend.com>
> wrote:
> Dear Maxim,
>
> All stable releases:
> Kurento: Installed using docker command. How do we find its
> version?
> OM 5.0.0-M2
> Docker-CE-3:19.03.5-3
> CentOS 8
> MariadB 10.3.18
>
> Steps used:
> Intranet: Two devices connected via a switch. No router. (Extranet
> gives same result with the same steps.)
> Hardware Firewall ports open: Tomcat 443, 49152-63555, Coturn 3478,
> 8888
>
> Start coturn
> Start Docker
> Start Kurento: docker run -d --name kms -p 8888:8888 --mount
> type=bind,source= …,target=…
> Start MariaDB
> Start Tomcat (SSL)
> Install OM – 5.0.0-M2 successful.
> Create a user.
>
> OM Admin / Moderator enters Presentation room.
> User enters room.
> Moderator allows user all moderation rights.
> Moderator turns on video.
> User turns on video.
> ---- > both can see each other.
> Both turn off videos.
> Moderator turns on audio.
> User turns on audio.
> ------ > Both can hear each other.
> Both turn off audio.
>
> -------------ISSUE STARTS BELOW.
> ISSUE 1---
> Moderator turns on video.
> User turns on video.
> --- > Both can see each other.
> Moderator turns on audio.
> --- > Moderator can see himself. User video turns off on
> moderator screen. User can see his video on his own screen.
> ---- > Both cannot hear each other.
> Moderator turns off audio.
> --- > Moderator can see himself. User video still off on his
> screen. User can see his video on his own screen.
> Moderator turns off video.
> User turns off video.
> --------------REPEAT THE ABOVE ISSUE
> ISSUE 2---
> …Repeat steps in ISSUE 1 with roles in reversed order (User going
> first and moderator following it). Same result.
> User turns on video.
> Moderator turns on video.
> --- > Both can see each other.
>
> --------------REPEAT ISSUE 1 and ISSUE 2
> Moderator starts with audio.
> User turns on audio.
> --- > both can hear each other
> Moderator turns on video.
> --- > Moderator can see the green bar rising for audio. User can
> see the green boundary of moderator video frame glowing. Both cannot
> hear each other.
> --- > Both cannot see each other.
> --------------REPEAT THE ABOVE ISSUE with roles in reversed order.
> …Repeat steps with roles in reversed order (User going first and
> moderator following it). Same result.
> User starts with audio.
>
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
> www.Coscend.com
> ------------------------------------------------------------------
> Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-
> education, Telepresence Services, on the fly…
> ------------------------------------------------------------------
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at: http://www
> .Coscend.com/Anchor/Common/Terms_and_Conditions.html
>
>
>
> From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> Sent: Tuesday, December 3, 2019 12:40 PM
> To: Openmeetings user-list <us...@openmeetings.apache.org>
> Cc: Coscend@OM <OM...@coscend.com>
> Subject: Re: OM5: Reverse Proxy - CoTURN NAT
>
> Please provide
>
> 1) OM version you are using
> 2) KMS version you are using
> 3) What are the steps to reproduce the issue
>
> Thanks in advance
>
>
> On Tue, 3 Dec 2019 at 05:58, Daniel Baker <info@collisiondetection.bi
> z> wrote:
> Can you try for testing purposes on a real server. Help to
> eliminate possibilities.
> On 12/3/2019 1:44 AM, Coscend@OM wrote:
> Dear Daniel,
>
> Thank you for the pointer. Unfortunately, our servers are
> enterprise-grade (meaning prohibitively expensive) and hence, need to
> have VMs to be cost-effective.
>
>
> Dear Maxim,
>
> After over 50 tests with different configurations of coturn and
> firewall ports, we are now able to stream in intranet as well as
> extranet:
> Videos of all participants
> Audio of all participants
>
> The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE
> SAME TIME.
> We would appreciate any insight the solution.
>
> ----
> Possible cause
> Firewall ports (both hardware and software) are not blocking because
> the users can:
> 1. See either video or audio at any time, but not both
> concurrently.
> 2. Giving the same result in the following use cases:
> both intranet (two devices connected to one switch, and no router
> between the devices) and
> extranet (router+firewall).
>
> We are attempting to refine the logic of methods, variables and their
> values stored in and retrieved from OM database:
> activityAllowed, activityToggle, hasActivity, Client set(Activity a),
> Client toggle(Activity a)
>
> om-core: https://github.com/apache/openmeetings/blob/master/openmeeti
> ngs-
> core/src/main/java/org/apache/openmeetings/core/remote/StreamProcesso
> r.java#L211
>
> om-core: https://github.com/apache/openmeetings/blob/master/openmeeti
> ngs-
> core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler
> .java#L243
>
> om-db: https://github.com/apache/openmeetings/blob/master/openmeeting
> s-
> db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#
> L175
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
> www.Coscend.com
> ------------------------------------------------------------------
> Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-
> education, Telepresence Services, on the fly…
> ------------------------------------------------------------------
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at: http://www
> .Coscend.com/Anchor/Common/Terms_and_Conditions.html
>
>
>
>
> From: Daniel Baker [mailto:info@collisiondetection.biz]
> Sent: Saturday, November 30, 2019 1:28 PM
> To: OM.Insights@Coscend.com; user@openmeetings.apache.org
> Subject: Re: OM5: Reverse Proxy - CoTURN NAT
>
> Went to a real server ( laptop , ubuntu ) . No VM.
> On 11/30/2019 2:06 PM, Coscend@OM wrote:
> Hello Daniel,
>
> Thank you for highlighting one of the possibilities. What was the
> solution you implemented in your case? How did it go?
>
> Perhaps we can learn from your use case and implement it in our
> context.
>
> Sincerely,
>
> Hemant K. Sabat
> www.Coscend.com
> ------------------------------------------------------------------
> Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-
> education, Telepresence Services, on the fly…
> ------------------------------------------------------------------
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at: http://www
> .Coscend.com/Anchor/Common/Terms_and_Conditions.html
>
>
> From: Daniel Baker [mailto:info@collisiondetection.biz]
> Sent: Friday, November 29, 2019 3:14 AM
> To: user@openmeetings.apache.org; Maxim Solodovnik <solomax666@gmail.
> com>; OM.Insights@coscend.com
> Subject: Re: OM5: Reverse Proxy - CoTURN NAT
>
> I had a similar issue but put it down to it being in a VM
> (virtualbox)
> On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
> This "We can see our own video/audio. We are not getting the video
> and audio of other users"
> most probably mean audio/video is NOT working on your server
>
> I would:
> 1) check if audio/video works on localhost
> (I'm using FF + Chrome in the same room to check video is
> transferred)
> 2+) add network levels one by one and check if video is being
> transferred
>
> config looks good, but there are lots of options ....
>
> On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM...@coscend.com>
> wrote:
> Dear Maxim and Rene,
>
> We are serving HTTPS by Tomcat9/OM5 binary. We can see our own
> video/audio. We are not getting the video and audio of other
> users.
> Below is our config. Perhaps you could suggest what we are missing.
>
> -----------------------------------------------
>
> Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for
> Coturn. 443 for Tomcat
>
> - - >Coturn config:
> Listening port=3478
> Tls-listening-port=5439
> listening-ip=<Local IP of server hosting coturn>
> relay-ip=<Local IP of server hosting Tomcat>
> external-ip=<Public IP>/<Local IP of server hosting coturn>
>
> verbose
> fingerprint
> lt-cred-match
> use-auth-secret
> static-auth-secret=<SECRETVALUE>
> realm=<OURFQDN.com>
> min-port=49152
> max-port=65535
> no-stun
>
> - - >Tomcat
> Rest is same as in vanilla OM binary
>
> <Server port="8005" shutdown="SHUTDOWN">
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
> maxThreads="150" SSLEnabled="true" >
> <UpgradeProtocol
> className="org.apache.coyote.http2.Http2Protocol" />
> <SSLHostConfig>
> <Certificate
> certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
>
> certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
> </SSLHostConfig>
> </Connector>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
> [snipped]
>
>
> - - >applicationContext.xml
> Rest is same as in vanilla OM binary
> p:turnUrl="<External_IP>:5349"
> (We have tried both 3478 and 5349)
> p:turnUser=""
> p:turnSecret="<SECRETVALUE>"
>
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
> www.Coscend.com
> ------------------------------------------------------------------
> Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-
> education, Telepresence Services, on the fly…
> ------------------------------------------------------------------
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at: http://www
> .Coscend.com/Anchor/Common/Terms_and_Conditions.html
>
>
> From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> Sent: Monday, November 25, 2019 10:23 AM
> To: Openmeetings user-list <us...@openmeetings.apache.org>; OM.Insight
> s@coscend.com
> Subject: Re: OM5: Reverse Proxy - CoTURN NAT
>
> Unfortunately I don't get your last email :(
>
> You can
> 1) serve HTTPS by OM
> OR
> 2) serve HTTPS by reverse proxy
> NOT both
>
> what is your configuration?
>
> On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM...@coscend.com>
> wrote:
> Hello Maxim,
>
> Are serving HTTPS pages from Tomcat? That is, certificates are input
> in server.xml including port 5443.
>
>
> Hello Rene,
>
> Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535
> for Coturn.
>
> Sincerely,
>
> Hemant K. Sabat
> www.Coscend.com
> ------------------------------------------------------------------
> Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-
> education, Telepresence Services, on the fly…
> ------------------------------------------------------------------
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at: http://www
> .Coscend.com/Anchor/Common/Terms_and_Conditions.html
>
>
>
>
> From: Maxim Solodovnik [mailto:solomax666@gmail.com]
> Sent: Thursday, November 21, 2019 1:17 PM
> To: Openmeetings user-list <us...@openmeetings.apache.org>
> Subject: Re: OM5: Reverse Proxy - CoTURN NAT
>
> As far as I understand OM is available at 443 (via reverse proxy)
>
> Any errors in browser console?
>
> On Wed, 20 Nov 2019 at 01:21, R. Scholz <rene.scholz@abakus-edv-syste
> ms.de> wrote:
> Hello Hemant,
>
> - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535
> Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range
> is for Coturn, I think.
>
> Best regrads,
>
> René
> Am 19.11.2019 um 18:15 schrieb Coscend@OM:
> Correction in setup:
>
> External client- - > Public IP
>
> - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535
>
> - - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS
> LetsEncrypt):
> Working configuration from OM-408
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: ht
> tps://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren
> %C3%A9+Scholz%22+turn+server+problem
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall
> and ImageMagick guidance
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in
> CentOS 7/8
>
>
> From: Coscend@OM [mailto:OM.Insights@Coscend.com]
> Sent: Tuesday, November 19, 2019 10:40 PM
> To: 'Openmeetings user-list' <us...@openmeetings.apache.org>
> Subject: OM5: Reverse Proxy - CoTURN NAT
>
> Dear OM Community,
>
> Could you guide us on this problem: video not appearing in our OM5
> installation?
>
> Even in the intranet / LAN,
> · We cannot see others’ video.
> · we can see own video (self).
> Same result in WAN via NAT, reverse proxy.
>
> --------------
> Here is our setup:
>
> Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
> Working configuration from OM-408
>
> - - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: ht
> tps://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren
> %C3%A9+Scholz%22+turn+server+problem
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall
> and ImageMagick guidance
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in
> CentOS 7/8
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
> www.Coscend.com
> ------------------------------------------------------------------
> Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-
> education, Telepresence Services, on the fly…
> ------------------------------------------------------------------
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at: http://www
> .Coscend.com/Anchor/Common/Terms_and_Conditions.html
>
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
>
> --
> WBR
> Maxim aka solomax
RE: OM5: Reverse Proxy - CoTURN NAT
Posted by "Coscend@OM" <OM...@Coscend.com>.
Dear Maxim,
>>Does demo-next work for you?
Thank you for this lead that helped narrow down potential causes of our issue.
Demo-next WORKS from within our intranet that is guarded by our “strict firewall” as well as from extranet and a combination of extra- and intra-net.
This helped conclude our issue to be:
1. our AV libraries installation and / or
2. CoTURN configuration.
Seeking your and Alvaro’s insight
--------------------------------------------
Source: Alvaro’s tutorial.
We do not have these libraries installed: Could this be the cause of the issue?
alsa-lib
imlib2
gsm
vorbis-tools
libass
libao
faac, faad2—perhaps for iPod
Thank you.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Monday, December 9, 2019 11:11 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>; OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Does demo-next work for you?
It sounds really weird m3 is so much worse than m2 ...
On Mon, 9 Dec 2019 at 12:32, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim,
CoTURN is installed—we included in subject line of the message—and passing trickle ICE test for STUN:3478, but not for TURN:3478. Could this be an issue?
*5.0.0-M2 IS transmitting video or audio to the other users, but NOT at the same time—i.e., transmitting only video or audio at any time. Therefore, CoTURN is working and firewall is not blocking.
*5.0.0-M3 (build 2367) is NOT transmitting both video and audio.
No configuration changes except SSL and MariaDB (mysql_persistence.xml).
If it is not firewall, CoTURN or OM code logic, is there any other area we should look at that we are missing now?
Thank you.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com <ma...@gmail.com> ]
Sent: Monday, December 9, 2019 10:30 AM
To: Openmeetings user-list <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >; OM.Insights@coscend.com <ma...@coscend.com>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
You don't need to change any logic
You should install STUN/TURN server
please search mailing lists `coturn`
On Sun, 8 Dec 2019 at 15:45, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Further, to clarify,
1. The server hosting OM, Kurento and Docker is in the DMZ.
2. The client devices are in the one single subnet, connected to a switch.
That is, even though the devices are in one subnet, they still receive the stream from a different subnet. The stream has to pass through a firewall and router to reach the two devices. Only peer-to-peer connection is in the same sub-net and does not go through the firewall.
So, all these video and audio effects are due to streaming across the firewall.
-------------------------
In sum, we need to change the logic in the following sections of the code to get the stream (video and audio) at the same time through the firewall to the users. Any insight into this would be appreciated.
om-web/…raw-video.js:
getVideoStream: <https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js#L57> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js#L57
om-web/…raw-video-manager.js:
onBroadcast: <https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video-manager.js#L27> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video-manager.js#L27
activityAllowed, activityToggle, hasActivity, Client set(Activity a), Client toggle(Activity a)
om-core/…StreamProcessor.java: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
om-core/…KurentoHandler.java: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
om-db/…Client.java: <https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Coscend@OM [mailto:OM.Insights@Coscend.com <ma...@Coscend.com> ]
Sent: Sunday, December 8, 2019 4:23 AM
To: 'Openmeetings user-list' <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >
Subject: RE: OM5: Reverse Proxy - CoTURN NAT
Dear Maxim,
We tested both:
5.0.0-M2 (BEFORE issues 2101 and 2132 were fixed) and
5.0.0-M3 (AFTER issues were fixed)
https://issues.apache.org/jira/browse/OPENMEETINGS-2101
https://issues.apache.org/jira/browse/OPENMEETINGS-2132
Setup: CentOS 8 + Coturn + Kurento via Docker-CE-3:19.03.5-3
-----------
M2:
Intranet (no router / firewall)
Either audio or video are transmitting individually.
The users can either see OR hear each other. But the users cannot do both at the same time.
But when both video and audio are turned on, both video and audio disappears on users’ own as well as other users’ screen. Only a green boundary highlighter appeared when someone spoke.
Extranet (with firewall and router): Same result. This means firewall and router ports are open and transmission is enabled.
M3:
Intranet (no router / firewall)
Both audio and video are NOT transmitting.
Each user can see itself on its own screen. They cannot see other users on their screen. They cannot hear other users.
Extranet (with firewall and router): Same result.
---------
Another issue: Start Recording Test: This does not stop.
---------
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Wednesday, December 4, 2019 10:40 AM
To: Openmeetings user-list <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >; OM.Insights@coscend.com <ma...@coscend.com>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
This might be one of
https://issues.apache.org/jira/browse/OPENMEETINGS-2101
https://issues.apache.org/jira/browse/OPENMEETINGS-2132
On Wed, 4 Dec 2019 at 04:43, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim,
All stable releases:
Kurento: Installed using docker command. How do we find its version?
OM 5.0.0-M2
Docker-CE-3:19.03.5-3
CentOS 8
MariadB 10.3.18
Steps used:
Intranet: Two devices connected via a switch. No router. (Extranet gives same result with the same steps.)
Hardware Firewall ports open: Tomcat 443, 49152-63555, Coturn 3478, 8888
Start coturn
Start Docker
Start Kurento: docker run -d --name kms -p 8888:8888 --mount type=bind,source= …,target=…
Start MariaDB
Start Tomcat (SSL)
Install OM – 5.0.0-M2 successful.
Create a user.
OM Admin / Moderator enters Presentation room.
User enters room.
Moderator allows user all moderation rights.
Moderator turns on video.
User turns on video.
---- > both can see each other.
Both turn off videos.
Moderator turns on audio.
User turns on audio.
------ > Both can hear each other.
Both turn off audio.
-------------ISSUE STARTS BELOW.
ISSUE 1---
Moderator turns on video.
User turns on video.
--- > Both can see each other.
Moderator turns on audio.
--- > Moderator can see himself. User video turns off on moderator screen. User can see his video on his own screen.
---- > Both cannot hear each other.
Moderator turns off audio.
--- > Moderator can see himself. User video still off on his screen. User can see his video on his own screen.
Moderator turns off video.
User turns off video.
--------------REPEAT THE ABOVE ISSUE
ISSUE 2---
…Repeat steps in ISSUE 1 with roles in reversed order (User going first and moderator following it). Same result.
User turns on video.
Moderator turns on video.
--- > Both can see each other.
--------------REPEAT ISSUE 1 and ISSUE 2
Moderator starts with audio.
User turns on audio.
--- > both can hear each other
Moderator turns on video.
--- > Moderator can see the green bar rising for audio. User can see the green boundary of moderator video frame glowing. Both cannot hear each other.
--- > Both cannot see each other.
--------------REPEAT THE ABOVE ISSUE with roles in reversed order.
…Repeat steps with roles in reversed order (User going first and moderator following it). Same result.
User starts with audio.
