0

I want to configure my local copy of

https://github.com/mattermost/mattermost-webrtc/blob/master/vagrant/janus/config/janus.cfg

to enable video calls for test purposes in Mattermost. One part is:

[nat]
stun_server = stun.l.google.com
stun_port = 19302

How do I use stun.l.google.com behind a corporate proxy?

I tried

proxytunnel -p corporate-proxy:7123 -d stun.l.google.com:19302 -a 3098

and replaced first part with

[nat]
stun_server = localhost
stun_port = 3098

which results in

$ docker run -it webrtc_blah_2
Janus commit: ad2c131617ac989df1a1bbd601272a5e448cbb3e
Compiled on:  Mon Jul 24 13:04:22 UTC 2017

---------------------------------------------------
  Starting Meetecho Janus (WebRTC Gateway) v0.2.4
---------------------------------------------------

Checking command line arguments...
Debug/log level is 4
Debug/log timestamps are disabled
Debug/log colors are enabled
Adding 'vmnet' to the ICE ignore list...
Using X.17.0.2 as local IP...
Token based authentication enabled
Initializing recorder code
Initializing ICE stuff (Full mode, ICE-TCP candidates disabled, IPv6 support disabled)
STUN server to use: localhost:3098
ICE handles watchdog started
Testing STUN server: message is of 20 bytes
[FATAL] [ice.c:janus_ice_set_stun_server:808] No response to our STUN BINDING test
[FATAL] [janus.c:main:3667] Invalid STUN address localhost:3098

Analogous with default config (see last two lines):

[FATAL] [ice.c:janus_ice_set_stun_server:808] No response to our STUN BINDING test
[FATAL] [janus.c:main:3667] Invalid STUN address stun.l.google.com:19302
4

1 回答 1

2

1.STUN and TURN both servers are by definition in their respective RFCs can be setup only on Public IPs

2.Stun server is used to give public IP of your firewall , if you configure in your firewall , your STUN binding requests( SBR) will result no response as there is no external server out from your firewall is configured.

3.On a very supeficial level job of STUN server is to receive the SBR from the source and check the IP address from transport layer and return the same in response plus find one port which will be open to reach the source back.

4.Later hole punching is done on the same port, to make it open throughout the session using STUN binding indication.

Crux is one should not configure STUN or TURN within firewall as this is of no use.

于 2017-07-25T12:25:25.590 回答