From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=irif.fr (client-ip=2001:660:3301:8000::1:2; helo=korolev.univ-paris7.fr; envelope-from=jch@irif.fr; receiver=) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=irif.fr header.i=@irif.fr header.a=rsa-sha256 header.s=dkim-irif header.b=gosDe2qN Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) by mail.toke.dk (Postfix) with ESMTPS id 1ECB5A5698D for ; Thu, 22 Feb 2024 23:38:59 +0100 (CET) Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 41MMcvMp024671 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 22 Feb 2024 23:38:58 +0100 Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id 41MMcuNd017361; Thu, 22 Feb 2024 23:38:56 +0100 Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 266EC769D4; Thu, 22 Feb 2024 23:38:55 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=irif.fr; h= content-type:content-type:mime-version:user-agent:references :in-reply-to:subject:subject:from:from:message-id:date:date :received:received; s=dkim-irif; t=1708641534; x=1709505535; bh= 7UejwNkWA1231Tpf5tzpI85iQrijqYp3hlI0eXqrsDM=; b=gosDe2qNethz99aB wBWNRUxLfeG75hhPk6T0j9bVWV23FTFO9r9CnY5lcoFQXJ8Jsrn10KmXiE4awIJU Qmgr5xsOPepGwHBfSzrmFUTympJ737TluaUiHGJW4YvAv/34/LBctmzfNUqHU2td 2H9HR1kfI2m9lhNFCCrGpSvZby8t5gRxHkFDebUZMyFuswlIBRK6dhRK3Pzg/CMu OO0EzCB/k1K0K1tNOnnyDVr0KmSYYkPIhnOBCU4GDHBXO2APPc8avnoL0Lh+45+F XxjG7qDJqkiIHayFumiABcOVWBRUWi8LQjDA6m6phL/ztpsOSNFbcN+J9foDDvTz MDVkZA== X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id KvnWf8bmDx4e; Thu, 22 Feb 2024 23:38:54 +0100 (CET) Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 5BD9276C8F; Thu, 22 Feb 2024 23:38:54 +0100 (CET) Date: Thu, 22 Feb 2024 23:38:53 +0100 Message-ID: <87v86g3z0i.wl-jch@irif.fr> From: Juliusz Chroboczek To: Dirk-Willem van Gulik In-Reply-To: References: <87o7cmhole.wl-jch@irif.fr> <87h6iehcng.wl-jch@irif.fr> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/29.1 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Thu, 22 Feb 2024 23:38:58 +0100 (CET) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Thu, 22 Feb 2024 23:38:57 +0100 (CET) X-Miltered: at korolev with ID 65D7CD01.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-Miltered: at potemkin with ID 65D7CD00.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 65D7CD01.000 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/ X-j-chkmail-Enveloppe: 65D7CD00.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 65D7CD01.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Score: MSGID : 65D7CD00.000 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham X-j-chkmail-Status: Ham Message-ID-Hash: KKEMVHJLFRFOSBMFHZOFVWPOILQWYKLX X-Message-ID-Hash: KKEMVHJLFRFOSBMFHZOFVWPOILQWYKLX X-MailFrom: jch@irif.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.9 Precedence: list Subject: [Galene] Re: udp-port range and subsequent "turn" use of ports outside that range List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hi Dirk, Sorry for the delay. > 1) I had not expected to see OUTSIDEIP_2 in this list at all. That's ICE, the part of WebRTC that does NAT and firewall avoidance. It's going to try all of your addresses, that's perfectly normal. If it is a problem for you, I may add an option to filter out a set of addresses. > 2) I had not expected source UDP ports such as 11247 in below list. This is communication between Galene and the TURN server. Even though Galene has a built-in TURN server, it still communicates with the TURN server using UDP. Outgoing UDP traffic to the TURN server is not controlled by udp-range, only normal RTP traffic is. > With the attempts to reach 10.11.0.240 a case where perhaps some RFC1918 optimisation can be applied. That's ICE again. -- Juliusz