Thank you.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com <ma...@gmail.com> ]
Sent: Tuesday, December 3, 2019 12:40 PM
To: Openmeetings user-list <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >
Cc: Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> >
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Please provide
1) OM version you are using
2) KMS version you are using
3) What are the steps to reproduce the issue
Thanks in advance
On Tue, 3 Dec 2019 at 05:58, Daniel Baker <info@collisiondetection.biz <ma...@collisiondetection.biz> > wrote:
Can you try for testing purposes on a real server. Help to eliminate possibilities.
On 12/3/2019 1:44 AM, Coscend@OM wrote:
Dear Daniel,
Thank you for the pointer. Unfortunately, our servers are enterprise-grade (meaning prohibitively expensive) and hence, need to have VMs to be cost-effective.
Dear Maxim,
After over 50 tests with different configurations of coturn and firewall ports, we are now able to stream in intranet as well as extranet:
Videos of all participants
Audio of all participants
The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME TIME.
We would appreciate any insight the solution.
----
Possible cause
Firewall ports (both hardware and software) are not blocking because the users can:
1. See either video or audio at any time, but not both concurrently.
2. Giving the same result in the following use cases:
both intranet (two devices connected to one switch, and no router between the devices) and
extranet (router+firewall).
We are attempting to refine the logic of methods, variables and their values stored in and retrieved from OM database:
activityAllowed, activityToggle, hasActivity, Client set(Activity a), Client toggle(Activity a)
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
om-db: <https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [mailto:info@collisiondetection.biz]
Sent: Saturday, November 30, 2019 1:28 PM
To: OM.Insights@Coscend.com <ma...@Coscend.com> ; user@openmeetings.apache.org <ma...@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Went to a real server ( laptop , ubuntu ) . No VM.
On 11/30/2019 2:06 PM, Coscend@OM wrote:
Hello Daniel,
Thank you for highlighting one of the possibilities. What was the solution you implemented in your case? How did it go?
Perhaps we can learn from your use case and implement it in our context.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [ <ma...@collisiondetection.biz> mailto:info@collisiondetection.biz]
Sent: Friday, November 29, 2019 3:14 AM
To: <ma...@openmeetings.apache.org> user@openmeetings.apache.org; Maxim Solodovnik <ma...@gmail.com> <so...@gmail.com>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
I had a similar issue but put it down to it being in a VM (virtualbox)
On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
This "We can see our own video/audio. We are not getting the video and audio of other users"
most probably mean audio/video is NOT working on your server
I would:
1) check if audio/video works on localhost
(I'm using FF + Chrome in the same room to check video is transferred)
2+) add network levels one by one and check if video is being transferred
config looks good, but there are lots of options ....
On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim and Rene,
We are serving HTTPS by Tomcat9/OM5 binary. We can see our own video/audio. We are not getting the video and audio of other users.
Below is our config. Perhaps you could suggest what we are missing.
-----------------------------------------------
Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn. 443 for Tomcat
- - >Coturn config:
Listening port=3478
Tls-listening-port=5439
listening-ip=<Local IP of server hosting coturn>
relay-ip=<Local IP of server hosting Tomcat>
external-ip=<Public IP>/<Local IP of server hosting coturn>
verbose
fingerprint
lt-cred-match
use-auth-secret
static-auth-secret=<SECRETVALUE>
realm=<OURFQDN.com>
min-port=49152
max-port=65535
no-stun
- - >Tomcat
Rest is same as in vanilla OM binary
<Server port="8005" shutdown="SHUTDOWN">
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
[snipped]
- - >applicationContext.xml
Rest is same as in vanilla OM binary
p:turnUrl="<External_IP>:5349" (We have tried both 3478 and 5349)
p:turnUser=""
p:turnSecret="<SECRETVALUE>"
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Monday, November 25, 2019 10:23 AM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Unfortunately I don't get your last email :(
You can
1) serve HTTPS by OM
OR
2) serve HTTPS by reverse proxy
NOT both
what is your configuration?
On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Hello Maxim,
Are serving HTTPS pages from Tomcat? That is, certificates are input in server.xml including port 5443.
Hello Rene,
Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for Coturn.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Thursday, November 21, 2019 1:17 PM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
As far as I understand OM is available at 443 (via reverse proxy)
Any errors in browser console?
On Wed, 20 Nov 2019 at 01:21, R. Scholz <rene.scholz@abakus-edv-systems.de <ma...@abakus-edv-systems.de> > wrote:
Hello Hemant,
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is for Coturn, I think.
Best regrads,
René
Am 19.11.2019 um 18:15 schrieb Coscend@OM:
Correction in setup:
External client- - > Public IP
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
From: Coscend@OM [mailto:OM.Insights@Coscend.com]
Sent: Tuesday, November 19, 2019 10:40 PM
To: 'Openmeetings user-list' <ma...@openmeetings.apache.org> <us...@openmeetings.apache.org>
Subject: OM5: Reverse Proxy - CoTURN NAT
Dear OM Community,
Could you guide us on this problem: video not appearing in our OM5 installation?
Even in the intranet / LAN,
· We cannot see others’ video.
· we can see own video (self).
Same result in WAN via NAT, reverse proxy.
--------------
Here is our setup:
Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Maxim Solodovnik <so...@gmail.com>.
Does demo-next work for you?
It sounds really weird m3 is so much worse than m2 ...
On Mon, 9 Dec 2019 at 12:32, Coscend@OM <OM...@coscend.com> wrote:
> Dear Maxim,
>
>
>
> CoTURN is installed—we included in subject line of the message—and passing
> trickle ICE test for STUN:3478, but not for TURN:3478. Could this be an
> issue?
>
>
>
> *5.0.0-M2 IS transmitting video or audio to the other users, but NOT at
> the same time—i.e., transmitting only video or audio at any time.
> Therefore, CoTURN is working and firewall is not blocking.
>
>
>
> *5.0.0-M3 (build 2367) is NOT transmitting both video and audio.
>
>
>
> No configuration changes except SSL and MariaDB (mysql_persistence.xml).
>
>
>
> If it is not firewall, CoTURN or OM code logic, is there any other area we
> should look at that we are missing now?
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, December 9, 2019 10:30 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> You don't need to change any logic
>
> You should install STUN/TURN server
>
> please search mailing lists `coturn`
>
>
>
> On Sun, 8 Dec 2019 at 15:45, Coscend@OM <OM...@coscend.com> wrote:
>
> Further, to clarify,
>
> 1. The server hosting OM, Kurento and Docker is in the DMZ.
>
> 2. The client devices are in the one single subnet, connected to a
> switch.
>
>
>
> That is, even though the devices are in one subnet, they still receive the
> stream from a different subnet. The stream has to pass through a firewall
> and router to reach the two devices. Only peer-to-peer connection is in
> the same sub-net and does not go through the firewall.
>
>
>
> So, all these video and audio effects are due to streaming across the
> firewall.
>
>
>
> -------------------------
>
> In sum, we need to change the logic in the following sections of the code
> to get the stream (video and audio) at the same time through the firewall
> to the users. Any insight into this would be appreciated.
>
>
>
> om-web/…raw-video.js:
>
> getVideoStream:
> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js#L57
>
>
>
> om-web/…raw-video-manager.js:
>
> onBroadcast:
> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video-manager.js#L27
>
>
>
> activityAllowed, activityToggle, hasActivity, Client set(Activity a),
> Client toggle(Activity a)
>
> om-core/…StreamProcessor.java:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
>
>
>
> om-core/…KurentoHandler.java:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
>
>
>
> om-db/…Client.java:
> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com]
> *Sent:* Sunday, December 8, 2019 4:23 AM
> *To:* 'Openmeetings user-list' <us...@openmeetings.apache.org>
> *Subject:* RE: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Dear Maxim,
>
>
>
> We tested both:
>
> 5.0.0-M2 (BEFORE issues 2101 and 2132 were fixed) and
>
> 5.0.0-M3 (AFTER issues were fixed)
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2101
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2132
>
> Setup: CentOS 8 + Coturn + Kurento via Docker-CE-3:19.03.5-3
>
> -----------
>
> M2:
>
> Intranet (no router / firewall)
>
> Either audio or video are transmitting individually.
>
> The users can either see OR hear each other. But the users cannot do both
> at the same time.
>
> But when both video and audio are turned on, both video and audio
> disappears on users’ own as well as other users’ screen. Only a green
> boundary highlighter appeared when someone spoke.
>
>
>
> Extranet (with firewall and router): Same result. This means firewall
> and router ports are open and transmission is enabled.
>
>
>
> M3:
>
> Intranet (no router / firewall)
>
> Both audio and video are NOT transmitting.
>
> Each user can see itself on its own screen. They cannot see other users
> on their screen. They cannot hear other users.
>
>
>
> Extranet (with firewall and router): Same result.
>
>
>
> ---------
>
> Another issue: Start Recording Test: This does not stop.
>
> ---------
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com
> <so...@gmail.com>]
> *Sent:* Wednesday, December 4, 2019 10:40 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> This might be one of
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2101
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2132
>
>
>
> On Wed, 4 Dec 2019 at 04:43, Coscend@OM <OM...@coscend.com> wrote:
>
> Dear Maxim,
>
>
>
> All stable releases:
>
> Kurento: Installed using docker command. How do we find its version?
>
> OM 5.0.0-M2
>
> Docker-CE-3:19.03.5-3
>
> CentOS 8
>
> MariadB 10.3.18
>
>
>
> Steps used:
>
> Intranet: Two devices connected via a switch. No router. (Extranet
> gives same result with the same steps.)
>
> Hardware Firewall ports open: Tomcat 443, 49152-63555, Coturn 3478, 8888
>
>
>
> Start coturn
>
> Start Docker
>
> Start Kurento: docker run -d --name kms -p 8888:8888 --mount
> type=bind,source= …,target=…
>
> Start MariaDB
>
> Start Tomcat (SSL)
>
> Install OM – 5.0.0-M2 successful.
>
> Create a user.
>
>
>
> OM Admin / Moderator enters Presentation room.
>
> User enters room.
>
> Moderator allows user all moderation rights.
>
> Moderator turns on video.
>
> User turns on video.
>
> ---- > both can see each other.
>
> Both turn off videos.
>
> Moderator turns on audio.
>
> User turns on audio.
>
> ------ > Both can hear each other.
>
> Both turn off audio.
>
>
>
> -------------ISSUE STARTS BELOW.
>
> ISSUE 1---
>
> Moderator turns on video.
>
> User turns on video.
>
> --- > Both can see each other.
>
> Moderator turns on audio.
>
> --- > Moderator can see himself. User video turns off on moderator
> screen. User can see his video on his own screen.
>
> ---- > Both cannot hear each other.
>
> Moderator turns off audio.
>
> --- > Moderator can see himself. User video still off on his screen.
> User can see his video on his own screen.
>
> Moderator turns off video.
>
> User turns off video.
>
> --------------REPEAT THE ABOVE ISSUE
>
> ISSUE 2---
>
> …Repeat steps in ISSUE 1 with roles in reversed order (User going first
> and moderator following it). Same result.
>
> User turns on video.
>
> Moderator turns on video.
>
> --- > Both can see each other.
>
>
>
> --------------REPEAT ISSUE 1 and ISSUE 2
>
> Moderator starts with audio.
>
> User turns on audio.
>
> --- > both can hear each other
>
> Moderator turns on video.
>
> --- > Moderator can see the green bar rising for audio. User can see
> the green boundary of moderator video frame glowing. Both cannot hear each
> other.
>
> --- > Both cannot see each other.
>
> --------------REPEAT THE ABOVE ISSUE with roles in reversed order.
>
> …Repeat steps with roles in reversed order (User going first and moderator
> following it). Same result.
>
> User starts with audio.
>
>
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Tuesday, December 3, 2019 12:40 PM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Cc:* Coscend@OM <OM...@coscend.com>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Please provide
>
>
>
> 1) OM version you are using
>
> 2) KMS version you are using
>
> 3) What are the steps to reproduce the issue
>
>
>
> Thanks in advance
>
>
>
>
>
> On Tue, 3 Dec 2019 at 05:58, Daniel Baker <in...@collisiondetection.biz>
> wrote:
>
> Can you try for testing purposes on a real server. Help to eliminate
> possibilities.
>
> On 12/3/2019 1:44 AM, Coscend@OM wrote:
>
> Dear Daniel,
>
>
>
> Thank you for the pointer. Unfortunately, our servers are
> enterprise-grade (meaning prohibitively expensive) and hence, need to have
> VMs to be cost-effective.
>
>
>
>
>
> Dear Maxim,
>
>
>
> After over 50 tests with different configurations of coturn and firewall
> ports, we are now able to stream in intranet as well as extranet:
>
> Videos of all participants
>
> Audio of all participants
>
>
>
> The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME
> TIME.
>
> We would appreciate any insight the solution.
>
>
>
> ----
>
> Possible cause
>
> Firewall ports (both hardware and software) are not blocking because the
> users can:
>
> 1. See either video or audio at any time, but not both concurrently.
>
> 2. Giving the same result in the following use cases:
>
> both intranet (two devices connected to one switch, and no router between
> the devices) and
>
> extranet (router+firewall).
>
>
>
> We are attempting to refine the logic of methods, variables and their
> values stored in and retrieved from OM database:
>
> activityAllowed, activityToggle, hasActivity, Client set(Activity a),
> Client toggle(Activity a)
>
>
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
>
>
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
>
>
>
> om-db:
> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
> *From:* Daniel Baker [mailto:info@collisiondetection.biz
> <in...@collisiondetection.biz>]
> *Sent:* Saturday, November 30, 2019 1:28 PM
> *To:* OM.Insights@Coscend.com; user@openmeetings.apache.org
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Went to a real server ( laptop , ubuntu ) . No VM.
>
> On 11/30/2019 2:06 PM, Coscend@OM wrote:
>
> Hello Daniel,
>
>
>
> Thank you for highlighting one of the possibilities. What was the
> solution you implemented in your case? How did it go?
>
>
>
> Perhaps we can learn from your use case and implement it in our context.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
> *From:* Daniel Baker [mailto:info@collisiondetection.biz
> <in...@collisiondetection.biz>]
> *Sent:* Friday, November 29, 2019 3:14 AM
> *To:* user@openmeetings.apache.org; Maxim Solodovnik
> <so...@gmail.com> <so...@gmail.com>; OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> I had a similar issue but put it down to it being in a VM (virtualbox)
>
> On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
>
> This "We can see our own video/audio. We are not getting the video and
> audio of other users"
>
> most probably mean audio/video is NOT working on your server
>
>
>
> I would:
>
> 1) check if audio/video works on localhost
>
> (I'm using FF + Chrome in the same room to check video is transferred)
>
> 2+) add network levels one by one and check if video is being transferred
>
>
>
> config looks good, but there are lots of options ....
>
>
>
> On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM...@coscend.com> wrote:
>
> Dear Maxim and Rene,
>
>
>
> We are serving HTTPS by Tomcat9/OM5 binary. We can see our own
> video/audio. We are not getting the video and audio of other users.
>
> Below is our config. Perhaps you could suggest what we are missing.
>
>
>
> -----------------------------------------------
>
>
>
> Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn.
> 443 for Tomcat
>
>
>
> - - >Coturn config:
>
> Listening port=3478
>
> Tls-listening-port=5439
>
> listening-ip=<Local IP of server hosting coturn>
>
> relay-ip=<Local IP of server hosting Tomcat>
>
> external-ip=<Public IP>/<Local IP of server hosting coturn>
>
>
>
> verbose
> fingerprint
> lt-cred-match
>
> use-auth-secret
> static-auth-secret=<SECRETVALUE>
> realm=<OURFQDN.com>
> min-port=49152
> max-port=65535
> no-stun
>
>
>
> - - >Tomcat
>
> Rest is same as in vanilla OM binary
>
>
>
> <Server port="8005" shutdown="SHUTDOWN">
>
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>
> maxThreads="150" SSLEnabled="true" >
>
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> />
>
> <SSLHostConfig>
> <Certificate
> certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
>
> certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
> </SSLHostConfig>
> </Connector>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
>
> [snipped]
>
>
>
>
>
> - - >applicationContext.xml
>
> Rest is same as in vanilla OM binary
>
> p:turnUrl="<External_IP>:5349" (We
> have tried both 3478 and 5349)
>
> p:turnUser=""
>
> p:turnSecret="<SECRETVALUE>"
>
>
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, November 25, 2019 10:23 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Unfortunately I don't get your last email :(
>
>
>
> You can
>
> 1) serve HTTPS by OM
>
> OR
>
> 2) serve HTTPS by reverse proxy
>
> NOT both
>
>
>
> what is your configuration?
>
>
>
> On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM...@coscend.com> wrote:
>
> Hello Maxim,
>
>
>
> Are serving HTTPS pages from Tomcat? That is, certificates are input in
> server.xml including port 5443.
>
>
>
>
>
> Hello Rene,
>
>
>
> Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for
> Coturn.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Thursday, November 21, 2019 1:17 PM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> As far as I understand OM is available at 443 (via reverse proxy)
>
>
>
> Any errors in browser console?
>
>
>
> On Wed, 20 Nov 2019 at 01:21, R. Scholz <re...@abakus-edv-systems.de>
> wrote:
>
> Hello Hemant,
>
> *- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535*
> Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is
> for Coturn, I think.
>
> Best regrads,
>
> René
>
> Am 19.11.2019 um 18:15 schrieb Coscend@OM:
>
> Correction in setup:
>
>
>
> External client- - > Public IP
>
>
>
> - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535
>
>
>
> - - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
>
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com
> <OM...@Coscend.com>]
> *Sent:* Tuesday, November 19, 2019 10:40 PM
> *To:* 'Openmeetings user-list' <us...@openmeetings.apache.org>
> <us...@openmeetings.apache.org>
> *Subject:* OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Dear OM Community,
>
>
>
> Could you guide us on this problem: video not appearing in our OM5
> installation?
>
>
>
> Even in the intranet / LAN,
>
> · We cannot see others’ video.
>
> · we can see own video (self).
>
> Same result in WAN via NAT, reverse proxy.
