Dear Maxim,
We tested both: 5.0.0-M2 (BEFORE issues 2101 and 2132 were fixed) and 5.0.0-M3 (AFTER issues were fixed) https://issues.apache.org/jira/browse/OPENMEETINGS-2101 https://issues.apache.org/jira/browse/OPENMEETINGS-2132 Setup: CentOS 8 + Coturn + Kurento via Docker-CE-3:19.03.5-3 ----------- M2: Intranet (no router / firewall) Either audio or video are transmitting individually. The users can either see OR hear each other. But the users cannot do both at the same time. But when both video and audio are turned on, both video and audio disappears on users’ own as well as other users’ screen. Only a green boundary highlighter appeared when someone spoke. Extranet (with firewall and router): Same result. This means firewall and router ports are open and transmission is enabled. M3: Intranet (no router / firewall) Both audio and video are NOT transmitting. Each user can see itself on its own screen. They cannot see other users on their screen. They cannot hear other users. Extranet (with firewall and router): Same result. --------- Another issue: Start Recording Test: This does not stop. --------- Thank you. Sincerely, Hemant K. Sabat <http://www.coscend.com/> www.Coscend.com ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly… ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html From: Maxim Solodovnik [mailto:[email protected]] Sent: Wednesday, December 4, 2019 10:40 AM To: Openmeetings user-list <[email protected]>; [email protected] Subject: Re: OM5: Reverse Proxy - CoTURN NAT This might be one of https://issues.apache.org/jira/browse/OPENMEETINGS-2101 https://issues.apache.org/jira/browse/OPENMEETINGS-2132 On Wed, 4 Dec 2019 at 04:43, Coscend@OM <[email protected] <mailto:[email protected]> > wrote: Dear Maxim, All stable releases: Kurento: Installed using docker command. How do we find its version? OM 5.0.0-M2 Docker-CE-3:19.03.5-3 CentOS 8 MariadB 10.3.18 Steps used: Intranet: Two devices connected via a switch. No router. (Extranet gives same result with the same steps.) Hardware Firewall ports open: Tomcat 443, 49152-63555, Coturn 3478, 8888 Start coturn Start Docker Start Kurento: docker run -d --name kms -p 8888:8888 --mount type=bind,source= …,target=… Start MariaDB Start Tomcat (SSL) Install OM – 5.0.0-M2 successful. Create a user. OM Admin / Moderator enters Presentation room. User enters room. Moderator allows user all moderation rights. Moderator turns on video. User turns on video. ---- > both can see each other. Both turn off videos. Moderator turns on audio. User turns on audio. ------ > Both can hear each other. Both turn off audio. -------------ISSUE STARTS BELOW. ISSUE 1--- Moderator turns on video. User turns on video. --- > Both can see each other. Moderator turns on audio. --- > Moderator can see himself. User video turns off on moderator screen. User can see his video on his own screen. ---- > Both cannot hear each other. Moderator turns off audio. --- > Moderator can see himself. User video still off on his screen. User can see his video on his own screen. Moderator turns off video. User turns off video. --------------REPEAT THE ABOVE ISSUE ISSUE 2--- …Repeat steps in ISSUE 1 with roles in reversed order (User going first and moderator following it). Same result. User turns on video. Moderator turns on video. --- > Both can see each other. --------------REPEAT ISSUE 1 and ISSUE 2 Moderator starts with audio. User turns on audio. --- > both can hear each other Moderator turns on video. --- > Moderator can see the green bar rising for audio. User can see the green boundary of moderator video frame glowing. Both cannot hear each other. --- > Both cannot see each other. --------------REPEAT THE ABOVE ISSUE with roles in reversed order. …Repeat steps with roles in reversed order (User going first and moderator following it). Same result. User starts with audio. Thank you. Sincerely, Hemant K. Sabat www.Coscend.com <http://www.coscend.com/> ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly… ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html From: Maxim Solodovnik [mailto:[email protected] <mailto:[email protected]> ] Sent: Tuesday, December 3, 2019 12:40 PM To: Openmeetings user-list <[email protected] <mailto:[email protected]> > Cc: Coscend@OM <[email protected] <mailto:[email protected]> > Subject: Re: OM5: Reverse Proxy - CoTURN NAT Please provide 1) OM version you are using 2) KMS version you are using 3) What are the steps to reproduce the issue Thanks in advance On Tue, 3 Dec 2019 at 05:58, Daniel Baker <[email protected] <mailto:[email protected]> > wrote: Can you try for testing purposes on a real server. Help to eliminate possibilities. On 12/3/2019 1:44 AM, Coscend@OM wrote: Dear Daniel, Thank you for the pointer. Unfortunately, our servers are enterprise-grade (meaning prohibitively expensive) and hence, need to have VMs to be cost-effective. Dear Maxim, After over 50 tests with different configurations of coturn and firewall ports, we are now able to stream in intranet as well as extranet: Videos of all participants Audio of all participants The issue: Users can see EITHER video OR audio, but NOT BOTH, AT THE SAME TIME. We would appreciate any insight the solution. ---- Possible cause Firewall ports (both hardware and software) are not blocking because the users can: 1. See either video or audio at any time, but not both concurrently. 2. Giving the same result in the following use cases: both intranet (two devices connected to one switch, and no router between the devices) and extranet (router+firewall). We are attempting to refine the logic of methods, variables and their values stored in and retrieved from OM database: activityAllowed, activityToggle, hasActivity, Client set(Activity a), Client toggle(Activity a) om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/StreamProcessor.java#L211 om-core: <https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243> https://github.com/apache/openmeetings/blob/master/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/KurentoHandler.java#L243 om-db: <https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175> https://github.com/apache/openmeetings/blob/master/openmeetings-db/src/main/java/org/apache/openmeetings/db/entity/basic/Client.java#L175 Thank you. Sincerely, Hemant K. Sabat <http://www.coscend.com/> www.Coscend.com ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly… ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html From: Daniel Baker [mailto:[email protected]] Sent: Saturday, November 30, 2019 1:28 PM To: [email protected] <mailto:[email protected]> ; [email protected] <mailto:[email protected]> Subject: Re: OM5: Reverse Proxy - CoTURN NAT Went to a real server ( laptop , ubuntu ) . No VM. On 11/30/2019 2:06 PM, Coscend@OM wrote: Hello Daniel, Thank you for highlighting one of the possibilities. What was the solution you implemented in your case? How did it go? Perhaps we can learn from your use case and implement it in our context. Sincerely, Hemant K. Sabat <http://www.coscend.com/> www.Coscend.com ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly… ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html From: Daniel Baker [ <mailto:[email protected]> mailto:[email protected]] Sent: Friday, November 29, 2019 3:14 AM To: <mailto:[email protected]> [email protected]; Maxim Solodovnik <mailto:[email protected]> <[email protected]>; <mailto:[email protected]> [email protected] Subject: Re: OM5: Reverse Proxy - CoTURN NAT I had a similar issue but put it down to it being in a VM (virtualbox) On 11/27/2019 3:23 PM, Maxim Solodovnik wrote: This "We can see our own video/audio. We are not getting the video and audio of other users" most probably mean audio/video is NOT working on your server I would: 1) check if audio/video works on localhost (I'm using FF + Chrome in the same room to check video is transferred) 2+) add network levels one by one and check if video is being transferred config looks good, but there are lots of options .... On Wed, 27 Nov 2019 at 03:25, Coscend@OM <[email protected] <mailto:[email protected]> > wrote: Dear Maxim and Rene, We are serving HTTPS by Tomcat9/OM5 binary. We can see our own video/audio. We are not getting the video and audio of other users. Below is our config. Perhaps you could suggest what we are missing. ----------------------------------------------- Hardware NAT / firewall: Open TCP 3478 5349 UDP 49152-65535 for Coturn. 443 for Tomcat - - >Coturn config: Listening port=3478 Tls-listening-port=5439 listening-ip=<Local IP of server hosting coturn> relay-ip=<Local IP of server hosting Tomcat> external-ip=<Public IP>/<Local IP of server hosting coturn> verbose fingerprint lt-cred-match use-auth-secret static-auth-secret=<SECRETVALUE> realm=<OURFQDN.com> min-port=49152 max-port=65535 no-stun - - >Tomcat Rest is same as in vanilla OM binary <Server port="8005" shutdown="SHUTDOWN"> <Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate certificateFile="/etc/letsencrypt/live/OURFQDN.com/cert.pem" certificateKeyFile="/etc/letsencrypt/live/OURFQDN.com/privkey.pem" </SSLHostConfig> </Connector> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" /> [snipped] - - >applicationContext.xml Rest is same as in vanilla OM binary p:turnUrl="<External_IP>:5349" (We have tried both 3478 and 5349) p:turnUser="" p:turnSecret="<SECRETVALUE>" Thank you. Sincerely, Hemant K. Sabat <http://www.coscend.com/> www.Coscend.com ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly… ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html From: Maxim Solodovnik [mailto: <mailto:[email protected]> [email protected]] Sent: Monday, November 25, 2019 10:23 AM To: Openmeetings user-list < <mailto:[email protected]> [email protected]>; <mailto:[email protected]> [email protected] Subject: Re: OM5: Reverse Proxy - CoTURN NAT Unfortunately I don't get your last email :( You can 1) serve HTTPS by OM OR 2) serve HTTPS by reverse proxy NOT both what is your configuration? On Fri, 22 Nov 2019 at 22:41, Coscend@OM <[email protected] <mailto:[email protected]> > wrote: Hello Maxim, Are serving HTTPS pages from Tomcat? That is, certificates are input in server.xml including port 5443. Hello Rene, Thank you for the insight. Yes, ports open TCP 3478 UDP 49152-65535 for Coturn. Sincerely, Hemant K. Sabat <http://www.coscend.com/> www.Coscend.com ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly… ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html From: Maxim Solodovnik [mailto: <mailto:[email protected]> [email protected]] Sent: Thursday, November 21, 2019 1:17 PM To: Openmeetings user-list < <mailto:[email protected]> [email protected]> Subject: Re: OM5: Reverse Proxy - CoTURN NAT As far as I understand OM is available at 443 (via reverse proxy) Any errors in browser console? On Wed, 20 Nov 2019 at 01:21, R. Scholz <[email protected] <mailto:[email protected]> > wrote: Hello Hemant, - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535 Have you open port 5443 (Tomcat-https-Port)? 3478 and the port range is for Coturn, I think. Best regrads, René Am 19.11.2019 um 18:15 schrieb Coscend@OM: Correction in setup: External client- - > Public IP - - > Hardware based: NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535 - - > Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt): Working configuration from OM-408 - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8 From: Coscend@OM [mailto:[email protected]] Sent: Tuesday, November 19, 2019 10:40 PM To: 'Openmeetings user-list' <mailto:[email protected]> <[email protected]> Subject: OM5: Reverse Proxy - CoTURN NAT Dear OM Community, Could you guide us on this problem: video not appearing in our OM5 installation? Even in the intranet / LAN, · We cannot see others’ video. · we can see own video (self). Same result in WAN via NAT, reverse proxy. -------------- Here is our setup: Reverse proxy via Apache HTTPD, Nginx etc. (HTTPS LetsEncrypt): Working configuration from OM-408 - - > NAT, Strict Firewall: ports open TCP 3478 UDP 49152-65535 - - > CoTURN: Config from Rene, Juan and Maxim: NAT via CoTURN: <https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem> https://markmail.org/message/3dgy62lj3m74mogy?q=rene+scholz+from:%22Ren%C3%A9+Scholz%22+turn+server+problem - - > OM5-Tomcat: HTTP (port 5080 in server.xml): Maxim’s overall and ImageMagick guidance - - > Kurento, docker: Alvaro’s tutorial on Docker, Kurento in CentOS 7/8 Thank you. Sincerely, Hemant K. Sabat <http://www.coscend.com/> www.Coscend.com ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly… ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html -- WBR Maxim aka solomax -- WBR Maxim aka solomax -- WBR Maxim aka solomax -- WBR Maxim aka solomax -- WBR Maxim aka solomax
