We have hcl sametime 12.0.1 FP1 works fine but sometimes some guest participants outside the LAN can't see audio and video because they have udp port 10000 blocked by their corporate firewalls. we tried to work around this by setting video bridge on tcp and udp port as the document:
https://help.hcltechsw.com/sametime/1201/admin/enable_video_bridge.html
but the problem is not solved. are we forced to use a server turn?
Regards.
Dario
Hi Dario -
Yes, the use of TURN is the preffered method to allow for TCP/443 and to work accross firewalls. The (older) method setting the JVB to listen on 4443 doesn't really work as well - consider that you still have to open an alternate port (4443) and that type of traffic (if ran over 443) will still end up being blocked by more modern firewalls as it does not look like the expected traffic for 443.
So - set up a TURN server to resolve this.
https://help.hcltechsw.com/sametime/1201/admin/turnserver_intro.html
If you need additional help - please open a case with support.
Thank you, but if I set the turn server all the audio video traffic will pass through here without using the 10000 udp anymore? Isn’t that going to affect the quality of the video? do you recommend installing it on the same server as my sametime docker or using a public turn?
TURN will be added as an additional option for the AV streams.
If the client can reach the Sametime Server over UDP 10000 then that will be used, otherwise it will use the relay thru TURN.
We usually recomend putting TURN on a seperate host in the network zone where it is most likely to be used - in your case, the public side.
"if I set the turn server all the audio video traffic will pass through here without using the 10000 udp anymore?"
No, only the meeting clients, that can't connect directly to the videobridge on your Docker host on port 10000 UDP will connect via the TURN server.
Do not try to run the TURN server on the same Docker host where Sametime is running. Install the TURN server on another host, that is under your control. Make sure you enable TCP and UDP on port 443 on the TURN server. This will increase the chance that your guest participants can successfully connect to your meetings.
I would not use a public TURN server for the Sametime A/V streams because you have no control over the availability of a public TURN service.
Thanks everyone for the clarifications.
Last question, must the TURN server I create have a public IP or can I put it on the same network as the DMZ where my Sametime server is present? This is because it would save me a public IP and a certificate.
We can try use the pubblic turn but doens't work.
The sametime do not translate the port on the TCP of the Turn.
I follow the document:
https://help.hcltechsw.com/sametime/1201/admin/turnserver_meetings_docker.html
I set also turn host in my extrahost and JVB_STUN_SERVERS with port 443 and 80 in TURN_SECRET I try use the SECRET_ID.
I have the error when the port 10000 UPD close for the webclient:
JVB 2023-06-13 16:11:42.932 INFO: [86] [confId=ea7257e029c335e conf_name=roberto@muc.sametime.test meeting_id=c9b6c49b epId=420d6fd8 stats_id=Lavinia-tSq local_ufrag=4b2hn1h2qhi7ku ufrag=4b2hn1h2qhi7ku] ConnectivityCheckClient.startCheckForPair#350: Could not start connectivity check: No socket found for 172.31.0.19:10000/udp->192.168.1.92:62813/udp
ufrag=4b2hn1h2qhi7ku] ConnectivityCheckClient.startCheckForPair#350: Could not start connectivity check: No socket found for 172.31.0.19:10000/udp->172.16.90.39:62812/udp
Any idea?
The problem solve.
I Have create other server ubuntu with coturn that comunicate with my sametime docker on port 3478 udp.
The server coturn do a pubblic IP address and valid certificate
Thanks