>
>
>
> --------------
>
> Here is our setup:
>
>
>
> Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
RE: OM5: Reverse Proxy - CoTURN NAT
Posted by "Coscend@OM" <OM...@Coscend.com>.
Dear Maxim,
CoTURN is installed—we included in subject line of the message—and passing trickle ICE test for STUN:3478, but not for TURN:3478. Could this be an issue?
*5.0.0-M2 IS transmitting video or audio to the other users, but NOT at the same time—i.e., transmitting only video or audio at any time. Therefore, CoTURN is working and firewall is not blocking.
*5.0.0-M3 (build 2367) is NOT transmitting both video and audio.
No configuration changes except SSL and MariaDB (mysql_persistence.xml).
If it is not firewall, CoTURN or OM code logic, is there any other area we should look at that we are missing now?
Thank you.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Monday, December 9, 2019 10:30 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>; OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
You don't need to change any logic
You should install STUN/TURN server
please search mailing lists `coturn`
On Sun, 8 Dec 2019 at 15:45, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Further, to clarify,
1. The server hosting OM, Kurento and Docker is in the DMZ.
2. The client devices are in the one single subnet, connected to a switch.
That is, even though the devices are in one subnet, they still receive the stream from a different subnet. The stream has to pass through a firewall and router to reach the two devices. Only peer-to-peer connection is in the same sub-net and does not go through the firewall.
So, all these video and audio effects are due to streaming across the firewall.
-------------------------
In sum, we need to change the logic in the following sections of the code to get the stream (video and audio) at the same time through the firewall to the users. Any insight into this would be appreciated.
om-web/…raw-video.js:
getVideoStream: <https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js#L57> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js#L57
om-web/…raw-video-manager.js:
onBroadcast: <https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video-manager.js#L27> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video-manager.js#L27
activityAllowed, activityToggle, hasActivity, Client set(Activity a), Client toggle(Activity a)
om-core/…StreamProcessor.java: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
om-core/…KurentoHandler.java: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
om-db/…Client.java: <https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Coscend@OM [mailto:OM.Insights@Coscend.com <ma...@Coscend.com> ]
Sent: Sunday, December 8, 2019 4:23 AM
To: 'Openmeetings user-list' <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >
Subject: RE: OM5: Reverse Proxy - CoTURN NAT
Dear Maxim,
We tested both:
5.0.0-M2 (BEFORE issues 2101 and 2132 were fixed) and
5.0.0-M3 (AFTER issues were fixed)
https://issues.apache.org/jira/browse/OPENMEETINGS-2101
https://issues.apache.org/jira/browse/OPENMEETINGS-2132
Setup: CentOS 8 + Coturn + Kurento via Docker-CE-3:19.03.5-3
-----------
M2:
Intranet (no router / firewall)
Either audio or video are transmitting individually.
The users can either see OR hear each other. But the users cannot do both at the same time.
But when both video and audio are turned on, both video and audio disappears on users’ own as well as other users’ screen. Only a green boundary highlighter appeared when someone spoke.
Extranet (with firewall and router): Same result. This means firewall and router ports are open and transmission is enabled.
M3:
Intranet (no router / firewall)
Both audio and video are NOT transmitting.
Each user can see itself on its own screen. They cannot see other users on their screen. They cannot hear other users.
Extranet (with firewall and router): Same result.
---------
Another issue: Start Recording Test: This does not stop.
---------
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Wednesday, December 4, 2019 10:40 AM
To: Openmeetings user-list <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >; OM.Insights@coscend.com <ma...@coscend.com>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
This might be one of
https://issues.apache.org/jira/browse/OPENMEETINGS-2101
https://issues.apache.org/jira/browse/OPENMEETINGS-2132
On Wed, 4 Dec 2019 at 04:43, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim,
All stable releases:
Kurento: Installed using docker command. How do we find its version?
OM 5.0.0-M2
Docker-CE-3:19.03.5-3
CentOS 8
MariadB 10.3.18
Steps used:
Intranet: Two devices connected via a switch. No router. (Extranet gives same result with the same steps.)
Hardware Firewall ports open: Tomcat 443, 49152-63555, Coturn 3478, 8888
Start coturn
Start Docker
Start Kurento: docker run -d --name kms -p 8888:8888 --mount type=bind,source= …,target=…
Start MariaDB
Start Tomcat (SSL)
Install OM – 5.0.0-M2 successful.
Create a user.
OM Admin / Moderator enters Presentation room.
User enters room.
Moderator allows user all moderation rights.
Moderator turns on video.
User turns on video.
---- > both can see each other.
Both turn off videos.
Moderator turns on audio.
User turns on audio.
------ > Both can hear each other.
Both turn off audio.
-------------ISSUE STARTS BELOW.
ISSUE 1---
Moderator turns on video.
User turns on video.
--- > Both can see each other.
Moderator turns on audio.
--- > Moderator can see himself. User video turns off on moderator screen. User can see his video on his own screen.
---- > Both cannot hear each other.
Moderator turns off audio.
--- > Moderator can see himself. User video still off on his screen. User can see his video on his own screen.
Moderator turns off video.
User turns off video.
--------------REPEAT THE ABOVE ISSUE
ISSUE 2---
…Repeat steps in ISSUE 1 with roles in reversed order (User going first and moderator following it). Same result.
User turns on video.
Moderator turns on video.
--- > Both can see each other.
--------------REPEAT ISSUE 1 and ISSUE 2
Moderator starts with audio.
User turns on audio.
--- > both can hear each other
Moderator turns on video.
--- > Moderator can see the green bar rising for audio. User can see the green boundary of moderator video frame glowing. Both cannot hear each other.
--- > Both cannot see each other.
--------------REPEAT THE ABOVE ISSUE with roles in reversed order.
…Repeat steps with roles in reversed order (User going first and moderator following it). Same result.
User starts with audio.
Thank you.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com <ma...@gmail.com> ]
Sent: Tuesday, December 3, 2019 12:40 PM
To: Openmeetings user-list <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >
Cc: Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> >
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Please provide
1) OM version you are using
2) KMS version you are using
3) What are the steps to reproduce the issue
Thanks in advance
On Tue, 3 Dec 2019 at 05:58, Daniel Baker <info@collisiondetection.biz <ma...@collisiondetection.biz> > wrote:
Can you try for testing purposes on a real server. Help to eliminate possibilities.
On 12/3/2019 1:44 AM, Coscend@OM wrote:
Dear Daniel,
Thank you for the pointer. Unfortunately, our servers are enterprise-grade (meaning prohibitively expensive) and hence, need to have VMs to be cost-effective.
Dear Maxim,
After over 50 tests with different configurations of coturn and firewall ports, we are now able to stream in intranet as well as extranet:
Videos of all participants
Audio of all participants
The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME TIME.
We would appreciate any insight the solution.
----
Possible cause
Firewall ports (both hardware and software) are not blocking because the users can:
1. See either video or audio at any time, but not both concurrently.
2. Giving the same result in the following use cases:
both intranet (two devices connected to one switch, and no router between the devices) and
extranet (router+firewall).
We are attempting to refine the logic of methods, variables and their values stored in and retrieved from OM database:
activityAllowed, activityToggle, hasActivity, Client set(Activity a), Client toggle(Activity a)
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
om-db: <https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [mailto:info@collisiondetection.biz]
Sent: Saturday, November 30, 2019 1:28 PM
To: OM.Insights@Coscend.com <ma...@Coscend.com> ; user@openmeetings.apache.org <ma...@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Went to a real server ( laptop , ubuntu ) . No VM.
On 11/30/2019 2:06 PM, Coscend@OM wrote:
Hello Daniel,
Thank you for highlighting one of the possibilities. What was the solution you implemented in your case? How did it go?
Perhaps we can learn from your use case and implement it in our context.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [ <ma...@collisiondetection.biz> mailto:info@collisiondetection.biz]
Sent: Friday, November 29, 2019 3:14 AM
To: <ma...@openmeetings.apache.org> user@openmeetings.apache.org; Maxim Solodovnik <ma...@gmail.com> <so...@gmail.com>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
I had a similar issue but put it down to it being in a VM (virtualbox)
On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
This "We can see our own video/audio. We are not getting the video and audio of other users"
most probably mean audio/video is NOT working on your server
I would:
1) check if audio/video works on localhost
(I'm using FF + Chrome in the same room to check video is transferred)
2+) add network levels one by one and check if video is being transferred
config looks good, but there are lots of options ....
On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim and Rene,
We are serving HTTPS by Tomcat9/OM5 binary. We can see our own video/audio. We are not getting the video and audio of other users.
Below is our config. Perhaps you could suggest what we are missing.
-----------------------------------------------
Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn. 443 for Tomcat
- - >Coturn config:
Listening port=3478
Tls-listening-port=5439
listening-ip=<Local IP of server hosting coturn>
relay-ip=<Local IP of server hosting Tomcat>
external-ip=<Public IP>/<Local IP of server hosting coturn>
verbose
fingerprint
lt-cred-match
use-auth-secret
static-auth-secret=<SECRETVALUE>
realm=<OURFQDN.com>
min-port=49152
max-port=65535
no-stun
- - >Tomcat
Rest is same as in vanilla OM binary
<Server port="8005" shutdown="SHUTDOWN">
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
[snipped]
- - >applicationContext.xml
Rest is same as in vanilla OM binary
p:turnUrl="<External_IP>:5349" (We have tried both 3478 and 5349)
p:turnUser=""
p:turnSecret="<SECRETVALUE>"
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Monday, November 25, 2019 10:23 AM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Unfortunately I don't get your last email :(
You can
1) serve HTTPS by OM
OR
2) serve HTTPS by reverse proxy
NOT both
what is your configuration?
On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Hello Maxim,
Are serving HTTPS pages from Tomcat? That is, certificates are input in server.xml including port 5443.
Hello Rene,
Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for Coturn.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Thursday, November 21, 2019 1:17 PM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
As far as I understand OM is available at 443 (via reverse proxy)
Any errors in browser console?
On Wed, 20 Nov 2019 at 01:21, R. Scholz <rene.scholz@abakus-edv-systems.de <ma...@abakus-edv-systems.de> > wrote:
Hello Hemant,
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is for Coturn, I think.
Best regrads,
René
Am 19.11.2019 um 18:15 schrieb Coscend@OM:
Correction in setup:
External client- - > Public IP
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
From: Coscend@OM [mailto:OM.Insights@Coscend.com]
Sent: Tuesday, November 19, 2019 10:40 PM
To: 'Openmeetings user-list' <ma...@openmeetings.apache.org> <us...@openmeetings.apache.org>
Subject: OM5: Reverse Proxy - CoTURN NAT
Dear OM Community,
Could you guide us on this problem: video not appearing in our OM5 installation?
Even in the intranet / LAN,
· We cannot see others’ video.
· we can see own video (self).
Same result in WAN via NAT, reverse proxy.
--------------
Here is our setup:
Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Maxim Solodovnik <so...@gmail.com>.
You don't need to change any logic
You should install STUN/TURN server
please search mailing lists `coturn`
On Sun, 8 Dec 2019 at 15:45, Coscend@OM <OM...@coscend.com> wrote:
> Further, to clarify,
>
> 1. The server hosting OM, Kurento and Docker is in the DMZ.
>
> 2. The client devices are in the one single subnet, connected to a
> switch.
>
>
>
> That is, even though the devices are in one subnet, they still receive the
> stream from a different subnet. The stream has to pass through a firewall
> and router to reach the two devices. Only peer-to-peer connection is in
> the same sub-net and does not go through the firewall.
>
>
>
> So, all these video and audio effects are due to streaming across the
> firewall.
>
>
>
> -------------------------
>
> In sum, we need to change the logic in the following sections of the code
> to get the stream (video and audio) at the same time through the firewall
> to the users. Any insight into this would be appreciated.
>
>
>
> om-web/…raw-video.js:
>
> getVideoStream:
> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js#L57
>
>
>
> om-web/…raw-video-manager.js:
>
> onBroadcast:
> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video-manager.js#L27
>
>
>
> activityAllowed, activityToggle, hasActivity, Client set(Activity a),
> Client toggle(Activity a)
>
> om-core/…StreamProcessor.java:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
>
>
>
> om-core/…KurentoHandler.java:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
>
>
>
> om-db/…Client.java:
> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com]
> *Sent:* Sunday, December 8, 2019 4:23 AM
> *To:* 'Openmeetings user-list' <us...@openmeetings.apache.org>
> *Subject:* RE: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Dear Maxim,
>
>
>
> We tested both:
>
> 5.0.0-M2 (BEFORE issues 2101 and 2132 were fixed) and
>
> 5.0.0-M3 (AFTER issues were fixed)
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2101
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2132
>
> Setup: CentOS 8 + Coturn + Kurento via Docker-CE-3:19.03.5-3
>
> -----------
>
> M2:
>
> Intranet (no router / firewall)
>
> Either audio or video are transmitting individually.
>
> The users can either see OR hear each other. But the users cannot do both
> at the same time.
>
> But when both video and audio are turned on, both video and audio
> disappears on users’ own as well as other users’ screen. Only a green
> boundary highlighter appeared when someone spoke.
>
>
>
> Extranet (with firewall and router): Same result. This means firewall
> and router ports are open and transmission is enabled.
>
>
>
> M3:
>
> Intranet (no router / firewall)
>
> Both audio and video are NOT transmitting.
>
> Each user can see itself on its own screen. They cannot see other users
> on their screen. They cannot hear other users.
>
>
>
> Extranet (with firewall and router): Same result.
>
>
>
> ---------
>
> Another issue: Start Recording Test: This does not stop.
>
> ---------
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com
> <so...@gmail.com>]
> *Sent:* Wednesday, December 4, 2019 10:40 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> This might be one of
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2101
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2132
>
>
>
> On Wed, 4 Dec 2019 at 04:43, Coscend@OM <OM...@coscend.com> wrote:
>
> Dear Maxim,
>
>
>
> All stable releases:
>
> Kurento: Installed using docker command. How do we find its version?
>
> OM 5.0.0-M2
>
> Docker-CE-3:19.03.5-3
>
> CentOS 8
>
> MariadB 10.3.18
>
>
>
> Steps used:
>
> Intranet: Two devices connected via a switch. No router. (Extranet
> gives same result with the same steps.)
>
> Hardware Firewall ports open: Tomcat 443, 49152-63555, Coturn 3478, 8888
>
>
>
> Start coturn
>
> Start Docker
>
> Start Kurento: docker run -d --name kms -p 8888:8888 --mount
> type=bind,source= …,target=…
>
> Start MariaDB
>
> Start Tomcat (SSL)
>
> Install OM – 5.0.0-M2 successful.
>
> Create a user.
>
>
>
> OM Admin / Moderator enters Presentation room.
>
> User enters room.
>
> Moderator allows user all moderation rights.
>
> Moderator turns on video.
>
> User turns on video.
>
> ---- > both can see each other.
>
> Both turn off videos.
>
> Moderator turns on audio.
>
> User turns on audio.
>
> ------ > Both can hear each other.
>
> Both turn off audio.
>
>
>
> -------------ISSUE STARTS BELOW.
>
> ISSUE 1---
>
> Moderator turns on video.
>
> User turns on video.
>
> --- > Both can see each other.
>
> Moderator turns on audio.
>
> --- > Moderator can see himself. User video turns off on moderator
> screen. User can see his video on his own screen.
>
> ---- > Both cannot hear each other.
>
> Moderator turns off audio.
>
> --- > Moderator can see himself. User video still off on his screen.
> User can see his video on his own screen.
>
> Moderator turns off video.
>
> User turns off video.
>
> --------------REPEAT THE ABOVE ISSUE
>
> ISSUE 2---
>
> …Repeat steps in ISSUE 1 with roles in reversed order (User going first
> and moderator following it). Same result.
>
> User turns on video.
>
> Moderator turns on video.
>
> --- > Both can see each other.
>
>
>
> --------------REPEAT ISSUE 1 and ISSUE 2
>
> Moderator starts with audio.
>
> User turns on audio.
>
> --- > both can hear each other
>
> Moderator turns on video.
>
> --- > Moderator can see the green bar rising for audio. User can see
> the green boundary of moderator video frame glowing. Both cannot hear each
> other.
>
> --- > Both cannot see each other.
>
> --------------REPEAT THE ABOVE ISSUE with roles in reversed order.
>
> …Repeat steps with roles in reversed order (User going first and moderator
> following it). Same result.
>
> User starts with audio.
>
>
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Tuesday, December 3, 2019 12:40 PM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Cc:* Coscend@OM <OM...@coscend.com>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Please provide
>
>
>
> 1) OM version you are using
>
> 2) KMS version you are using
>
> 3) What are the steps to reproduce the issue
>
>
>
> Thanks in advance
>
>
>
>
>
> On Tue, 3 Dec 2019 at 05:58, Daniel Baker <in...@collisiondetection.biz>
> wrote:
>
> Can you try for testing purposes on a real server. Help to eliminate
> possibilities.
>
> On 12/3/2019 1:44 AM, Coscend@OM wrote:
>
> Dear Daniel,
>
>
>
> Thank you for the pointer. Unfortunately, our servers are
> enterprise-grade (meaning prohibitively expensive) and hence, need to have
> VMs to be cost-effective.
>
>
>
>
>
> Dear Maxim,
>
>
>
> After over 50 tests with different configurations of coturn and firewall
> ports, we are now able to stream in intranet as well as extranet:
>
> Videos of all participants
>
> Audio of all participants
>
>
>
> The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME
> TIME.
>
> We would appreciate any insight the solution.
>
>
>
> ----
>
> Possible cause
>
> Firewall ports (both hardware and software) are not blocking because the
> users can:
>
> 1. See either video or audio at any time, but not both concurrently.
>
> 2. Giving the same result in the following use cases:
>
> both intranet (two devices connected to one switch, and no router between
> the devices) and
>
> extranet (router+firewall).
