Follow

Troubleshoot Firewall Type for WebRTC

Orchid Core VMS Servers need to be behind a compatible NAT type (basically, anything but Symmetric NAT) in order for bidirectional communication to be possible through a firewall.  See here:

https://doc-kurento.readthedocs.io/en/stable/knowledge/nat.html#port-restricted-cone-nat

 

Linux

Run the below on the client and server side to determine which NAT types are in use.  See the guide at the bottom of the article linked above to determine if STUN will work for a given configuration.

git clone https://github.com/konradkonrad/pystun.git pystun-konrad
cd pystun-konrad/
git checkout research
mv README.md README.rst
sudo python setup.py install
pystun

 

Windows

Download latest python27: https://www.python.org/ftp/python/2.7.17/python-2.7.17.amd64.msi

The latest python installer includes pip. From cmd.exe (Run as Administrator):

cd c:\Python27\Scripts
pip install pystun
pystun

If the server has multiple NICs, it may be necessary to tell pystun which NIC to use for testing. E.g.,

pystun -i 192.168.1.101

 

Firewall-Specific Configurations

Fortinet/FortiGate

Here's an example which should configure a full-cone NAT for only a certain block of IP addresses (startip and endip would be the address of the Orchid Core VMS server):

config firewall ippool
edit "full_cone-pool1"
set type port-block-allocation
set startip 10.1.1.1
set endip 10.1.1.1
set permit-any-host enable
end


Source: https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/FeatureCatalog-firewall.htm

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments