Sametime audio video fall back to TCP 443

anon-1922 · March 14, 2024, 6:36pm

Sametime guests use UDP 10000 for video and audio, and fall back to TCP 4443 if UDP port 10000 is not available. This requires external guest to allow a non-standard port (either UDP 10000 or TCP 4443) through their firewall.

Microsoft Teams by comparison, works in a similar way by default media will use UDP ports 3478 - 3481, but will fall back to the standard TCP 443 if not available.

As a result we cannot use Sametime for meetings outside of our business.

Has there been any progress since this 3 years ago...

Or more importantly how do others deal with this?

Many thanks.

anon-2135 · March 14, 2024, 7:56pm

Hi Mark,

I had the same problem too, because teams like meets use doors and many companies opened them during the pandemic. Sametime is less widespread and being on prem external companies do not open firewalls. I solved it by installing a simple turn server on the same network so that whoever has the port closed passes the 443 traffic bypassing all the firewalls.

Documentation:

https://opensource.hcltechsw.com/sametime-doc/admin/turnserver_intro.html

Or

https://help.hcltechsw.com/sametime/1201/admin/turnserver_intro.html

anon-1922 · March 15, 2024, 12:09pm

Thanks Dario, very helpful.

It would help the product if HCL used standard ports etc, but hey.

anon-2135 · March 15, 2024, 12:26pm

Hi Mark,

The problem is not just the port but the fact that the site is on-prem.
Companies have opened their firewalls towards zooms, meets, teams, goto.
With a turn server you solve the problems by putting an ubuntu server on the same network for example DMZ and giving it a public name.

anon-1922 · March 15, 2024, 12:57pm

Ah yes of course Dario you are correct.

Thanks again.

caseytoole · March 18, 2024, 1:24pm

Hi Mark,

Dario is correct, you can either use TCP port 4443 without TURN, or you can use TURN to use TCP port 443. Typically TURN is installed on a separate machine. See this link for a typical deployment diagram: https://opensource.hcltechsw.com/sametime-doc/v1202/admin/topology_turn.html

We recommend using CoTURN, which is what we tested with.

We recently shipped Sametime 12.0.2 with some managed helm charts for Kubernetes that can automatically deploy a CoTURN service in your Kubernetes cluster (same machine). It makes setting up TURN a breeze. We also just shipped single server Kubernetes managed charts (which include this TURN deployment). I will be publishing an article this week that has a complete step-by-step tutorial if you are interested.

Managed helm charts: https://opensource.hcltechsw.com/sametime-doc/v1202/admin/installation_sametime_kubernetes_managedcharts.html

Thanks,

Casey (HCL)