>
>
>
> We are attempting to refine the logic of methods, variables and their
> values stored in and retrieved from OM database:
>
> activityAllowed, activityToggle, hasActivity, Client set(Activity a),
> Client toggle(Activity a)
>
>
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
>
>
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
>
>
>
> om-db:
> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
> *From:* Daniel Baker [mailto:info@collisiondetection.biz
> <in...@collisiondetection.biz>]
> *Sent:* Saturday, November 30, 2019 1:28 PM
> *To:* OM.Insights@Coscend.com; user@openmeetings.apache.org
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Went to a real server ( laptop , ubuntu ) . No VM.
>
> On 11/30/2019 2:06 PM, Coscend@OM wrote:
>
> Hello Daniel,
>
>
>
> Thank you for highlighting one of the possibilities. What was the
> solution you implemented in your case? How did it go?
>
>
>
> Perhaps we can learn from your use case and implement it in our context.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
> *From:* Daniel Baker [mailto:info@collisiondetection.biz
> <in...@collisiondetection.biz>]
> *Sent:* Friday, November 29, 2019 3:14 AM
> *To:* user@openmeetings.apache.org; Maxim Solodovnik
> <so...@gmail.com> <so...@gmail.com>; OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> I had a similar issue but put it down to it being in a VM (virtualbox)
>
> On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
>
> This "We can see our own video/audio. We are not getting the video and
> audio of other users"
>
> most probably mean audio/video is NOT working on your server
>
>
>
> I would:
>
> 1) check if audio/video works on localhost
>
> (I'm using FF + Chrome in the same room to check video is transferred)
>
> 2+) add network levels one by one and check if video is being transferred
>
>
>
> config looks good, but there are lots of options ....
>
>
>
> On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM...@coscend.com> wrote:
>
> Dear Maxim and Rene,
>
>
>
> We are serving HTTPS by Tomcat9/OM5 binary. We can see our own
> video/audio. We are not getting the video and audio of other users.
>
> Below is our config. Perhaps you could suggest what we are missing.
>
>
>
> -----------------------------------------------
>
>
>
> Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn.
> 443 for Tomcat
>
>
>
> - - >Coturn config:
>
> Listening port=3478
>
> Tls-listening-port=5439
>
> listening-ip=<Local IP of server hosting coturn>
>
> relay-ip=<Local IP of server hosting Tomcat>
>
> external-ip=<Public IP>/<Local IP of server hosting coturn>
>
>
>
> verbose
> fingerprint
> lt-cred-match
>
> use-auth-secret
> static-auth-secret=<SECRETVALUE>
> realm=<OURFQDN.com>
> min-port=49152
> max-port=65535
> no-stun
>
>
>
> - - >Tomcat
>
> Rest is same as in vanilla OM binary
>
>
>
> <Server port="8005" shutdown="SHUTDOWN">
>
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>
> maxThreads="150" SSLEnabled="true" >
>
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> />
>
> <SSLHostConfig>
> <Certificate
> certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
>
> certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
> </SSLHostConfig>
> </Connector>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
>
> [snipped]
>
>
>
>
>
> - - >applicationContext.xml
>
> Rest is same as in vanilla OM binary
>
> p:turnUrl="<External_IP>:5349" (We
> have tried both 3478 and 5349)
>
> p:turnUser=""
>
> p:turnSecret="<SECRETVALUE>"
>
>
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, November 25, 2019 10:23 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Unfortunately I don't get your last email :(
>
>
>
> You can
>
> 1) serve HTTPS by OM
>
> OR
>
> 2) serve HTTPS by reverse proxy
>
> NOT both
>
>
>
> what is your configuration?
>
>
>
> On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM...@coscend.com> wrote:
>
> Hello Maxim,
>
>
>
> Are serving HTTPS pages from Tomcat? That is, certificates are input in
> server.xml including port 5443.
>
>
>
>
>
> Hello Rene,
>
>
>
> Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for
> Coturn.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Thursday, November 21, 2019 1:17 PM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> As far as I understand OM is available at 443 (via reverse proxy)
>
>
>
> Any errors in browser console?
>
>
>
> On Wed, 20 Nov 2019 at 01:21, R. Scholz <re...@abakus-edv-systems.de>
> wrote:
>
> Hello Hemant,
>
> *- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535*
> Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is
> for Coturn, I think.
>
> Best regrads,
>
> René
>
> Am 19.11.2019 um 18:15 schrieb Coscend@OM:
>
> Correction in setup:
>
>
>
> External client- - > Public IP
>
>
>
> - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535
>
>
>
> - - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
>
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com
> <OM...@Coscend.com>]
> *Sent:* Tuesday, November 19, 2019 10:40 PM
> *To:* 'Openmeetings user-list' <us...@openmeetings.apache.org>
> <us...@openmeetings.apache.org>
> *Subject:* OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Dear OM Community,
>
>
>
> Could you guide us on this problem: video not appearing in our OM5
> installation?
>
>
>
> Even in the intranet / LAN,
>
> · We cannot see others’ video.
>
> · we can see own video (self).
>
> Same result in WAN via NAT, reverse proxy.
>
>
>
> --------------
>
> Here is our setup:
>
>
>
> Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
RE: OM5: Reverse Proxy - CoTURN NAT
Posted by "Coscend@OM" <OM...@Coscend.com>.
Further, to clarify,
1. The server hosting OM, Kurento and Docker is in the DMZ.
2. The client devices are in the one single subnet, connected to a switch.
That is, even though the devices are in one subnet, they still receive the stream from a different subnet. The stream has to pass through a firewall and router to reach the two devices. Only peer-to-peer connection is in the same sub-net and does not go through the firewall.
So, all these video and audio effects are due to streaming across the firewall.
-------------------------
In sum, we need to change the logic in the following sections of the code to get the stream (video and audio) at the same time through the firewall to the users. Any insight into this would be appreciated.
om-web/…raw-video.js:
getVideoStream: <https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js#L57> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video.js#L57
om-web/…raw-video-manager.js:
onBroadcast: <https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video-manager.js#L27> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/raw-video-manager.js#L27
activityAllowed, activityToggle, hasActivity, Client set(Activity a), Client toggle(Activity a)
om-core/…StreamProcessor.java: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
om-core/…KurentoHandler.java: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
om-db/…Client.java: <https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Coscend@OM [mailto:OM.Insights@Coscend.com]
Sent: Sunday, December 8, 2019 4:23 AM
To: 'Openmeetings user-list' <us...@openmeetings.apache.org>
Subject: RE: OM5: Reverse Proxy - CoTURN NAT
Dear Maxim,
We tested both:
5.0.0-M2 (BEFORE issues 2101 and 2132 were fixed) and
5.0.0-M3 (AFTER issues were fixed)
https://issues.apache.org/jira/browse/OPENMEETINGS-2101
https://issues.apache.org/jira/browse/OPENMEETINGS-2132
Setup: CentOS 8 + Coturn + Kurento via Docker-CE-3:19.03.5-3
-----------
M2:
Intranet (no router / firewall)
Either audio or video are transmitting individually.
The users can either see OR hear each other. But the users cannot do both at the same time.
But when both video and audio are turned on, both video and audio disappears on users’ own as well as other users’ screen. Only a green boundary highlighter appeared when someone spoke.
Extranet (with firewall and router): Same result. This means firewall and router ports are open and transmission is enabled.
M3:
Intranet (no router / firewall)
Both audio and video are NOT transmitting.
Each user can see itself on its own screen. They cannot see other users on their screen. They cannot hear other users.
Extranet (with firewall and router): Same result.
---------
Another issue: Start Recording Test: This does not stop.
---------
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Wednesday, December 4, 2019 10:40 AM
To: Openmeetings user-list <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >; OM.Insights@coscend.com <ma...@coscend.com>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
This might be one of
https://issues.apache.org/jira/browse/OPENMEETINGS-2101
https://issues.apache.org/jira/browse/OPENMEETINGS-2132
On Wed, 4 Dec 2019 at 04:43, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim,
All stable releases:
Kurento: Installed using docker command. How do we find its version?
OM 5.0.0-M2
Docker-CE-3:19.03.5-3
CentOS 8
MariadB 10.3.18
Steps used:
Intranet: Two devices connected via a switch. No router. (Extranet gives same result with the same steps.)
Hardware Firewall ports open: Tomcat 443, 49152-63555, Coturn 3478, 8888
Start coturn
Start Docker
Start Kurento: docker run -d --name kms -p 8888:8888 --mount type=bind,source= …,target=…
Start MariaDB
Start Tomcat (SSL)
Install OM – 5.0.0-M2 successful.
Create a user.
OM Admin / Moderator enters Presentation room.
User enters room.
Moderator allows user all moderation rights.
Moderator turns on video.
User turns on video.
---- > both can see each other.
Both turn off videos.
Moderator turns on audio.
User turns on audio.
------ > Both can hear each other.
Both turn off audio.
-------------ISSUE STARTS BELOW.
ISSUE 1---
Moderator turns on video.
User turns on video.
--- > Both can see each other.
Moderator turns on audio.
--- > Moderator can see himself. User video turns off on moderator screen. User can see his video on his own screen.
---- > Both cannot hear each other.
Moderator turns off audio.
--- > Moderator can see himself. User video still off on his screen. User can see his video on his own screen.
Moderator turns off video.
User turns off video.
--------------REPEAT THE ABOVE ISSUE
ISSUE 2---
…Repeat steps in ISSUE 1 with roles in reversed order (User going first and moderator following it). Same result.
User turns on video.
Moderator turns on video.
--- > Both can see each other.
--------------REPEAT ISSUE 1 and ISSUE 2
Moderator starts with audio.
User turns on audio.
--- > both can hear each other
Moderator turns on video.
--- > Moderator can see the green bar rising for audio. User can see the green boundary of moderator video frame glowing. Both cannot hear each other.
--- > Both cannot see each other.
--------------REPEAT THE ABOVE ISSUE with roles in reversed order.
…Repeat steps with roles in reversed order (User going first and moderator following it). Same result.
User starts with audio.
Thank you.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com <ma...@gmail.com> ]
Sent: Tuesday, December 3, 2019 12:40 PM
To: Openmeetings user-list <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >
Cc: Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> >
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Please provide
1) OM version you are using
2) KMS version you are using
3) What are the steps to reproduce the issue
Thanks in advance
On Tue, 3 Dec 2019 at 05:58, Daniel Baker <info@collisiondetection.biz <ma...@collisiondetection.biz> > wrote:
Can you try for testing purposes on a real server. Help to eliminate possibilities.
On 12/3/2019 1:44 AM, Coscend@OM wrote:
Dear Daniel,
Thank you for the pointer. Unfortunately, our servers are enterprise-grade (meaning prohibitively expensive) and hence, need to have VMs to be cost-effective.
Dear Maxim,
After over 50 tests with different configurations of coturn and firewall ports, we are now able to stream in intranet as well as extranet:
Videos of all participants
Audio of all participants
The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME TIME.
We would appreciate any insight the solution.
----
Possible cause
Firewall ports (both hardware and software) are not blocking because the users can:
1. See either video or audio at any time, but not both concurrently.
2. Giving the same result in the following use cases:
both intranet (two devices connected to one switch, and no router between the devices) and
extranet (router+firewall).
We are attempting to refine the logic of methods, variables and their values stored in and retrieved from OM database:
activityAllowed, activityToggle, hasActivity, Client set(Activity a), Client toggle(Activity a)
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
om-db: <https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [mailto:info@collisiondetection.biz]
Sent: Saturday, November 30, 2019 1:28 PM
To: OM.Insights@Coscend.com <ma...@Coscend.com> ; user@openmeetings.apache.org <ma...@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Went to a real server ( laptop , ubuntu ) . No VM.
On 11/30/2019 2:06 PM, Coscend@OM wrote:
Hello Daniel,
Thank you for highlighting one of the possibilities. What was the solution you implemented in your case? How did it go?
Perhaps we can learn from your use case and implement it in our context.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [ <ma...@collisiondetection.biz> mailto:info@collisiondetection.biz]
Sent: Friday, November 29, 2019 3:14 AM
To: <ma...@openmeetings.apache.org> user@openmeetings.apache.org; Maxim Solodovnik <ma...@gmail.com> <so...@gmail.com>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
I had a similar issue but put it down to it being in a VM (virtualbox)
On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
This "We can see our own video/audio. We are not getting the video and audio of other users"
most probably mean audio/video is NOT working on your server
I would:
1) check if audio/video works on localhost
(I'm using FF + Chrome in the same room to check video is transferred)
2+) add network levels one by one and check if video is being transferred
config looks good, but there are lots of options ....
On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim and Rene,
We are serving HTTPS by Tomcat9/OM5 binary. We can see our own video/audio. We are not getting the video and audio of other users.
Below is our config. Perhaps you could suggest what we are missing.
-----------------------------------------------
Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn. 443 for Tomcat
- - >Coturn config:
Listening port=3478
Tls-listening-port=5439
listening-ip=<Local IP of server hosting coturn>
relay-ip=<Local IP of server hosting Tomcat>
external-ip=<Public IP>/<Local IP of server hosting coturn>
verbose
fingerprint
lt-cred-match
use-auth-secret
static-auth-secret=<SECRETVALUE>
realm=<OURFQDN.com>
min-port=49152
max-port=65535
no-stun
- - >Tomcat
Rest is same as in vanilla OM binary
<Server port="8005" shutdown="SHUTDOWN">
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
[snipped]
- - >applicationContext.xml
Rest is same as in vanilla OM binary
p:turnUrl="<External_IP>:5349" (We have tried both 3478 and 5349)
p:turnUser=""
p:turnSecret="<SECRETVALUE>"
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Monday, November 25, 2019 10:23 AM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Unfortunately I don't get your last email :(
You can
1) serve HTTPS by OM
OR
2) serve HTTPS by reverse proxy
NOT both
what is your configuration?
On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Hello Maxim,
Are serving HTTPS pages from Tomcat? That is, certificates are input in server.xml including port 5443.
Hello Rene,
Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for Coturn.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Thursday, November 21, 2019 1:17 PM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
As far as I understand OM is available at 443 (via reverse proxy)
Any errors in browser console?
On Wed, 20 Nov 2019 at 01:21, R. Scholz <rene.scholz@abakus-edv-systems.de <ma...@abakus-edv-systems.de> > wrote:
Hello Hemant,
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is for Coturn, I think.
Best regrads,
René
Am 19.11.2019 um 18:15 schrieb Coscend@OM:
Correction in setup:
External client- - > Public IP
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
From: Coscend@OM [mailto:OM.Insights@Coscend.com]
Sent: Tuesday, November 19, 2019 10:40 PM
To: 'Openmeetings user-list' <ma...@openmeetings.apache.org> <us...@openmeetings.apache.org>
Subject: OM5: Reverse Proxy - CoTURN NAT
Dear OM Community,
Could you guide us on this problem: video not appearing in our OM5 installation?
Even in the intranet / LAN,
· We cannot see others’ video.
· we can see own video (self).
Same result in WAN via NAT, reverse proxy.
--------------
Here is our setup:
Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
RE: OM5: Reverse Proxy - CoTURN NAT
Posted by "Coscend@OM" <OM...@Coscend.com>.
Dear Maxim,
We tested both:
5.0.0-M2 (BEFORE issues 2101 and 2132 were fixed) and
5.0.0-M3 (AFTER issues were fixed)
https://issues.apache.org/jira/browse/OPENMEETINGS-2101
https://issues.apache.org/jira/browse/OPENMEETINGS-2132
Setup: CentOS 8 + Coturn + Kurento via Docker-CE-3:19.03.5-3
-----------
M2:
Intranet (no router / firewall)
Either audio or video are transmitting individually.
The users can either see OR hear each other. But the users cannot do both at the same time.
But when both video and audio are turned on, both video and audio disappears on users’ own as well as other users’ screen. Only a green boundary highlighter appeared when someone spoke.
Extranet (with firewall and router): Same result. This means firewall and router ports are open and transmission is enabled.
M3:
Intranet (no router / firewall)
Both audio and video are NOT transmitting.
Each user can see itself on its own screen. They cannot see other users on their screen. They cannot hear other users.
Extranet (with firewall and router): Same result.
---------
Another issue: Start Recording Test: This does not stop.
---------
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Wednesday, December 4, 2019 10:40 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>; OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
This might be one of
https://issues.apache.org/jira/browse/OPENMEETINGS-2101
https://issues.apache.org/jira/browse/OPENMEETINGS-2132
On Wed, 4 Dec 2019 at 04:43, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim,
All stable releases:
Kurento: Installed using docker command. How do we find its version?
OM 5.0.0-M2
Docker-CE-3:19.03.5-3
CentOS 8
MariadB 10.3.18
Steps used:
Intranet: Two devices connected via a switch. No router. (Extranet gives same result with the same steps.)
Hardware Firewall ports open: Tomcat 443, 49152-63555, Coturn 3478, 8888
Start coturn
Start Docker
Start Kurento: docker run -d --name kms -p 8888:8888 --mount type=bind,source= …,target=…
Start MariaDB
Start Tomcat (SSL)
Install OM – 5.0.0-M2 successful.
Create a user.
OM Admin / Moderator enters Presentation room.
User enters room.
Moderator allows user all moderation rights.
Moderator turns on video.
User turns on video.
---- > both can see each other.
Both turn off videos.
Moderator turns on audio.
User turns on audio.
------ > Both can hear each other.
Both turn off audio.
-------------ISSUE STARTS BELOW.
ISSUE 1---
Moderator turns on video.
User turns on video.
--- > Both can see each other.
Moderator turns on audio.
--- > Moderator can see himself. User video turns off on moderator screen. User can see his video on his own screen.
---- > Both cannot hear each other.
Moderator turns off audio.
--- > Moderator can see himself. User video still off on his screen. User can see his video on his own screen.
Moderator turns off video.
User turns off video.
--------------REPEAT THE ABOVE ISSUE
ISSUE 2---
…Repeat steps in ISSUE 1 with roles in reversed order (User going first and moderator following it). Same result.
User turns on video.
Moderator turns on video.
--- > Both can see each other.
--------------REPEAT ISSUE 1 and ISSUE 2
Moderator starts with audio.
User turns on audio.
--- > both can hear each other
Moderator turns on video.
--- > Moderator can see the green bar rising for audio. User can see the green boundary of moderator video frame glowing. Both cannot hear each other.
--- > Both cannot see each other.
--------------REPEAT THE ABOVE ISSUE with roles in reversed order.
…Repeat steps with roles in reversed order (User going first and moderator following it). Same result.
User starts with audio.
Thank you.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com <ma...@gmail.com> ]
Sent: Tuesday, December 3, 2019 12:40 PM
To: Openmeetings user-list <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >
Cc: Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> >
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Please provide
1) OM version you are using
2) KMS version you are using
3) What are the steps to reproduce the issue
Thanks in advance
On Tue, 3 Dec 2019 at 05:58, Daniel Baker <info@collisiondetection.biz <ma...@collisiondetection.biz> > wrote:
Can you try for testing purposes on a real server. Help to eliminate possibilities.
On 12/3/2019 1:44 AM, Coscend@OM wrote:
Dear Daniel,
Thank you for the pointer. Unfortunately, our servers are enterprise-grade (meaning prohibitively expensive) and hence, need to have VMs to be cost-effective.
Dear Maxim,
After over 50 tests with different configurations of coturn and firewall ports, we are now able to stream in intranet as well as extranet:
Videos of all participants
Audio of all participants
The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME TIME.
We would appreciate any insight the solution.
----
Possible cause
Firewall ports (both hardware and software) are not blocking because the users can:
1. See either video or audio at any time, but not both concurrently.
2. Giving the same result in the following use cases:
both intranet (two devices connected to one switch, and no router between the devices) and
extranet (router+firewall).
We are attempting to refine the logic of methods, variables and their values stored in and retrieved from OM database:
activityAllowed, activityToggle, hasActivity, Client set(Activity a), Client toggle(Activity a)
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
om-db: <https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [mailto:info@collisiondetection.biz]
Sent: Saturday, November 30, 2019 1:28 PM
To: OM.Insights@Coscend.com <ma...@Coscend.com> ; user@openmeetings.apache.org <ma...@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Went to a real server ( laptop , ubuntu ) . No VM.
On 11/30/2019 2:06 PM, Coscend@OM wrote:
Hello Daniel,
Thank you for highlighting one of the possibilities. What was the solution you implemented in your case? How did it go?
Perhaps we can learn from your use case and implement it in our context.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [ <ma...@collisiondetection.biz> mailto:info@collisiondetection.biz]
Sent: Friday, November 29, 2019 3:14 AM
To: <ma...@openmeetings.apache.org> user@openmeetings.apache.org; Maxim Solodovnik <ma...@gmail.com> <so...@gmail.com>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
I had a similar issue but put it down to it being in a VM (virtualbox)
On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
This "We can see our own video/audio. We are not getting the video and audio of other users"
most probably mean audio/video is NOT working on your server
I would:
1) check if audio/video works on localhost
(I'm using FF + Chrome in the same room to check video is transferred)
2+) add network levels one by one and check if video is being transferred
config looks good, but there are lots of options ....
On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim and Rene,
We are serving HTTPS by Tomcat9/OM5 binary. We can see our own video/audio. We are not getting the video and audio of other users.
Below is our config. Perhaps you could suggest what we are missing.
-----------------------------------------------
Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn. 443 for Tomcat
- - >Coturn config:
Listening port=3478
Tls-listening-port=5439
listening-ip=<Local IP of server hosting coturn>
relay-ip=<Local IP of server hosting Tomcat>
external-ip=<Public IP>/<Local IP of server hosting coturn>
verbose
fingerprint
lt-cred-match
use-auth-secret
static-auth-secret=<SECRETVALUE>
realm=<OURFQDN.com>
min-port=49152
max-port=65535
no-stun
- - >Tomcat
Rest is same as in vanilla OM binary
<Server port="8005" shutdown="SHUTDOWN">
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
[snipped]
- - >applicationContext.xml
Rest is same as in vanilla OM binary
p:turnUrl="<External_IP>:5349" (We have tried both 3478 and 5349)
p:turnUser=""
p:turnSecret="<SECRETVALUE>"
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Monday, November 25, 2019 10:23 AM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Unfortunately I don't get your last email :(
You can
1) serve HTTPS by OM
OR
2) serve HTTPS by reverse proxy
NOT both
what is your configuration?
On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Hello Maxim,
Are serving HTTPS pages from Tomcat? That is, certificates are input in server.xml including port 5443.
Hello Rene,
Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for Coturn.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Thursday, November 21, 2019 1:17 PM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
As far as I understand OM is available at 443 (via reverse proxy)
Any errors in browser console?
On Wed, 20 Nov 2019 at 01:21, R. Scholz <rene.scholz@abakus-edv-systems.de <ma...@abakus-edv-systems.de> > wrote:
Hello Hemant,
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is for Coturn, I think.
Best regrads,
René
Am 19.11.2019 um 18:15 schrieb Coscend@OM:
Correction in setup:
External client- - > Public IP
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
From: Coscend@OM [mailto:OM.Insights@Coscend.com]
Sent: Tuesday, November 19, 2019 10:40 PM
To: 'Openmeetings user-list' <ma...@openmeetings.apache.org> <us...@openmeetings.apache.org>
Subject: OM5: Reverse Proxy - CoTURN NAT
Dear OM Community,
Could you guide us on this problem: video not appearing in our OM5 installation?
Even in the intranet / LAN,
· We cannot see others’ video.
· we can see own video (self).
Same result in WAN via NAT, reverse proxy.
--------------
Here is our setup:
Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Maxim Solodovnik <so...@gmail.com>.
This might be one of
https://issues.apache.org/jira/browse/OPENMEETINGS-2101
https://issues.apache.org/jira/browse/OPENMEETINGS-2132
On Wed, 4 Dec 2019 at 04:43, Coscend@OM <OM...@coscend.com> wrote:
> Dear Maxim,
>
>
>
> All stable releases:
>
> Kurento: Installed using docker command. How do we find its version?
>
> OM 5.0.0-M2
>
> Docker-CE-3:19.03.5-3
>
> CentOS 8
>
> MariadB 10.3.18
>
>
>
> Steps used:
>
> Intranet: Two devices connected via a switch. No router. (Extranet
> gives same result with the same steps.)
>
> Hardware Firewall ports open: Tomcat 443, 49152-63555, Coturn 3478, 8888
>
>
>
> Start coturn
>
> Start Docker
>
> Start Kurento: docker run -d --name kms -p 8888:8888 --mount
> type=bind,source= …,target=…
>
> Start MariaDB
>
> Start Tomcat (SSL)
>
> Install OM – 5.0.0-M2 successful.
>
> Create a user.
>
>
>
> OM Admin / Moderator enters Presentation room.
>
> User enters room.
>
> Moderator allows user all moderation rights.
>
> Moderator turns on video.
>
> User turns on video.
>
> ---- > both can see each other.
>
> Both turn off videos.
>
> Moderator turns on audio.
>
> User turns on audio.
>
> ------ > Both can hear each other.
>
> Both turn off audio.
>
>
>
> -------------ISSUE STARTS BELOW.
>
> ISSUE 1---
>
> Moderator turns on video.
>
> User turns on video.
>
> --- > Both can see each other.
>
> Moderator turns on audio.
>
> --- > Moderator can see himself. User video turns off on moderator
> screen. User can see his video on his own screen.
>
> ---- > Both cannot hear each other.
>
> Moderator turns off audio.
>
> --- > Moderator can see himself. User video still off on his screen.
> User can see his video on his own screen.
>
> Moderator turns off video.
>
> User turns off video.
>
> --------------REPEAT THE ABOVE ISSUE
>
> ISSUE 2---
>
> …Repeat steps in ISSUE 1 with roles in reversed order (User going first
> and moderator following it). Same result.
>
> User turns on video.
>
> Moderator turns on video.
>
> --- > Both can see each other.
>
>
>
> --------------REPEAT ISSUE 1 and ISSUE 2
>
> Moderator starts with audio.
>
> User turns on audio.
>
> --- > both can hear each other
>
> Moderator turns on video.
>
> --- > Moderator can see the green bar rising for audio. User can see
> the green boundary of moderator video frame glowing. Both cannot hear each
> other.
>
> --- > Both cannot see each other.
>
> --------------REPEAT THE ABOVE ISSUE with roles in reversed order.
>
> …Repeat steps with roles in reversed order (User going first and moderator
> following it). Same result.
>
> User starts with audio.
>
>
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Tuesday, December 3, 2019 12:40 PM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Cc:* Coscend@OM <OM...@coscend.com>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Please provide
>
>
>
> 1) OM version you are using
>
> 2) KMS version you are using
>
> 3) What are the steps to reproduce the issue
>
>
>
> Thanks in advance
>
>
>
>
>
> On Tue, 3 Dec 2019 at 05:58, Daniel Baker <in...@collisiondetection.biz>
> wrote:
>
> Can you try for testing purposes on a real server. Help to eliminate
> possibilities.
>
> On 12/3/2019 1:44 AM, Coscend@OM wrote:
>
> Dear Daniel,
>
>
>
> Thank you for the pointer. Unfortunately, our servers are
> enterprise-grade (meaning prohibitively expensive) and hence, need to have
> VMs to be cost-effective.
>
>
>
>
>
> Dear Maxim,
>
>
>
> After over 50 tests with different configurations of coturn and firewall
> ports, we are now able to stream in intranet as well as extranet:
>
> Videos of all participants
>
> Audio of all participants
>
>
>
> The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME
> TIME.
>
> We would appreciate any insight the solution.
>
>
>
> ----
>
> Possible cause
>
> Firewall ports (both hardware and software) are not blocking because the
> users can:
>
> 1. See either video or audio at any time, but not both concurrently.
>
> 2. Giving the same result in the following use cases:
>
> both intranet (two devices connected to one switch, and no router between
> the devices) and
>
> extranet (router+firewall).
>
>
>
> We are attempting to refine the logic of methods, variables and their
> values stored in and retrieved from OM database:
>
> activityAllowed, activityToggle, hasActivity, Client set(Activity a),
> Client toggle(Activity a)
>
>
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
>
>
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
>
>
>
> om-db:
> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
> *From:* Daniel Baker [mailto:info@collisiondetection.biz
> <in...@collisiondetection.biz>]
> *Sent:* Saturday, November 30, 2019 1:28 PM
> *To:* OM.Insights@Coscend.com; user@openmeetings.apache.org
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Went to a real server ( laptop , ubuntu ) . No VM.
>
> On 11/30/2019 2:06 PM, Coscend@OM wrote:
>
> Hello Daniel,
>
>
>
> Thank you for highlighting one of the possibilities. What was the
> solution you implemented in your case? How did it go?
>
>
>
> Perhaps we can learn from your use case and implement it in our context.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
> *From:* Daniel Baker [mailto:info@collisiondetection.biz
> <in...@collisiondetection.biz>]
> *Sent:* Friday, November 29, 2019 3:14 AM
> *To:* user@openmeetings.apache.org; Maxim Solodovnik
> <so...@gmail.com> <so...@gmail.com>; OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> I had a similar issue but put it down to it being in a VM (virtualbox)
>
> On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
>
> This "We can see our own video/audio. We are not getting the video and
> audio of other users"
>
> most probably mean audio/video is NOT working on your server
>
>
>
> I would:
>
> 1) check if audio/video works on localhost
>
> (I'm using FF + Chrome in the same room to check video is transferred)
>
> 2+) add network levels one by one and check if video is being transferred
>
>
>
> config looks good, but there are lots of options ....
>
>
>
> On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM...@coscend.com> wrote:
>
> Dear Maxim and Rene,
>
>
>
> We are serving HTTPS by Tomcat9/OM5 binary. We can see our own
> video/audio. We are not getting the video and audio of other users.
>
> Below is our config. Perhaps you could suggest what we are missing.
>
>
>
> -----------------------------------------------
>
>
>
> Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn.
> 443 for Tomcat
>
>
>
> - - >Coturn config:
>
> Listening port=3478
>
> Tls-listening-port=5439
>
> listening-ip=<Local IP of server hosting coturn>
>
> relay-ip=<Local IP of server hosting Tomcat>
>
> external-ip=<Public IP>/<Local IP of server hosting coturn>
>
>
>
> verbose
> fingerprint
> lt-cred-match
>
> use-auth-secret
> static-auth-secret=<SECRETVALUE>
> realm=<OURFQDN.com>
> min-port=49152
> max-port=65535
> no-stun
>
>
>
> - - >Tomcat
>
> Rest is same as in vanilla OM binary
>
>
>
> <Server port="8005" shutdown="SHUTDOWN">
>
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>
> maxThreads="150" SSLEnabled="true" >
>
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> />
>
> <SSLHostConfig>
> <Certificate
> certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
>
> certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
> </SSLHostConfig>
> </Connector>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
>
> [snipped]
>
>
>
>
>
> - - >applicationContext.xml
>
> Rest is same as in vanilla OM binary
>
> p:turnUrl="<External_IP>:5349" (We
> have tried both 3478 and 5349)
>
> p:turnUser=""
>
> p:turnSecret="<SECRETVALUE>"
>
>
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, November 25, 2019 10:23 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Unfortunately I don't get your last email :(
>
>
>
> You can
>
> 1) serve HTTPS by OM
>
> OR
>
> 2) serve HTTPS by reverse proxy
>
> NOT both
>
>
>
> what is your configuration?
>
>
>
> On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM...@coscend.com> wrote:
>
> Hello Maxim,
>
>
>
> Are serving HTTPS pages from Tomcat? That is, certificates are input in
> server.xml including port 5443.
>
>
>
>
>
> Hello Rene,
>
>
>
> Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for
> Coturn.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Thursday, November 21, 2019 1:17 PM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> As far as I understand OM is available at 443 (via reverse proxy)
>
>
>
> Any errors in browser console?
>
>
>
> On Wed, 20 Nov 2019 at 01:21, R. Scholz <re...@abakus-edv-systems.de>
> wrote:
>
> Hello Hemant,
>
> *- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535*
> Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is
> for Coturn, I think.
>
> Best regrads,
>
> René
>
> Am 19.11.2019 um 18:15 schrieb Coscend@OM:
>
> Correction in setup:
>
>
>
> External client- - > Public IP
>
>
>
> - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535
>
>
>
> - - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
>
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com
> <OM...@Coscend.com>]
> *Sent:* Tuesday, November 19, 2019 10:40 PM
> *To:* 'Openmeetings user-list' <us...@openmeetings.apache.org>
> <us...@openmeetings.apache.org>
> *Subject:* OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Dear OM Community,
>
>
>
> Could you guide us on this problem: video not appearing in our OM5
> installation?
>
>
>
> Even in the intranet / LAN,
>
> · We cannot see others’ video.
>
> · we can see own video (self).
>
> Same result in WAN via NAT, reverse proxy.
>
>
>
> --------------
>
> Here is our setup:
>
>
>
> Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
RE: OM5: Reverse Proxy - CoTURN NAT
Posted by "Coscend@OM" <OM...@Coscend.com>.
Dear Maxim,
All stable releases:
Kurento: Installed using docker command. How do we find its version?
OM 5.0.0-M2
Docker-CE-3:19.03.5-3
CentOS 8
MariadB 10.3.18
Steps used:
Intranet: Two devices connected via a switch. No router. (Extranet gives same result with the same steps.)
Hardware Firewall ports open: Tomcat 443, 49152-63555, Coturn 3478, 8888
Start coturn
Start Docker
Start Kurento: docker run -d --name kms -p 8888:8888 --mount type=bind,source= …,target=…
Start MariaDB
Start Tomcat (SSL)
Install OM – 5.0.0-M2 successful.
Create a user.
OM Admin / Moderator enters Presentation room.
User enters room.
Moderator allows user all moderation rights.
Moderator turns on video.
User turns on video.
---- > both can see each other.
Both turn off videos.
Moderator turns on audio.
User turns on audio.
------ > Both can hear each other.
Both turn off audio.
-------------ISSUE STARTS BELOW.
ISSUE 1---
Moderator turns on video.
User turns on video.
--- > Both can see each other.
Moderator turns on audio.
--- > Moderator can see himself. User video turns off on moderator screen. User can see his video on his own screen.
---- > Both cannot hear each other.
Moderator turns off audio.
--- > Moderator can see himself. User video still off on his screen. User can see his video on his own screen.
Moderator turns off video.
User turns off video.
--------------REPEAT THE ABOVE ISSUE
ISSUE 2---
…Repeat steps in ISSUE 1 with roles in reversed order (User going first and moderator following it). Same result.
User turns on video.
Moderator turns on video.
--- > Both can see each other.
--------------REPEAT ISSUE 1 and ISSUE 2
Moderator starts with audio.
User turns on audio.
--- > both can hear each other
Moderator turns on video.
--- > Moderator can see the green bar rising for audio. User can see the green boundary of moderator video frame glowing. Both cannot hear each other.
--- > Both cannot see each other.
--------------REPEAT THE ABOVE ISSUE with roles in reversed order.
…Repeat steps with roles in reversed order (User going first and moderator following it). Same result.
User starts with audio.
Thank you.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Tuesday, December 3, 2019 12:40 PM
To: Openmeetings user-list <us...@openmeetings.apache.org>
Cc: Coscend@OM <OM...@coscend.com>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Please provide
1) OM version you are using
2) KMS version you are using
3) What are the steps to reproduce the issue
Thanks in advance
On Tue, 3 Dec 2019 at 05:58, Daniel Baker <info@collisiondetection.biz <ma...@collisiondetection.biz> > wrote:
Can you try for testing purposes on a real server. Help to eliminate possibilities.
On 12/3/2019 1:44 AM, Coscend@OM wrote:
Dear Daniel,
Thank you for the pointer. Unfortunately, our servers are enterprise-grade (meaning prohibitively expensive) and hence, need to have VMs to be cost-effective.
Dear Maxim,
After over 50 tests with different configurations of coturn and firewall ports, we are now able to stream in intranet as well as extranet:
Videos of all participants
Audio of all participants
The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME TIME.
We would appreciate any insight the solution.
----
Possible cause
Firewall ports (both hardware and software) are not blocking because the users can:
1. See either video or audio at any time, but not both concurrently.
2. Giving the same result in the following use cases:
both intranet (two devices connected to one switch, and no router between the devices) and
extranet (router+firewall).
