From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=webweaving.org (client-ip=148.251.234.232; helo=weser.webweaving.org; envelope-from=dirkx@webweaving.org; receiver=) Authentication-Results: mail.toke.dk; dkim=pass (1024-bit key; unprotected) header.d=webweaving.org header.i=@webweaving.org header.a=rsa-sha256 header.s=shared header.b=oPZnO2jg Received: from weser.webweaving.org (weser.webweaving.org [148.251.234.232]) by mail.toke.dk (Postfix) with ESMTPS id 30B55A553A5 for ; Thu, 15 Feb 2024 19:16:09 +0100 (CET) Received: from smtpclient.apple (83-85-39-103.cable.dynamic.v4.ziggo.nl [83.85.39.103]) (authenticated bits=0) by weser.webweaving.org (8.17.1/8.17.1) with ESMTPSA id 41FICMNe077756 (version=TLSv1.2 cipher=ECDHE-ECDSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 15 Feb 2024 19:12:22 +0100 (CET) (envelope-from dirkx@webweaving.org) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=webweaving.org; s=shared; t=1708020743; bh=Zn7okD6T5qQte3XEBw6UPDkvksnr6CoA8czdvqH+BtQ=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=oPZnO2jgKpjXyKqilvrfonqQAxH+uXkILmqNQ7XEgsXI+Xxdv3BnYST7lN5mBoQKT 89k4nSOlv3ZnUkoZbn5RLVYSuj8TTICIfMQXS8y67pj+ya54odQWuKSNqxYylGOeH4 eDNjEVvEszqklbzCBbz7tZ6WPH4ijsnIH+5iB3MQ= X-Authentication-Warning: weser.webweaving.org: Host 83-85-39-103.cable.dynamic.v4.ziggo.nl [83.85.39.103] claimed to be smtpclient.apple Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.300.61.1.2\)) From: Dirk-Willem van Gulik In-Reply-To: <87le7lzjjt.wl-jch@irif.fr> Date: Thu, 15 Feb 2024 19:12:21 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <352E304C-7CE2-4A84-A0A6-1C072B33E248@webweaving.org> References: <87o7cmhole.wl-jch@irif.fr> <87h6iehcng.wl-jch@irif.fr> <87le7lzjjt.wl-jch@irif.fr> To: Juliusz Chroboczek X-Mailer: Apple Mail (2.3774.300.61.1.2) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 (weser.webweaving.org [148.251.234.232]); Thu, 15 Feb 2024 19:12:23 +0100 (CET) Message-ID-Hash: 5RYEYPYWER6VVPUVJGFZPRLDER5QOBOF X-Message-ID-Hash: 5RYEYPYWER6VVPUVJGFZPRLDER5QOBOF X-MailFrom: dirkx@webweaving.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.9 Precedence: list Subject: [Galene] Re: udp-port range and subsequent "turn" use of ports outside that range List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: > On 15 Feb 2024, at 19:09, Juliusz Chroboczek wrote: >=20 >> The situation is slightly more odd. With galene ran as: >>=20 >> /usr/local/bin/galene -static /usr/local/share/galene \ >> .... \ >> -turn OUTSIDEIP:SRCPORT \ >> -udp-range 18100-19100 >=20 >> I would expect to only see UDP traffic going out that originates from >> OUTSIDEIP. >=20 > I don't see why. The above configuration only specifies that the TURN > server is advertised on OUTSIDEIP. It says nothing about the = addresses > that are advertised for direct (non-TURN) traffic. >=20 > So in the above configuration, Galene will advertise: >=20 > - all local addresses with ports 18100-19100 ; > - arbitrary STUN-ed addresses ; > - TURN addresses on OUTSIDEIP:SRCPORT. >=20 >> 1) I had not expected to see OUTSIDEIP_2 in this list at all. >=20 > That's a STUNed address. >=20 >> 2) I had not expected source UDP ports such as 11247 in below list. >=20 > If you seen port 11247 inside the NAT, then it's suprising. Seeing = port > 11247 outside the NAT might happen if the NAT remapped a port in = udp-range > to a different value. >=20 >> With the attempts to reach 10.11.0.240 a case where perhaps some = RFC1918 >> optimisation can be applied. >=20 > That's normal behaviour, the first point in the enumeration above. >=20 > Please be patient, I'm up to my ears in other stuff right now, but I'm > really interested in understanding the behaviour you've pointed out. No worries - feel free to ignore this completely - I'll see if I can get = a more decent test case using some logging inside the sturn/ice code. Dw.=