Galène videoconferencing server discussion list archives
 help / color / mirror / Atom feed
* [Galene] Troubleshooting 0kbps/0kbps video
@ 2021-05-14  0:08 Michael Aldridge
  2021-05-14 12:04 ` [Galene] " Juliusz Chroboczek
  0 siblings, 1 reply; 5+ messages in thread
From: Michael Aldridge @ 2021-05-14  0:08 UTC (permalink / raw)
  To: galene

Hello,

I'm trying to deploy Galene as an internal video conferencing system and
I'm running into trouble getting the video to work.  My network topology
is as follows:

Laptop -> VPN Server -> Proxy -> Proxy -> Proxy -> Galene

The proxies are forwarding either HTTP or HTTPs traffic all the way
inwards.  Galene is configured with -insecure and a proxy applies
trusted TLS to its connections.

Loading the main page, selecting a room, and using the text chat works
just fine, what doesn't work is actually setting up a call.  If I log
two workstations as "presenters" then they each see their own video, but
report 0kbps+0kbps.

I suspect that the magic bullet is going to be adding a TURN server
somewhere, but I know not where.  At no point in this topology does NAT
occur, so I had thought I could get away without one.  My best guess is
that I'd need to amend my diagram as follows:

         -> TURN Server
        /
Laptop -> VPN Server -> Proxy -> Proxy -> Proxy -> Galene

I can provide debug logs on request, I just don't really know what I'm
looking for here.  Thanks in advance for any pointers.

--Michael

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Galene] Re: Troubleshooting 0kbps/0kbps video
  2021-05-14  0:08 [Galene] Troubleshooting 0kbps/0kbps video Michael Aldridge
@ 2021-05-14 12:04 ` Juliusz Chroboczek
  2021-05-14 18:03   ` Michael Aldridge
  0 siblings, 1 reply; 5+ messages in thread
From: Juliusz Chroboczek @ 2021-05-14 12:04 UTC (permalink / raw)
  To: Michael Aldridge; +Cc: galene

> Laptop -> VPN Server -> Proxy -> Proxy -> Proxy -> Galene

Wow.

> Loading the main page, selecting a room, and using the text chat works
> just fine, what doesn't work is actually setting up a call.  If I log
> two workstations as "presenters" then they each see their own video, but
> report 0kbps+0kbps.

This means that the HTTPS traffic is getting through, but that the RTP
traffic (media) isn't.

> I suspect that the magic bullet is going to be adding a TURN server
> somewhere,

Yes.  You need to put a TURN server somewhere where it can be reached by
both the client and the server.  So your diagram becomes:

           --------------> TURN Server <-------------
          /                                           \
  Laptop -> VPN Server -> Proxy -> Proxy -> Proxy -> Galene

Since there's a VPN in the way, it might be difficult to make the TURN
server reachable by both sides.  In particular, if the goal is to hide IP
addresses, then the TURN server is going to have too much knowledge.

-- Juliusz




^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Galene] Re: Troubleshooting 0kbps/0kbps video
  2021-05-14 12:04 ` [Galene] " Juliusz Chroboczek
@ 2021-05-14 18:03   ` Michael Aldridge
  2021-05-14 19:03     ` Juliusz Chroboczek
  0 siblings, 1 reply; 5+ messages in thread
From: Michael Aldridge @ 2021-05-14 18:03 UTC (permalink / raw)
  To: Juliusz Chroboczek; +Cc: galene

>> Laptop -> VPN Server -> Proxy -> Proxy -> Proxy -> Galene
> 
> Wow
Yeah the network architecture is slightly too exciting.  If I add some
more labels it might make more sense as a traditional corporate service:

Laptop -> VPN Server -> Corp Edge -> Prod Edge -> Cluster Edge -> Galene

The VPN is a very traditional road-warrior setup, so knowledge of IPs
isn't a problem, there's already a nice dashboard that shows who's
likely to be on based on tunnel status.

> Yes.  You need to put a TURN server somewhere where it can be reached by
> both the client and the server.  So your diagram becomes:
> 
>            --------------> TURN Server <-------------
>           /                                           \
>   Laptop -> VPN Server -> Proxy -> Proxy -> Proxy -> Galene


Since reaching all the way back into the corp network to see a client is
not practical in this network topology I'm trying to better understand
where/how to put the TURN server.  Some cursory googling suggests that
its possible to tunnel all this traffic over HTTP.  Is this something
that the built-in TURN server for Galene supports?

In your opinion is this network architecture even practical?  With some
work I could refactor it to look like:

Laptop -> VPN Server -> LB -> Galene

I assume this would make things slightly cleaner from a traffic
management perspective, but that then involves spinning up a dedicated
machine for Galene which is a harder sell in my environment.  If this is
the only practical approach though then that's what I'll explore.

--Michael

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Galene] Re: Troubleshooting 0kbps/0kbps video
  2021-05-14 18:03   ` Michael Aldridge
@ 2021-05-14 19:03     ` Juliusz Chroboczek
  2021-05-14 19:31       ` Michael Aldridge
  0 siblings, 1 reply; 5+ messages in thread
From: Juliusz Chroboczek @ 2021-05-14 19:03 UTC (permalink / raw)
  To: Michael Aldridge; +Cc: galene

> Since reaching all the way back into the corp network to see a client is
> not practical in this network topology I'm trying to better understand
> where/how to put the TURN server.

Put the TURN server in the DMZ, and make sure that all clients (inside and
outside the corporation) are able to access the TURN port on the DMZ host.

> I assume this would make things slightly cleaner from a traffic
> management perspective, but that then involves spinning up a dedicated
> machine for Galene which is a harder sell in my environment.

Hopefully, you'll manage to convince your admins to put a TURN server in
the DMZ: they're probably already familiar with TURN, so it won't be as
frightening to them as allowing access to a Galène server.

In fact, they might already have a TURN server available -- Galène can
share a single TURN server with other videoconferencing software.

-- Juliusz

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Galene] Re: Troubleshooting 0kbps/0kbps video
  2021-05-14 19:03     ` Juliusz Chroboczek
@ 2021-05-14 19:31       ` Michael Aldridge
  0 siblings, 0 replies; 5+ messages in thread
From: Michael Aldridge @ 2021-05-14 19:31 UTC (permalink / raw)
  To: Juliusz Chroboczek; +Cc: galene

Fortunately I'm the only admin I need to convince, and usually I'm
pretty good at arguing with myself.  Unfortunately its becoming more
clear that I don't really know what I'm doing here, so I'll take some
time to read up more on the different parts of the stack and how they work.

Thanks for the pointers!

--Michael

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-05-14 19:31 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-14  0:08 [Galene] Troubleshooting 0kbps/0kbps video Michael Aldridge
2021-05-14 12:04 ` [Galene] " Juliusz Chroboczek
2021-05-14 18:03   ` Michael Aldridge
2021-05-14 19:03     ` Juliusz Chroboczek
2021-05-14 19:31       ` Michael Aldridge

Galène videoconferencing server discussion list archives

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://lists.galene.org/galene

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 galene galene/ https://lists.galene.org/galene \
		galene@lists.galene.org
	public-inbox-index galene

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git