We are attempting to refine the logic of methods, variables and their values stored in and retrieved from OM database:
activityAllowed, activityToggle, hasActivity, Client set(Activity a), Client toggle(Activity a)
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
om-db: <https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [mailto:info@collisiondetection.biz]
Sent: Saturday, November 30, 2019 1:28 PM
To: OM.Insights@Coscend.com <ma...@Coscend.com> ; user@openmeetings.apache.org <ma...@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Went to a real server ( laptop , ubuntu ) . No VM.
On 11/30/2019 2:06 PM, Coscend@OM wrote:
Hello Daniel,
Thank you for highlighting one of the possibilities. What was the solution you implemented in your case? How did it go?
Perhaps we can learn from your use case and implement it in our context.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [ <ma...@collisiondetection.biz> mailto:info@collisiondetection.biz]
Sent: Friday, November 29, 2019 3:14 AM
To: <ma...@openmeetings.apache.org> user@openmeetings.apache.org; Maxim Solodovnik <ma...@gmail.com> <so...@gmail.com>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
I had a similar issue but put it down to it being in a VM (virtualbox)
On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
This "We can see our own video/audio. We are not getting the video and audio of other users"
most probably mean audio/video is NOT working on your server
I would:
1) check if audio/video works on localhost
(I'm using FF + Chrome in the same room to check video is transferred)
2+) add network levels one by one and check if video is being transferred
config looks good, but there are lots of options ....
On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim and Rene,
We are serving HTTPS by Tomcat9/OM5 binary. We can see our own video/audio. We are not getting the video and audio of other users.
Below is our config. Perhaps you could suggest what we are missing.
-----------------------------------------------
Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn. 443 for Tomcat
- - >Coturn config:
Listening port=3478
Tls-listening-port=5439
listening-ip=<Local IP of server hosting coturn>
relay-ip=<Local IP of server hosting Tomcat>
external-ip=<Public IP>/<Local IP of server hosting coturn>
verbose
fingerprint
lt-cred-match
use-auth-secret
static-auth-secret=<SECRETVALUE>
realm=<OURFQDN.com>
min-port=49152
max-port=65535
no-stun
- - >Tomcat
Rest is same as in vanilla OM binary
<Server port="8005" shutdown="SHUTDOWN">
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
[snipped]
- - >applicationContext.xml
Rest is same as in vanilla OM binary
p:turnUrl="<External_IP>:5349" (We have tried both 3478 and 5349)
p:turnUser=""
p:turnSecret="<SECRETVALUE>"
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Monday, November 25, 2019 10:23 AM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Unfortunately I don't get your last email :(
You can
1) serve HTTPS by OM
OR
2) serve HTTPS by reverse proxy
NOT both
what is your configuration?
On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Hello Maxim,
Are serving HTTPS pages from Tomcat? That is, certificates are input in server.xml including port 5443.
Hello Rene,
Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for Coturn.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Thursday, November 21, 2019 1:17 PM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
As far as I understand OM is available at 443 (via reverse proxy)
Any errors in browser console?
On Wed, 20 Nov 2019 at 01:21, R. Scholz <rene.scholz@abakus-edv-systems.de <ma...@abakus-edv-systems.de> > wrote:
Hello Hemant,
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is for Coturn, I think.
Best regrads,
René
Am 19.11.2019 um 18:15 schrieb Coscend@OM:
Correction in setup:
External client- - > Public IP
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
From: Coscend@OM [mailto:OM.Insights@Coscend.com]
Sent: Tuesday, November 19, 2019 10:40 PM
To: 'Openmeetings user-list' <ma...@openmeetings.apache.org> <us...@openmeetings.apache.org>
Subject: OM5: Reverse Proxy - CoTURN NAT
Dear OM Community,
Could you guide us on this problem: video not appearing in our OM5 installation?
Even in the intranet / LAN,
· We cannot see others’ video.
· we can see own video (self).
Same result in WAN via NAT, reverse proxy.
--------------
Here is our setup:
Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Maxim Solodovnik <so...@gmail.com>.
Please provide
1) OM version you are using
2) KMS version you are using
3) What are the steps to reproduce the issue
Thanks in advance
On Tue, 3 Dec 2019 at 05:58, Daniel Baker <in...@collisiondetection.biz>
wrote:
> Can you try for testing purposes on a real server. Help to eliminate
> possibilities.
> On 12/3/2019 1:44 AM, Coscend@OM wrote:
>
> Dear Daniel,
>
>
>
> Thank you for the pointer. Unfortunately, our servers are
> enterprise-grade (meaning prohibitively expensive) and hence, need to have
> VMs to be cost-effective.
>
>
>
>
>
> Dear Maxim,
>
>
>
> After over 50 tests with different configurations of coturn and firewall
> ports, we are now able to stream in intranet as well as extranet:
>
> Videos of all participants
>
> Audio of all participants
>
>
>
> The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME
> TIME.
>
> We would appreciate any insight the solution.
>
>
>
> ----
>
> Possible cause
>
> Firewall ports (both hardware and software) are not blocking because the
> users can:
>
> 1. See either video or audio at any time, but not both concurrently.
>
> 2. Giving the same result in the following use cases:
>
> both intranet (two devices connected to one switch, and no router between
> the devices) and
>
> extranet (router+firewall).
>
>
>
> We are attempting to refine the logic of methods, variables and their
> values stored in and retrieved from OM database:
>
> activityAllowed, activityToggle, hasActivity, Client set(Activity a),
> Client toggle(Activity a)
>
>
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
>
>
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
>
>
>
> om-db:
> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
> *From:* Daniel Baker [mailto:info@collisiondetection.biz
> <in...@collisiondetection.biz>]
> *Sent:* Saturday, November 30, 2019 1:28 PM
> *To:* OM.Insights@Coscend.com; user@openmeetings.apache.org
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Went to a real server ( laptop , ubuntu ) . No VM.
>
> On 11/30/2019 2:06 PM, Coscend@OM wrote:
>
> Hello Daniel,
>
>
>
> Thank you for highlighting one of the possibilities. What was the
> solution you implemented in your case? How did it go?
>
>
>
> Perhaps we can learn from your use case and implement it in our context.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
> *From:* Daniel Baker [mailto:info@collisiondetection.biz
> <in...@collisiondetection.biz>]
> *Sent:* Friday, November 29, 2019 3:14 AM
> *To:* user@openmeetings.apache.org; Maxim Solodovnik
> <so...@gmail.com> <so...@gmail.com>; OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> I had a similar issue but put it down to it being in a VM (virtualbox)
>
> On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
>
> This "We can see our own video/audio. We are not getting the video and
> audio of other users"
>
> most probably mean audio/video is NOT working on your server
>
>
>
> I would:
>
> 1) check if audio/video works on localhost
>
> (I'm using FF + Chrome in the same room to check video is transferred)
>
> 2+) add network levels one by one and check if video is being transferred
>
>
>
> config looks good, but there are lots of options ....
>
>
>
> On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM...@coscend.com> wrote:
>
> Dear Maxim and Rene,
>
>
>
> We are serving HTTPS by Tomcat9/OM5 binary. We can see our own
> video/audio. We are not getting the video and audio of other users.
>
> Below is our config. Perhaps you could suggest what we are missing.
>
>
>
> -----------------------------------------------
>
>
>
> Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn.
> 443 for Tomcat
>
>
>
> - - >Coturn config:
>
> Listening port=3478
>
> Tls-listening-port=5439
>
> listening-ip=<Local IP of server hosting coturn>
>
> relay-ip=<Local IP of server hosting Tomcat>
>
> external-ip=<Public IP>/<Local IP of server hosting coturn>
>
>
>
> verbose
> fingerprint
> lt-cred-match
>
> use-auth-secret
> static-auth-secret=<SECRETVALUE>
> realm=<OURFQDN.com>
> min-port=49152
> max-port=65535
> no-stun
>
>
>
> - - >Tomcat
>
> Rest is same as in vanilla OM binary
>
>
>
> <Server port="8005" shutdown="SHUTDOWN">
>
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>
> maxThreads="150" SSLEnabled="true" >
>
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> />
>
> <SSLHostConfig>
> <Certificate
> certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
>
> certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
> </SSLHostConfig>
> </Connector>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
>
> [snipped]
>
>
>
>
>
> - - >applicationContext.xml
>
> Rest is same as in vanilla OM binary
>
> p:turnUrl="<External_IP>:5349" (We
> have tried both 3478 and 5349)
>
> p:turnUser=""
>
> p:turnSecret="<SECRETVALUE>"
>
>
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, November 25, 2019 10:23 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Unfortunately I don't get your last email :(
>
>
>
> You can
>
> 1) serve HTTPS by OM
>
> OR
>
> 2) serve HTTPS by reverse proxy
>
> NOT both
>
>
>
> what is your configuration?
>
>
>
> On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM...@coscend.com> wrote:
>
> Hello Maxim,
>
>
>
> Are serving HTTPS pages from Tomcat? That is, certificates are input in
> server.xml including port 5443.
>
>
>
>
>
> Hello Rene,
>
>
>
> Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for
> Coturn.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Thursday, November 21, 2019 1:17 PM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> As far as I understand OM is available at 443 (via reverse proxy)
>
>
>
> Any errors in browser console?
>
>
>
> On Wed, 20 Nov 2019 at 01:21, R. Scholz <re...@abakus-edv-systems.de>
> wrote:
>
> Hello Hemant,
>
> *- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535*
> Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is
> for Coturn, I think.
>
> Best regrads,
>
> René
>
> Am 19.11.2019 um 18:15 schrieb Coscend@OM:
>
> Correction in setup:
>
>
>
> External client- - > Public IP
>
>
>
> - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535
>
>
>
> - - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
>
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com
> <OM...@Coscend.com>]
> *Sent:* Tuesday, November 19, 2019 10:40 PM
> *To:* 'Openmeetings user-list' <us...@openmeetings.apache.org>
> <us...@openmeetings.apache.org>
> *Subject:* OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Dear OM Community,
>
>
>
> Could you guide us on this problem: video not appearing in our OM5
> installation?
>
>
>
> Even in the intranet / LAN,
>
> · We cannot see others’ video.
>
> · we can see own video (self).
>
> Same result in WAN via NAT, reverse proxy.
>
>
>
> --------------
>
> Here is our setup:
>
>
>
> Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
--
WBR
Maxim aka solomax
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Daniel Baker <in...@collisiondetection.biz>.
Can you try for testing purposes on a real server. Help to eliminate
possibilities.
On 12/3/2019 1:44 AM, Coscend@OM wrote:
>
> Dear Daniel,
>
> Thank you for the pointer. Unfortunately, our servers are
> enterprise-grade (meaning prohibitively expensive) and hence, need to
> have VMs to be cost-effective.
>
> Dear Maxim,
>
> After over 50 tests with different configurations of coturn and
> firewall ports, we are now able to stream in intranet as well as extranet:
>
> Videos of all participants
>
> Audio of all participants
>
> The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE
> SAME TIME.
>
> We would appreciate any insight the solution.
>
> ----
>
> Possible cause
>
> Firewall ports (both hardware and software) are not blocking because
> the users can:
>
> 1.See either video or audio at any time, but not both concurrently.
>
> 2.Giving the same result in the following use cases:
>
> both intranet (two devices connected to one switch, and no router
> between the devices) and
>
> extranet (router+firewall).
>
> We are attempting to refine the logic of methods, variables and their
> values stored in and retrieved from OM database:
>
> activityAllowed, activityToggle, hasActivity, Client set(Activity a),
> Client toggle(Activity a)
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
>
> om-core:
> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
>
> om-db:
> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
> *From:*Daniel Baker [mailto:info@collisiondetection.biz]
> *Sent:* Saturday, November 30, 2019 1:28 PM
> *To:* OM.Insights@Coscend.com; user@openmeetings.apache.org
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
> Went to a real server ( laptop , ubuntu ) . No VM.
>
> On 11/30/2019 2:06 PM, Coscend@OM wrote:
>
> Hello Daniel,
>
> Thank you for highlighting one of the possibilities. What was the
> solution you implemented in your case? How did it go?
>
> Perhaps we can learn from your use case and implement it in our
> context.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding
> E-mail Messages from Coscend Communications Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
> *From:*Daniel Baker [mailto:info@collisiondetection.biz]
> *Sent:* Friday, November 29, 2019 3:14 AM
> *To:* user@openmeetings.apache.org
> <ma...@openmeetings.apache.org>; Maxim Solodovnik
> <so...@gmail.com> <ma...@gmail.com>;
> OM.Insights@coscend.com <ma...@coscend.com>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
> I had a similar issue but put it down to it being in a VM
> (virtualbox)
>
> On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
>
> This "We can see our own video/audio. We are not getting the
> video and audio of other users"
>
> most probably mean audio/video is NOT working on your server
>
> I would:
>
> 1) check if audio/video works on localhost
>
> (I'm using FF + Chrome in the same room to check video is
> transferred)
>
> 2+) add network levels one by one and check if video is being
> transferred
>
> config looks good, but there are lots of options ....
>
> On Wed, 27 Nov 2019 at 03:25, Coscend@OM
> <OM.Insights@coscend.com <ma...@coscend.com>> wrote:
>
> Dear Maxim and Rene,
>
> We are serving HTTPS by Tomcat9/OM5 binary. We can see
> our own video/audio. We are not getting the video and
> audio of other users.
>
> Below is our config. Perhaps you could suggest what we
> are missing.
>
> -----------------------------------------------
>
> Hardware NAT / firewall: Open TCP 3478 5349 UDP
> 49152-65535 for Coturn. 443 for Tomcat
>
> - - >Coturn config:
>
> Listening port=3478
>
> Tls-listening-port=5439
>
> listening-ip=<Local IP of server hosting coturn>
>
> relay-ip=<Local IP of server hosting Tomcat>
>
> external-ip=<Public IP>/<Local IP of server hosting coturn>
>
> verbose
> fingerprint
> lt-cred-match
>
> use-auth-secret
> static-auth-secret=<SECRETVALUE>
> realm=<OURFQDN.com>
> min-port=49152
> max-port=65535
> no-stun
>
> - - >Tomcat
>
> Rest is same as in vanilla OM binary
>
> <Server port="8005" shutdown="SHUTDOWN">
>
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>
> maxThreads="150" SSLEnabled="true" >
>
> <UpgradeProtocol
> className="org.apache.coyote.http2.Http2Protocol" />
>
> <SSLHostConfig>
> <Certificate
> certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
> certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
> </SSLHostConfig>
> </Connector>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <Connector port="8009" protocol="AJP/1.3"
> redirectPort="443" />
>
> [snipped]
>
> - - >applicationContext.xml
>
> Rest is same as in vanilla OM binary
>
> p:turnUrl="<External_IP>:5349" (We have tried both 3478
> and 5349)
>
> p:turnUser=""
>
> p:turnSecret="<SECRETVALUE>"
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration,
> Tele-healthcare, Tele-education, Telepresence Services, on
> the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice
> Regarding E-mail Messages from Coscend Communications
> Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
> *From:*Maxim Solodovnik [mailto:solomax666@gmail.com
> <ma...@gmail.com>]
> *Sent:* Monday, November 25, 2019 10:23 AM
> *To:* Openmeetings user-list <user@openmeetings.apache.org
> <ma...@openmeetings.apache.org>>;
> OM.Insights@coscend.com <ma...@coscend.com>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
> Unfortunately I don't get your last email :(
>
> You can
>
> 1) serve HTTPS by OM
>
> OR
>
> 2) serve HTTPS by reverse proxy
>
> NOT both
>
> what is your configuration?
>
> On Fri, 22 Nov 2019 at 22:41, Coscend@OM
> <OM.Insights@coscend.com <ma...@coscend.com>>
> wrote:
>
> Hello Maxim,
>
> Are serving HTTPS pages from Tomcat? That is,
> certificates are input in server.xml including port 5443.
>
> Hello Rene,
>
> Thank you for the insight. Yes, ports open TCP 3478
> UDP 49152-65535 for Coturn.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration,
> Tele-healthcare, Tele-education, Telepresence
> Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice
> Regarding E-mail Messages from Coscend Communications
> Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
> *From:*Maxim Solodovnik [mailto:solomax666@gmail.com
> <ma...@gmail.com>]
> *Sent:* Thursday, November 21, 2019 1:17 PM
> *To:* Openmeetings user-list
> <user@openmeetings.apache.org
> <ma...@openmeetings.apache.org>>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
> As far as I understand OM is available at 443 (via
> reverse proxy)
>
> Any errors in browser console?
>
> On Wed, 20 Nov 2019 at 01:21, R. Scholz
> <rene.scholz@abakus-edv-systems.de
> <ma...@abakus-edv-systems.de>> wrote:
>
> Hello Hemant,
>
> /- - > Hardware based: NAT, Strict Firewall:
> ports open TCP 3478 UDP 49152-65535/
> Have you open port 5443 (Tomcat-https-Port)? 3478
> and the port range is for Coturn, I think.
>
> Best regrads,
>
> René
>
> Am 19.11.2019 um 18:15 schrieb Coscend@OM:
>
> Correction in setup:
>
> External client- - > Public IP
>
> - - > Hardware based: NAT, Strict Firewall:
> ports open TCP 3478 UDP 49152-65535
>
> - - > Reverse proxy via Apache HTTPD, Nginx
> etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
> - - > CoTURN: Config from Rene, Juan and
> Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
> - - > OM5-Tomcat: HTTP (port 5080 in
> server.xml): Maxim’s overall and ImageMagick
> guidance
>
> - - > Kurento, docker: Alvaro’s tutorial on
> Docker, Kurento in CentOS 7/8
>
> *From:* Coscend@OM
> [mailto:OM.Insights@Coscend.com]
> *Sent:* Tuesday, November 19, 2019 10:40 PM
> *To:* 'Openmeetings user-list'
> <us...@openmeetings.apache.org>
> <ma...@openmeetings.apache.org>
> *Subject:* OM5: Reverse Proxy - CoTURN NAT
>
> Dear OM Community,
>
> Could you guide us on this problem: video not
> appearing in our OM5 installation?
