Orchid Core VMS Servers need to be behind a compatible NAT type (basically, anything but Symmetric NAT) in order for bidirectional communication to be possible through a firewall. See here:
https://doc-kurento.readthedocs.io/en/stable/knowledge/nat.html#port-restricted-cone-nat
Linux
Run the below on the client and server side to determine which NAT types are in use. See the guide at the bottom of the article linked above to determine if STUN will work for a given configuration.
Use this method for Python (on Ubuntu 14.04 - Ubuntu 20.04 systems):
sudo apt install python-setuptools
git clone https://github.com/konradkonrad/pystun.git pystun-konrad cd pystun-konrad/ git checkout research mv README.md README.rst sudo python setup.py install pystun
Use this method for Python3 (on Ubuntu 20.04 - Ubuntu 24.04 systems):
sudo apt install python3-setuptools
git clone https://github.com/talkiq/pystun3.git
cd pystun3
sudo python3 setup.py install
pystun3
If you encounter dict errors on Ubuntu 20.04, the stun module in Python/Python3 may be missing. To resolve, try:
cd pystun3 or cd pystun-konrad
sudo cp -r stun /usr/lib/python3/
sudo python3 setup.py install
Ensure /usr/lib/python3/ has a symlink to the actual python version (ex. ls /usr/bin/python3 -l)
Windows
Download latest python27: https://www.python.org/ftp/python/2.7.17/python-2.7.17.amd64.msi
The latest python installer includes pip. From cmd.exe (Run as Administrator):
cd c:\Python27\Scripts
pip install pystun
pystun
If the server has multiple NICs, it may be necessary to tell pystun which NIC to use for testing. E.g.,
pystun -i 192.168.1.101
Firewall-Specific Configurations
Fortinet/FortiGate
Here's an example which should configure a full-cone NAT for only a certain block of IP addresses (startip and endip would be the address of the Orchid Core VMS server):
config firewall ippool
edit "full_cone-pool1"
set type port-block-allocation
set startip 10.1.1.1
set endip 10.1.1.1
set permit-any-host enable
end
Comments
0 comments
Please sign in to leave a comment.