From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832])
	by mail.toke.dk (Postfix) with ESMTPS id ABD6A84C2BA
	for <galene@lists.galene.org>; Fri, 14 May 2021 20:03:27 +0200 (CEST)
Authentication-Results: mail.toke.dk;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=q4ZJmz0c
Received: by mail-qt1-x832.google.com with SMTP id 1so263601qtb.0
        for <galene@lists.galene.org>; Fri, 14 May 2021 11:03:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=to:cc:references:from:subject:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=EV6Wr8q/9N4TpgW4ZCa2OZ2ex+RvxSqy9X5ETzjZ5IA=;
        b=q4ZJmz0cQQAv/KjSzMGq8GVHjbrJLociPdhK/PeFXZxdSssjLJIaCkwjSahWqBTIQR
         1TO8l8JyvaLE7HCLSXHw16IPcgyKhRe4Qyn4vs2HneOPp8PYa0zeWyYV+MXveLFBMzmG
         TvTi120lBFFoLjMzt93/o/NeI9RaVqVfL3TDr5Xx/QknAOXKt9L8QN69zA97PW7OHyZb
         F9NN0idXlgUcDGO6MwfhCD+vPZ302fWfKhMBKfDCCXoRBDd79ig6QNVXiTJs65y244ZU
         he3l22jdMCb6E1UCPIWcCURUkAAIRmxStK8GawuLH7STXfoaIWqr7WASb7vkaXGXaI6P
         0QUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:to:cc:references:from:subject:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=EV6Wr8q/9N4TpgW4ZCa2OZ2ex+RvxSqy9X5ETzjZ5IA=;
        b=gJZDRkSb8m+iMV4K+ntnvlgtZscgY7H1METfdeB0xSpRvrL/HvA7POsE6Op6DLSMMl
         dtFuYFnuTB1koJ5iz3hki8aVqUA5BBfIxPXwcS5woLUMMsa5FnXP2W8emIakk3Doi7Ro
         CybiFfXXlN3D5YXwPCjzijbyVVlPUtLbnMAerCxS/wbDchdV9JsGS9FNU28OxcedZ8p7
         H2C3a3n6jKcZL22B+Nd0rfqfsH3o91OC3K95vxZfnESZO2EKyPOzfhUiQL+RowFHVpiZ
         hcTdJI3n58orF15Dr3IrsZZ+KOt+t+YqODkN/ukdnWHdmUzP1iCvrs5CTOio+YU7T6h4
         Xa3w==
X-Gm-Message-State: AOAM532Z4X9NPKdZjF+yCbHdphxkLLCeP62803as3uKIK1m1fWt5Vx4c
	douzglu7hhP7wLwJKwyG689PbnGBo+iC2Q==
X-Google-Smtp-Source: ABdhPJw64WlMeuAGgnJxVAmnzdZsm1bUzGqXnLgxyNwlMcjV6SEnr+QToilWeZtulGEsY3NoaMn1BQ==
X-Received: by 2002:ac8:76d6:: with SMTP id q22mr10231141qtr.88.1621015405661;
        Fri, 14 May 2021 11:03:25 -0700 (PDT)
Received: from [192.168.16.14] (108-211-108-75.lightspeed.sntcca.sbcglobal.net. [108.211.108.75])
        by smtp.gmail.com with ESMTPSA id j6sm5097356qti.4.2021.05.14.11.03.24
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 14 May 2021 11:03:25 -0700 (PDT)
To: Juliusz Chroboczek <jch@irif.fr>
References: <60a45f10-75eb-dfef-7609-4f6be2586e6c@gmail.com>
 <87lf8hldwu.wl-jch@irif.fr>
From: Michael Aldridge <aldridge.mac@gmail.com>
Message-ID: <0a010004-21af-1fc1-d2cf-b45dbda7d1a3@gmail.com>
Date: Fri, 14 May 2021 11:03:23 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.1
MIME-Version: 1.0
In-Reply-To: <87lf8hldwu.wl-jch@irif.fr>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Message-ID-Hash: C44ZLOR4YRJID6XQI6MDJP4NYOW4R53E
X-Message-ID-Hash: C44ZLOR4YRJID6XQI6MDJP4NYOW4R53E
X-MailFrom: aldridge.mac@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: galene@lists.galene.org
X-Mailman-Version: 3.3.4
Precedence: list
Subject: [Galene] Re: Troubleshooting 0kbps/0kbps video
List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= <galene.lists.galene.org>
Archived-At: <https://lists.galene.org/galene/0a010004-21af-1fc1-d2cf-b45dbda7d1a3@gmail.com/>
List-Archive: <https://lists.galene.org/galene/>
List-Help: <mailto:galene-request@lists.galene.org?subject=help>
List-Owner: <mailto:galene-owner@lists.galene.org>
List-Post: <mailto:galene@lists.galene.org>
List-Subscribe: <mailto:galene-join@lists.galene.org>
List-Unsubscribe: <mailto:galene-leave@lists.galene.org>

>> Laptop -> VPN Server -> Proxy -> Proxy -> Proxy -> Galene
> 
> Wow
Yeah the network architecture is slightly too exciting.  If I add some
more labels it might make more sense as a traditional corporate service:

Laptop -> VPN Server -> Corp Edge -> Prod Edge -> Cluster Edge -> Galene

The VPN is a very traditional road-warrior setup, so knowledge of IPs
isn't a problem, there's already a nice dashboard that shows who's
likely to be on based on tunnel status.

> Yes.  You need to put a TURN server somewhere where it can be reached by
> both the client and the server.  So your diagram becomes:
> 
>            --------------> TURN Server <-------------
>           /                                           \
>   Laptop -> VPN Server -> Proxy -> Proxy -> Proxy -> Galene


Since reaching all the way back into the corp network to see a client is
not practical in this network topology I'm trying to better understand
where/how to put the TURN server.  Some cursory googling suggests that
its possible to tunnel all this traffic over HTTP.  Is this something
that the built-in TURN server for Galene supports?

In your opinion is this network architecture even practical?  With some
work I could refactor it to look like:

Laptop -> VPN Server -> LB -> Galene

I assume this would make things slightly cleaner from a traffic
management perspective, but that then involves spinning up a dedicated
machine for Galene which is a harder sell in my environment.  If this is
the only practical approach though then that's what I'll explore.

--Michael