>
> Even in the intranet / LAN,
>
> ·We cannot see others’ video.
>
> ·we can see own video (self).
>
> Same result in WAN via NAT, reverse proxy.
>
> --------------
>
> Here is our setup:
>
> Reverse proxy via Apache HTTPD, Nginx etc.
> (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
> - - > NAT, Strict Firewall: ports open TCP
> 3478 UDP 49152-65535
>
> - - > CoTURN: Config from Rene, Juan and
> Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
> - - > OM5-Tomcat: HTTP (port 5080 in
> server.xml): Maxim’s overall and ImageMagick
> guidance
>
> - - > Kurento, docker: Alvaro’s tutorial on
> Docker, Kurento in CentOS 7/8
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration,
> Tele-healthcare, Tele-education, Telepresence
> Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality
> Notice Regarding E-mail Messages from Coscend
> Communications Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
> --
>
> WBR
> Maxim aka solomax
>
RE: OM5: Reverse Proxy - CoTURN NAT
Posted by "Coscend@OM" <OM...@Coscend.com>.
Dear Daniel,
Thank you for the pointer. Unfortunately, our servers are enterprise-grade (meaning prohibitively expensive) and hence, need to have VMs to be cost-effective.
Dear Maxim,
After over 50 tests with different configurations of coturn and firewall ports, we are now able to stream in intranet as well as extranet:
Videos of all participants
Audio of all participants
The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME TIME.
We would appreciate any insight the solution.
----
Possible cause
Firewall ports (both hardware and software) are not blocking because the users can:
1. See either video or audio at any time, but not both concurrently.
2. Giving the same result in the following use cases:
both intranet (two devices connected to one switch, and no router between the devices) and
extranet (router+firewall).
We are attempting to refine the logic of methods, variables and their values stored in and retrieved from OM database:
activityAllowed, activityToggle, hasActivity, Client set(Activity a), Client toggle(Activity a)
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211
om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243
om-db: <https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [mailto:info@collisiondetection.biz]
Sent: Saturday, November 30, 2019 1:28 PM
To: OM.Insights@Coscend.com; user@openmeetings.apache.org
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Went to a real server ( laptop , ubuntu ) . No VM.
On 11/30/2019 2:06 PM, Coscend@OM wrote:
Hello Daniel,
Thank you for highlighting one of the possibilities. What was the solution you implemented in your case? How did it go?
Perhaps we can learn from your use case and implement it in our context.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [ <ma...@collisiondetection.biz> mailto:info@collisiondetection.biz]
Sent: Friday, November 29, 2019 3:14 AM
To: <ma...@openmeetings.apache.org> user@openmeetings.apache.org; Maxim Solodovnik <ma...@gmail.com> <so...@gmail.com>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
I had a similar issue but put it down to it being in a VM (virtualbox)
On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
This "We can see our own video/audio. We are not getting the video and audio of other users"
most probably mean audio/video is NOT working on your server
I would:
1) check if audio/video works on localhost
(I'm using FF + Chrome in the same room to check video is transferred)
2+) add network levels one by one and check if video is being transferred
config looks good, but there are lots of options ....
On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim and Rene,
We are serving HTTPS by Tomcat9/OM5 binary. We can see our own video/audio. We are not getting the video and audio of other users.
Below is our config. Perhaps you could suggest what we are missing.
-----------------------------------------------
Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn. 443 for Tomcat
- - >Coturn config:
Listening port=3478
Tls-listening-port=5439
listening-ip=<Local IP of server hosting coturn>
relay-ip=<Local IP of server hosting Tomcat>
external-ip=<Public IP>/<Local IP of server hosting coturn>
verbose
fingerprint
lt-cred-match
use-auth-secret
static-auth-secret=<SECRETVALUE>
realm=<OURFQDN.com>
min-port=49152
max-port=65535
no-stun
- - >Tomcat
Rest is same as in vanilla OM binary
<Server port="8005" shutdown="SHUTDOWN">
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
[snipped]
- - >applicationContext.xml
Rest is same as in vanilla OM binary
p:turnUrl="<External_IP>:5349" (We have tried both 3478 and 5349)
p:turnUser=""
p:turnSecret="<SECRETVALUE>"
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Monday, November 25, 2019 10:23 AM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>; <ma...@coscend.com> OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Unfortunately I don't get your last email :(
You can
1) serve HTTPS by OM
OR
2) serve HTTPS by reverse proxy
NOT both
what is your configuration?
On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Hello Maxim,
Are serving HTTPS pages from Tomcat? That is, certificates are input in server.xml including port 5443.
Hello Rene,
Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for Coturn.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Thursday, November 21, 2019 1:17 PM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
As far as I understand OM is available at 443 (via reverse proxy)
Any errors in browser console?
On Wed, 20 Nov 2019 at 01:21, R. Scholz <rene.scholz@abakus-edv-systems.de <ma...@abakus-edv-systems.de> > wrote:
Hello Hemant,
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is for Coturn, I think.
Best regrads,
René
Am 19.11.2019 um 18:15 schrieb Coscend@OM:
Correction in setup:
External client- - > Public IP
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
From: Coscend@OM [mailto:OM.Insights@Coscend.com]
Sent: Tuesday, November 19, 2019 10:40 PM
To: 'Openmeetings user-list' <ma...@openmeetings.apache.org> <us...@openmeetings.apache.org>
Subject: OM5: Reverse Proxy - CoTURN NAT
Dear OM Community,
Could you guide us on this problem: video not appearing in our OM5 installation?
Even in the intranet / LAN,
· We cannot see others’ video.
· we can see own video (self).
Same result in WAN via NAT, reverse proxy.
--------------
Here is our setup:
Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Daniel Baker <in...@collisiondetection.biz>.
Went to a real server ( laptop , ubuntu ) . No VM.
On 11/30/2019 2:06 PM, Coscend@OM wrote:
>
> Hello Daniel,
>
> Thank you for highlighting one of the possibilities. What was the
> solution you implemented in your case? How did it go?
>
> Perhaps we can learn from your use case and implement it in our context.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
> *From:*Daniel Baker [mailto:info@collisiondetection.biz]
> *Sent:* Friday, November 29, 2019 3:14 AM
> *To:* user@openmeetings.apache.org; Maxim Solodovnik
> <so...@gmail.com>; OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
> I had a similar issue but put it down to it being in a VM (virtualbox)
>
> On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
>
> This "We can see our own video/audio. We are not getting the
> video and audio of other users"
>
> most probably mean audio/video is NOT working on your server
>
> I would:
>
> 1) check if audio/video works on localhost
>
> (I'm using FF + Chrome in the same room to check video is
> transferred)
>
> 2+) add network levels one by one and check if video is being
> transferred
>
> config looks good, but there are lots of options ....
>
> On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM.Insights@coscend.com
> <ma...@coscend.com>> wrote:
>
> Dear Maxim and Rene,
>
> We are serving HTTPS by Tomcat9/OM5 binary. We can see our
> own video/audio. We are not getting the video and audio of
> other users.
>
> Below is our config. Perhaps you could suggest what we are
> missing.
>
> -----------------------------------------------
>
> Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535
> for Coturn. 443 for Tomcat
>
> - - >Coturn config:
>
> Listening port=3478
>
> Tls-listening-port=5439
>
> listening-ip=<Local IP of server hosting coturn>
>
> relay-ip=<Local IP of server hosting Tomcat>
>
> external-ip=<Public IP>/<Local IP of server hosting coturn>
>
> verbose
> fingerprint
> lt-cred-match
>
> use-auth-secret
> static-auth-secret=<SECRETVALUE>
> realm=<OURFQDN.com>
> min-port=49152
> max-port=65535
> no-stun
>
> - - >Tomcat
>
> Rest is same as in vanilla OM binary
>
> <Server port="8005" shutdown="SHUTDOWN">
>
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>
> maxThreads="150" SSLEnabled="true" >
>
> <UpgradeProtocol
> className="org.apache.coyote.http2.Http2Protocol" />
>
> <SSLHostConfig>
> <Certificate
> certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
> certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
> </SSLHostConfig>
> </Connector>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
>
> [snipped]
>
> - - >applicationContext.xml
>
> Rest is same as in vanilla OM binary
>
> p:turnUrl="<External_IP>:5349" (We have tried both 3478 and 5349)
>
> p:turnUser=""
>
> p:turnSecret="<SECRETVALUE>"
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding
> E-mail Messages from Coscend Communications Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
> *From:*Maxim Solodovnik [mailto:solomax666@gmail.com
> <ma...@gmail.com>]
> *Sent:* Monday, November 25, 2019 10:23 AM
> *To:* Openmeetings user-list <user@openmeetings.apache.org
> <ma...@openmeetings.apache.org>>;
> OM.Insights@coscend.com <ma...@coscend.com>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
> Unfortunately I don't get your last email :(
>
> You can
>
> 1) serve HTTPS by OM
>
> OR
>
> 2) serve HTTPS by reverse proxy
>
> NOT both
>
> what is your configuration?
>
> On Fri, 22 Nov 2019 at 22:41, Coscend@OM
> <OM.Insights@coscend.com <ma...@coscend.com>> wrote:
>
> Hello Maxim,
>
> Are serving HTTPS pages from Tomcat? That is,
> certificates are input in server.xml including port 5443.
>
> Hello Rene,
>
> Thank you for the insight. Yes, ports open TCP 3478 UDP
> 49152-65535 for Coturn.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration,
> Tele-healthcare, Tele-education, Telepresence Services, on
> the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice
> Regarding E-mail Messages from Coscend Communications
> Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
> *From:*Maxim Solodovnik [mailto:solomax666@gmail.com
> <ma...@gmail.com>]
> *Sent:* Thursday, November 21, 2019 1:17 PM
> *To:* Openmeetings user-list <user@openmeetings.apache.org
> <ma...@openmeetings.apache.org>>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
> As far as I understand OM is available at 443 (via reverse
> proxy)
>
> Any errors in browser console?
>
> On Wed, 20 Nov 2019 at 01:21, R. Scholz
> <rene.scholz@abakus-edv-systems.de
> <ma...@abakus-edv-systems.de>> wrote:
>
> Hello Hemant,
>
> /- - > Hardware based: NAT, Strict Firewall: ports
> open TCP 3478 UDP 49152-65535/
> Have you open port 5443 (Tomcat-https-Port)? 3478 and
> the port range is for Coturn, I think.
>
> Best regrads,
>
> René
>
> Am 19.11.2019 um 18:15 schrieb Coscend@OM:
>
> Correction in setup:
>
> External client- - > Public IP
>
> - - > Hardware based: NAT, Strict Firewall:
> ports open TCP 3478 UDP 49152-65535
>
> - - > Reverse proxy via Apache HTTPD, Nginx etc.
> (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
> - - > CoTURN: Config from Rene, Juan and Maxim:
> NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
> - - > OM5-Tomcat: HTTP (port 5080 in
> server.xml): Maxim’s overall and ImageMagick guidance
>
> - - > Kurento, docker: Alvaro’s tutorial on
> Docker, Kurento in CentOS 7/8
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com]
> *Sent:* Tuesday, November 19, 2019 10:40 PM
> *To:* 'Openmeetings user-list'
> <us...@openmeetings.apache.org>
> <ma...@openmeetings.apache.org>
> *Subject:* OM5: Reverse Proxy - CoTURN NAT
>
> Dear OM Community,
>
> Could you guide us on this problem: video not
> appearing in our OM5 installation?
>
> Even in the intranet / LAN,
>
> ·We cannot see others’ video.
>
> ·we can see own video (self).
>
> Same result in WAN via NAT, reverse proxy.
>
> --------------
>
> Here is our setup:
>
> Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS
> LetsEncrypt):
>
> Working configuration from OM-408
>
> - - > NAT, Strict Firewall: ports open TCP 3478
> UDP 49152-65535
>
> - - > CoTURN: Config from Rene, Juan and Maxim:
> NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
> - - > OM5-Tomcat: HTTP (port 5080 in
> server.xml): Maxim’s overall and ImageMagick guidance
>
> - - > Kurento, docker: Alvaro’s tutorial on
> Docker, Kurento in CentOS 7/8
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration,
> Tele-healthcare, Tele-education, Telepresence
> Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality
> Notice Regarding E-mail Messages from Coscend
> Communications Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
> --
>
> WBR
> Maxim aka solomax
>
RE: OM5: Reverse Proxy - CoTURN NAT
Posted by "Coscend@OM" <OM...@Coscend.com>.
Hello Daniel,
Thank you for highlighting one of the possibilities. What was the solution you implemented in your case? How did it go?
Perhaps we can learn from your use case and implement it in our context.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Daniel Baker [mailto:info@collisiondetection.biz]
Sent: Friday, November 29, 2019 3:14 AM
To: user@openmeetings.apache.org; Maxim Solodovnik <so...@gmail.com>; OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
I had a similar issue but put it down to it being in a VM (virtualbox)
On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
This "We can see our own video/audio. We are not getting the video and audio of other users"
most probably mean audio/video is NOT working on your server
I would:
1) check if audio/video works on localhost
(I'm using FF + Chrome in the same room to check video is transferred)
2+) add network levels one by one and check if video is being transferred
config looks good, but there are lots of options ....
On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Dear Maxim and Rene,
We are serving HTTPS by Tomcat9/OM5 binary. We can see our own video/audio. We are not getting the video and audio of other users.
Below is our config. Perhaps you could suggest what we are missing.
-----------------------------------------------
Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn. 443 for Tomcat
- - >Coturn config:
Listening port=3478
Tls-listening-port=5439
listening-ip=<Local IP of server hosting coturn>
relay-ip=<Local IP of server hosting Tomcat>
external-ip=<Public IP>/<Local IP of server hosting coturn>
verbose
fingerprint
lt-cred-match
use-auth-secret
static-auth-secret=<SECRETVALUE>
realm=<OURFQDN.com>
min-port=49152
max-port=65535
no-stun
- - >Tomcat
Rest is same as in vanilla OM binary
<Server port="8005" shutdown="SHUTDOWN">
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
[snipped]
- - >applicationContext.xml
Rest is same as in vanilla OM binary
p:turnUrl="<External_IP>:5349" (We have tried both 3478 and 5349)
p:turnUser=""
p:turnSecret="<SECRETVALUE>"
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com <ma...@gmail.com> ]
Sent: Monday, November 25, 2019 10:23 AM
To: Openmeetings user-list <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >; OM.Insights@coscend.com <ma...@coscend.com>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Unfortunately I don't get your last email :(
You can
1) serve HTTPS by OM
OR
2) serve HTTPS by reverse proxy
NOT both
what is your configuration?
On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Hello Maxim,
Are serving HTTPS pages from Tomcat? That is, certificates are input in server.xml including port 5443.
Hello Rene,
Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for Coturn.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto: <ma...@gmail.com> solomax666@gmail.com]
Sent: Thursday, November 21, 2019 1:17 PM
To: Openmeetings user-list < <ma...@openmeetings.apache.org> user@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
As far as I understand OM is available at 443 (via reverse proxy)
Any errors in browser console?
On Wed, 20 Nov 2019 at 01:21, R. Scholz <rene.scholz@abakus-edv-systems.de <ma...@abakus-edv-systems.de> > wrote:
Hello Hemant,
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is for Coturn, I think.
Best regrads,
René
Am 19.11.2019 um 18:15 schrieb Coscend@OM:
Correction in setup:
External client- - > Public IP
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
From: Coscend@OM [mailto:OM.Insights@Coscend.com]
Sent: Tuesday, November 19, 2019 10:40 PM
To: 'Openmeetings user-list' <ma...@openmeetings.apache.org> <us...@openmeetings.apache.org>
Subject: OM5: Reverse Proxy - CoTURN NAT
Dear OM Community,
Could you guide us on this problem: video not appearing in our OM5 installation?
Even in the intranet / LAN,
· We cannot see others’ video.
· we can see own video (self).
Same result in WAN via NAT, reverse proxy.
--------------
Here is our setup:
Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
Thank you.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Daniel Baker <in...@collisiondetection.biz>.
I had a similar issue but put it down to it being in a VM (virtualbox)
On 11/27/2019 3:23 PM, Maxim Solodovnik wrote:
> This "We can see our own video/audio. We are not getting the video
> and audio of other users"
> most probably mean audio/video is NOT working on your server
>
> I would:
> 1) check if audio/video works on localhost
> (I'm using FF + Chrome in the same room to check video is transferred)
> 2+) add network levels one by one and check if video is being transferred
>
> config looks good, but there are lots of options ....
>
> On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM.Insights@coscend.com
> <ma...@coscend.com>> wrote:
>
> Dear Maxim and Rene,
>
> We are serving HTTPS by Tomcat9/OM5 binary. We can see our own
> video/audio. We are not getting the video and audio of other users.
>
> Below is our config. Perhaps you could suggest what we are missing.
>
> -----------------------------------------------
>
> Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for
> Coturn. 443 for Tomcat
>
> - - >Coturn config:
>
> Listening port=3478
>
> Tls-listening-port=5439
>
> listening-ip=<Local IP of server hosting coturn>
>
> relay-ip=<Local IP of server hosting Tomcat>
>
> external-ip=<Public IP>/<Local IP of server hosting coturn>
>
> verbose
> fingerprint
> lt-cred-match
>
> use-auth-secret
> static-auth-secret=<SECRETVALUE>
> realm=<OURFQDN.com>
> min-port=49152
> max-port=65535
> no-stun
>
> - - >Tomcat
>
> Rest is same as in vanilla OM binary
>
> <Server port="8005" shutdown="SHUTDOWN">
>
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>
> maxThreads="150" SSLEnabled="true" >
>
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
>
> <SSLHostConfig>
> <Certificate
> certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
> certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
> </SSLHostConfig>
> </Connector>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
>
> [snipped]
>
> - - >applicationContext.xml
>
> Rest is same as in vanilla OM binary
>
> p:turnUrl="<External_IP>:5349" (We have tried both 3478 and 5349)
>
> p:turnUser=""
>
> p:turnSecret="<SECRETVALUE>"
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding
> E-mail Messages from Coscend Communications Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
> *From:*Maxim Solodovnik [mailto:solomax666@gmail.com
> <ma...@gmail.com>]
> *Sent:* Monday, November 25, 2019 10:23 AM
> *To:* Openmeetings user-list <user@openmeetings.apache.org
> <ma...@openmeetings.apache.org>>; OM.Insights@coscend.com
> <ma...@coscend.com>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
> Unfortunately I don't get your last email :(
>
> You can
>
> 1) serve HTTPS by OM
>
> OR
>
> 2) serve HTTPS by reverse proxy
>
> NOT both
>
> what is your configuration?
