From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) by mail.toke.dk (Postfix) with ESMTPS id ABD6A84C2BA for ; Fri, 14 May 2021 20:03:27 +0200 (CEST) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=q4ZJmz0c Received: by mail-qt1-x832.google.com with SMTP id 1so263601qtb.0 for ; Fri, 14 May 2021 11:03:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:cc:references:from:subject:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=EV6Wr8q/9N4TpgW4ZCa2OZ2ex+RvxSqy9X5ETzjZ5IA=; b=q4ZJmz0cQQAv/KjSzMGq8GVHjbrJLociPdhK/PeFXZxdSssjLJIaCkwjSahWqBTIQR 1TO8l8JyvaLE7HCLSXHw16IPcgyKhRe4Qyn4vs2HneOPp8PYa0zeWyYV+MXveLFBMzmG TvTi120lBFFoLjMzt93/o/NeI9RaVqVfL3TDr5Xx/QknAOXKt9L8QN69zA97PW7OHyZb F9NN0idXlgUcDGO6MwfhCD+vPZ302fWfKhMBKfDCCXoRBDd79ig6QNVXiTJs65y244ZU he3l22jdMCb6E1UCPIWcCURUkAAIRmxStK8GawuLH7STXfoaIWqr7WASb7vkaXGXaI6P 0QUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:references:from:subject:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=EV6Wr8q/9N4TpgW4ZCa2OZ2ex+RvxSqy9X5ETzjZ5IA=; b=gJZDRkSb8m+iMV4K+ntnvlgtZscgY7H1METfdeB0xSpRvrL/HvA7POsE6Op6DLSMMl dtFuYFnuTB1koJ5iz3hki8aVqUA5BBfIxPXwcS5woLUMMsa5FnXP2W8emIakk3Doi7Ro CybiFfXXlN3D5YXwPCjzijbyVVlPUtLbnMAerCxS/wbDchdV9JsGS9FNU28OxcedZ8p7 H2C3a3n6jKcZL22B+Nd0rfqfsH3o91OC3K95vxZfnESZO2EKyPOzfhUiQL+RowFHVpiZ hcTdJI3n58orF15Dr3IrsZZ+KOt+t+YqODkN/ukdnWHdmUzP1iCvrs5CTOio+YU7T6h4 Xa3w== X-Gm-Message-State: AOAM532Z4X9NPKdZjF+yCbHdphxkLLCeP62803as3uKIK1m1fWt5Vx4c douzglu7hhP7wLwJKwyG689PbnGBo+iC2Q== X-Google-Smtp-Source: ABdhPJw64WlMeuAGgnJxVAmnzdZsm1bUzGqXnLgxyNwlMcjV6SEnr+QToilWeZtulGEsY3NoaMn1BQ== X-Received: by 2002:ac8:76d6:: with SMTP id q22mr10231141qtr.88.1621015405661; Fri, 14 May 2021 11:03:25 -0700 (PDT) Received: from [192.168.16.14] (108-211-108-75.lightspeed.sntcca.sbcglobal.net. [108.211.108.75]) by smtp.gmail.com with ESMTPSA id j6sm5097356qti.4.2021.05.14.11.03.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 14 May 2021 11:03:25 -0700 (PDT) To: Juliusz Chroboczek References: <60a45f10-75eb-dfef-7609-4f6be2586e6c@gmail.com> <87lf8hldwu.wl-jch@irif.fr> From: Michael Aldridge Message-ID: <0a010004-21af-1fc1-d2cf-b45dbda7d1a3@gmail.com> Date: Fri, 14 May 2021 11:03:23 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: <87lf8hldwu.wl-jch@irif.fr> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Message-ID-Hash: C44ZLOR4YRJID6XQI6MDJP4NYOW4R53E X-Message-ID-Hash: C44ZLOR4YRJID6XQI6MDJP4NYOW4R53E X-MailFrom: aldridge.mac@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.4 Precedence: list Subject: [Galene] Re: Troubleshooting 0kbps/0kbps video List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: >> Laptop -> VPN Server -> Proxy -> Proxy -> Proxy -> Galene > > Wow Yeah the network architecture is slightly too exciting. If I add some more labels it might make more sense as a traditional corporate service: Laptop -> VPN Server -> Corp Edge -> Prod Edge -> Cluster Edge -> Galene The VPN is a very traditional road-warrior setup, so knowledge of IPs isn't a problem, there's already a nice dashboard that shows who's likely to be on based on tunnel status. > Yes. You need to put a TURN server somewhere where it can be reached by > both the client and the server. So your diagram becomes: > > --------------> TURN Server <------------- > / \ > Laptop -> VPN Server -> Proxy -> Proxy -> Proxy -> Galene Since reaching all the way back into the corp network to see a client is not practical in this network topology I'm trying to better understand where/how to put the TURN server. Some cursory googling suggests that its possible to tunnel all this traffic over HTTP. Is this something that the built-in TURN server for Galene supports? In your opinion is this network architecture even practical? With some work I could refactor it to look like: Laptop -> VPN Server -> LB -> Galene I assume this would make things slightly cleaner from a traffic management perspective, but that then involves spinning up a dedicated machine for Galene which is a harder sell in my environment. If this is the only practical approach though then that's what I'll explore. --Michael