Orchid Core VMS Servers need to be behind a compatible NAT type (basically, anything but Symmetric NAT) in order for bidirectional communication to be possible through a firewall. See here:
https://doc-kurento.readthedocs.io/en/stable/knowledge/nat.html#port-restricted-cone-nat
Linux
Run the below on the client and server side to determine which NAT types are in use. See the guide at the bottom of the article linked above to determine if STUN will work for a given configuration.
git clone https://github.com/konradkonrad/pystun.git pystun-konrad
cd pystun-konrad/
git checkout research
mv README.md README.rst
sudo python setup.py install
pystun
Windows
Download latest python27: https://www.python.org/ftp/python/2.7.17/python-2.7.17.amd64.msi
The latest python installer includes pip. From cmd.exe (Run as Administrator):
cd c:\Python27\Scripts
pip install pystun
pystun
If the server has multiple NICs, it may be necessary to tell pystun which NIC to use for testing. E.g.,
pystun -i 192.168.1.101
Firewall-Specific Configurations
Fortinet/FortiGate
Here's an example which should configure a full-cone NAT for only a certain block of IP addresses (startip and endip would be the address of the Orchid Core VMS server):
config firewall ippool
edit "full_cone-pool1"
set type port-block-allocation
set startip 10.1.1.1
set endip 10.1.1.1
set permit-any-host enable
end
Comments
0 comments
Please sign in to leave a comment.