>
> On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM.Insights@coscend.com
> <ma...@coscend.com>> wrote:
>
> Hello Maxim,
>
> Are serving HTTPS pages from Tomcat? That is, certificates
> are input in server.xml including port 5443.
>
> Hello Rene,
>
> Thank you for the insight. Yes, ports open TCP 3478 UDP
> 49152-65535 for Coturn.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding
> E-mail Messages from Coscend Communications Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
> *From:*Maxim Solodovnik [mailto:solomax666@gmail.com
> <ma...@gmail.com>]
> *Sent:* Thursday, November 21, 2019 1:17 PM
> *To:* Openmeetings user-list <user@openmeetings.apache.org
> <ma...@openmeetings.apache.org>>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
> As far as I understand OM is available at 443 (via reverse proxy)
>
> Any errors in browser console?
>
> On Wed, 20 Nov 2019 at 01:21, R. Scholz
> <rene.scholz@abakus-edv-systems.de
> <ma...@abakus-edv-systems.de>> wrote:
>
> Hello Hemant,
>
> /- - > Hardware based: NAT, Strict Firewall: ports open
> TCP 3478 UDP 49152-65535/
> Have you open port 5443 (Tomcat-https-Port)? 3478 and the
> port range is for Coturn, I think.
>
> Best regrads,
>
> René
>
> Am 19.11.2019 um 18:15 schrieb Coscend@OM:
>
> Correction in setup:
>
> External client- - > Public IP
>
> - - > Hardware based: NAT, Strict Firewall: ports
> open TCP 3478 UDP 49152-65535
>
> - - > Reverse proxy via Apache HTTPD, Nginx etc.
> (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT
> via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml):
> Maxim’s overall and ImageMagick guidance
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker,
> Kurento in CentOS 7/8
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com]
> *Sent:* Tuesday, November 19, 2019 10:40 PM
> *To:* 'Openmeetings user-list'
> <us...@openmeetings.apache.org>
> <ma...@openmeetings.apache.org>
> *Subject:* OM5: Reverse Proxy - CoTURN NAT
>
> Dear OM Community,
>
> Could you guide us on this problem: video not
> appearing in our OM5 installation?
>
> Even in the intranet / LAN,
>
> ·We cannot see others’ video.
>
> ·we can see own video (self).
>
> Same result in WAN via NAT, reverse proxy.
>
> --------------
>
> Here is our setup:
>
> Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS
> LetsEncrypt):
>
> Working configuration from OM-408
>
> - - > NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT
> via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml):
> Maxim’s overall and ImageMagick guidance
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker,
> Kurento in CentOS 7/8
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration,
> Tele-healthcare, Tele-education, Telepresence
> Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice
> Regarding E-mail Messages from Coscend Communications
> Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
> --
> WBR
> Maxim aka solomax
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Maxim Solodovnik <so...@gmail.com>.
This "We can see our own video/audio. We are not getting the video and
audio of other users"
most probably mean audio/video is NOT working on your server
I would:
1) check if audio/video works on localhost
(I'm using FF + Chrome in the same room to check video is transferred)
2+) add network levels one by one and check if video is being transferred
config looks good, but there are lots of options ....
On Wed, 27 Nov 2019 at 03:25, Coscend@OM <OM...@coscend.com> wrote:
> Dear Maxim and Rene,
>
>
>
> We are serving HTTPS by Tomcat9/OM5 binary. We can see our own
> video/audio. We are not getting the video and audio of other users.
>
> Below is our config. Perhaps you could suggest what we are missing.
>
>
>
> -----------------------------------------------
>
>
>
> Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn.
> 443 for Tomcat
>
>
>
> - - >Coturn config:
>
> Listening port=3478
>
> Tls-listening-port=5439
>
> listening-ip=<Local IP of server hosting coturn>
>
> relay-ip=<Local IP of server hosting Tomcat>
>
> external-ip=<Public IP>/<Local IP of server hosting coturn>
>
>
>
> verbose
> fingerprint
> lt-cred-match
>
> use-auth-secret
> static-auth-secret=<SECRETVALUE>
> realm=<OURFQDN.com>
> min-port=49152
> max-port=65535
> no-stun
>
>
>
> - - >Tomcat
>
> Rest is same as in vanilla OM binary
>
>
>
> <Server port="8005" shutdown="SHUTDOWN">
>
> <Connector port="443"
> protocol="org.apache.coyote.http11.Http11AprProtocol"
>
> maxThreads="150" SSLEnabled="true" >
>
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> />
>
> <SSLHostConfig>
> <Certificate
> certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
>
> certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
> </SSLHostConfig>
> </Connector>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
>
> [snipped]
>
>
>
>
>
> - - >applicationContext.xml
>
> Rest is same as in vanilla OM binary
>
> p:turnUrl="<External_IP>:5349" (We
> have tried both 3478 and 5349)
>
> p:turnUser=""
>
> p:turnSecret="<SECRETVALUE>"
>
>
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, November 25, 2019 10:23 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>;
> OM.Insights@coscend.com
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Unfortunately I don't get your last email :(
>
>
>
> You can
>
> 1) serve HTTPS by OM
>
> OR
>
> 2) serve HTTPS by reverse proxy
>
> NOT both
>
>
>
> what is your configuration?
>
>
>
> On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM...@coscend.com> wrote:
>
> Hello Maxim,
>
>
>
> Are serving HTTPS pages from Tomcat? That is, certificates are input in
> server.xml including port 5443.
>
>
>
>
>
> Hello Rene,
>
>
>
> Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for
> Coturn.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Thursday, November 21, 2019 1:17 PM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> As far as I understand OM is available at 443 (via reverse proxy)
>
>
>
> Any errors in browser console?
>
>
>
> On Wed, 20 Nov 2019 at 01:21, R. Scholz <re...@abakus-edv-systems.de>
> wrote:
>
> Hello Hemant,
>
> *- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535*
> Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is
> for Coturn, I think.
>
> Best regrads,
>
> René
>
> Am 19.11.2019 um 18:15 schrieb Coscend@OM:
>
> Correction in setup:
>
>
>
> External client- - > Public IP
>
>
>
> - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535
>
>
>
> - - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
>
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com
> <OM...@Coscend.com>]
> *Sent:* Tuesday, November 19, 2019 10:40 PM
> *To:* 'Openmeetings user-list' <us...@openmeetings.apache.org>
> <us...@openmeetings.apache.org>
> *Subject:* OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Dear OM Community,
>
>
>
> Could you guide us on this problem: video not appearing in our OM5
> installation?
>
>
>
> Even in the intranet / LAN,
>
> · We cannot see others’ video.
>
> · we can see own video (self).
>
> Same result in WAN via NAT, reverse proxy.
>
>
>
> --------------
>
> Here is our setup:
>
>
>
> Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
RE: OM5: Reverse Proxy - CoTURN NAT
Posted by "Coscend@OM" <OM...@Coscend.com>.
Dear Maxim and Rene,
We are serving HTTPS by Tomcat9/OM5 binary. We can see our own video/audio. We are not getting the video and audio of other users.
Below is our config. Perhaps you could suggest what we are missing.
-----------------------------------------------
Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn. 443 for Tomcat
- - >Coturn config:
Listening port=3478
Tls-listening-port=5439
listening-ip=<Local IP of server hosting coturn>
relay-ip=<Local IP of server hosting Tomcat>
external-ip=<Public IP>/<Local IP of server hosting coturn>
verbose
fingerprint
lt-cred-match
use-auth-secret
static-auth-secret=<SECRETVALUE>
realm=<OURFQDN.com>
min-port=49152
max-port=65535
no-stun
- - >Tomcat
Rest is same as in vanilla OM binary
<Server port="8005" shutdown="SHUTDOWN">
<Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150" SSLEnabled="true" >
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig>
<Certificate certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem"
certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem"
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
[snipped]
- - >applicationContext.xml
Rest is same as in vanilla OM binary
p:turnUrl="<External_IP>:5349" (We have tried both 3478 and 5349)
p:turnUser=""
p:turnSecret="<SECRETVALUE>"
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Monday, November 25, 2019 10:23 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>; OM.Insights@coscend.com
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
Unfortunately I don't get your last email :(
You can
1) serve HTTPS by OM
OR
2) serve HTTPS by reverse proxy
NOT both
what is your configuration?
On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM.Insights@coscend.com <ma...@coscend.com> > wrote:
Hello Maxim,
Are serving HTTPS pages from Tomcat? That is, certificates are input in server.xml including port 5443.
Hello Rene,
Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for Coturn.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com <ma...@gmail.com> ]
Sent: Thursday, November 21, 2019 1:17 PM
To: Openmeetings user-list <user@openmeetings.apache.org <ma...@openmeetings.apache.org> >
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
As far as I understand OM is available at 443 (via reverse proxy)
Any errors in browser console?
On Wed, 20 Nov 2019 at 01:21, R. Scholz <rene.scholz@abakus-edv-systems.de <ma...@abakus-edv-systems.de> > wrote:
Hello Hemant,
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is for Coturn, I think.
Best regrads,
René
Am 19.11.2019 um 18:15 schrieb Coscend@OM:
Correction in setup:
External client- - > Public IP
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
From: Coscend@OM [mailto:OM.Insights@Coscend.com]
Sent: Tuesday, November 19, 2019 10:40 PM
To: 'Openmeetings user-list' <ma...@openmeetings.apache.org> <us...@openmeetings.apache.org>
Subject: OM5: Reverse Proxy - CoTURN NAT
Dear OM Community,
Could you guide us on this problem: video not appearing in our OM5 installation?
Even in the intranet / LAN,
· We cannot see others’ video.
· we can see own video (self).
Same result in WAN via NAT, reverse proxy.
--------------
Here is our setup:
Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
Thank you.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Maxim Solodovnik <so...@gmail.com>.
Unfortunately I don't get your last email :(
You can
1) serve HTTPS by OM
OR
2) serve HTTPS by reverse proxy
NOT both
what is your configuration?
On Fri, 22 Nov 2019 at 22:41, Coscend@OM <OM...@coscend.com> wrote:
> Hello Maxim,
>
>
>
> Are serving HTTPS pages from Tomcat? That is, certificates are input in
> server.xml including port 5443.
>
>
>
>
>
> Hello Rene,
>
>
>
> Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for
> Coturn.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Thursday, November 21, 2019 1:17 PM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: OM5: Reverse Proxy - CoTURN NAT
>
>
>
> As far as I understand OM is available at 443 (via reverse proxy)
>
>
>
> Any errors in browser console?
>
>
>
> On Wed, 20 Nov 2019 at 01:21, R. Scholz <re...@abakus-edv-systems.de>
> wrote:
>
> Hello Hemant,
>
> *- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535*
> Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is
> for Coturn, I think.
>
> Best regrads,
>
> René
>
> Am 19.11.2019 um 18:15 schrieb Coscend@OM:
>
> Correction in setup:
>
>
>
> External client- - > Public IP
>
>
>
> - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535
>
>
>
> - - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
>
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com
> <OM...@Coscend.com>]
> *Sent:* Tuesday, November 19, 2019 10:40 PM
> *To:* 'Openmeetings user-list' <us...@openmeetings.apache.org>
> <us...@openmeetings.apache.org>
> *Subject:* OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Dear OM Community,
>
>
>
> Could you guide us on this problem: video not appearing in our OM5
> installation?
>
>
>
> Even in the intranet / LAN,
>
> · We cannot see others’ video.
>
> · we can see own video (self).
>
> Same result in WAN via NAT, reverse proxy.
>
>
>
> --------------
>
> Here is our setup:
>
>
>
> Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
RE: OM5: Reverse Proxy - CoTURN NAT
Posted by "Coscend@OM" <OM...@Coscend.com>.
Hello Maxim,
Are serving HTTPS pages from Tomcat? That is, certificates are input in server.xml including port 5443.
Hello Rene,
Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for Coturn.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Thursday, November 21, 2019 1:17 PM
To: Openmeetings user-list <us...@openmeetings.apache.org>
Subject: Re: OM5: Reverse Proxy - CoTURN NAT
As far as I understand OM is available at 443 (via reverse proxy)
Any errors in browser console?
On Wed, 20 Nov 2019 at 01:21, R. Scholz <rene.scholz@abakus-edv-systems.de <ma...@abakus-edv-systems.de> > wrote:
Hello Hemant,
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is for Coturn, I think.
Best regrads,
René
Am 19.11.2019 um 18:15 schrieb Coscend@OM:
Correction in setup:
External client- - > Public IP
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
From: Coscend@OM [mailto:OM.Insights@Coscend.com]
Sent: Tuesday, November 19, 2019 10:40 PM
To: 'Openmeetings user-list' <ma...@openmeetings.apache.org> <us...@openmeetings.apache.org>
Subject: OM5: Reverse Proxy - CoTURN NAT
Dear OM Community,
Could you guide us on this problem: video not appearing in our OM5 installation?
Even in the intranet / LAN,
· We cannot see others’ video.
· we can see own video (self).
Same result in WAN via NAT, reverse proxy.
--------------
Here is our setup:
Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance
- - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
Thank you.
Sincerely,
Hemant K. Sabat
www.Coscend.com <http://www.coscend.com/>
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly…
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
--
WBR
Maxim aka solomax
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by Maxim Solodovnik <so...@gmail.com>.
As far as I understand OM is available at 443 (via reverse proxy)
Any errors in browser console?
On Wed, 20 Nov 2019 at 01:21, R. Scholz <re...@abakus-edv-systems.de>
wrote:
> Hello Hemant,
>
> *- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535*
> Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is
> for Coturn, I think.
>
> Best regrads,
>
> René
>
>
> Am 19.11.2019 um 18:15 schrieb Coscend@OM:
>
> Correction in setup:
>
>
>
> External client- - > Public IP
>
>
>
> - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535
>
>
>
> - - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
>
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com
> <OM...@Coscend.com>]
> *Sent:* Tuesday, November 19, 2019 10:40 PM
> *To:* 'Openmeetings user-list' <us...@openmeetings.apache.org>
> <us...@openmeetings.apache.org>
> *Subject:* OM5: Reverse Proxy - CoTURN NAT
>
>
>
> Dear OM Community,
>
>
>
> Could you guide us on this problem: video not appearing in our OM5
> installation?
>
>
>
> Even in the intranet / LAN,
>
> · We cannot see others’ video.
>
> · we can see own video (self).
>
> Same result in WAN via NAT, reverse proxy.
>
>
>
> --------------
>
> Here is our setup:
>
>
>
> Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
>
>
> - - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
>
>
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
>
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and
> ImageMagick guidance
>
>
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
>
>
> Thank you.
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted at:
> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
>
>
>
>
>
>
--
WBR
Maxim aka solomax
Re: OM5: Reverse Proxy - CoTURN NAT
Posted by "R. Scholz" <re...@abakus-edv-systems.de>.
Hello Hemant,
/- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
49152-65535/
Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is
for Coturn, I think.
Best regrads,
René
Am 19.11.2019 um 18:15 schrieb Coscend@OM:
>
> Correction in setup:
>
> External client- - > Public IP
>
> - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
> 49152-65535
>
> - - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall
> and ImageMagick guidance
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
> *From:* Coscend@OM [mailto:OM.Insights@Coscend.com]
> *Sent:* Tuesday, November 19, 2019 10:40 PM
> *To:* 'Openmeetings user-list' <us...@openmeetings.apache.org>
> *Subject:* OM5: Reverse Proxy - CoTURN NAT
>
> Dear OM Community,
>
> Could you guide us on this problem: video not appearing in our OM5
> installation?
>
> Even in the intranet / LAN,
>
> ·We cannot see others’ video.
>
> ·we can see own video (self).
>
> Same result in WAN via NAT, reverse proxy.
>
> --------------
>
> Here is our setup:
>
> Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
>
> Working configuration from OM-408
>
> - - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
>
> - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem
>
> - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall
> and ImageMagick guidance
>
> - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8
>
> Thank you.
>
> Sincerely,
>
> Hemant K. Sabat
>
> www.Coscend.com <http://www.coscend.com/>
>
> ------------------------------------------------------------------
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> ------------------------------------------------------------------
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
> <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html>
>
RE: OM5: Reverse Proxy - CoTURN NAT
Posted by "Coscend@OM" <OM...@Coscend.com>.
Correction in setup:
External client- - > Public IP
- - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP
49152-65535
- - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A
9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim's overall and
ImageMagick guidance
- - > Kurento, docker: Alvaro's tutorial on Docker, Kurento in CentOS 7/8
From: Coscend@OM [mailto:OM.Insights@Coscend.com]
Sent: Tuesday, November 19, 2019 10:40 PM
To: 'Openmeetings user-list' <us...@openmeetings.apache.org>
Subject: OM5: Reverse Proxy - CoTURN NAT
Dear OM Community,
Could you guide us on this problem: video not appearing in our OM5
installation?
Even in the intranet / LAN,
. We cannot see others' video.
. we can see own video (self).
Same result in WAN via NAT, reverse proxy.
--------------
Here is our setup:
Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt):
Working configuration from OM-408
- - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535
- - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN:
https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A
9+Scholz%22+turn+server+problem
- - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim's overall and
ImageMagick guidance
- - > Kurento, docker: Alvaro's tutorial on Docker, Kurento in CentOS 7/8
Thank you.
Sincerely,
Hemant K. Sabat
<http://www.coscend.com/> www.Coscend.com
------------------------------------------------------------------
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education,
Telepresence Services, on the fly.
------------------------------------------------------------------
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
Messages from Coscend Communications Solutions' posted at:
http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html