Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
7 Views

Deploy STUN server in Demilitarized Zone(DMZ) area?

Jump to solution

Hello Team,

As I noticed, application (client side) is not interacting and not dealing with STUN/TURN server directly. webrtc_agent is interacting with STUN/TURN server in the framework. So, I think that we no need to assign public IP address to STUN/TURN server. Can I deploy STUN/TURN server in Demilitarized Zone(DMZ) area with respect to Intel CS for WebRTC? Do I need to must assign public IP address to STUN/TURN server?

Thank you.

Best Regards,
Chandramouli.

Tags (2)
0 Kudos

Accepted Solutions
Highlighted
Employee
7 Views

Hi, Chandramouli

Jump to solution

Hi, Chandramouli

MCU server only support STUN server, clients can support both STUN and TURN server. We don't restrict where STUN/TURN server put, but it should have public IP to act for NAT traversal capability.

 

 

View solution in original post

0 Kudos
8 Replies
Highlighted
Beginner
7 Views

Hello Team,

Jump to solution

Hello Team,

I tried giving the private IP address of STUN/TURN server in webrtc_agent/agent.toml file and working fine. Is it the correct approach to hide the STUN/TURN server from the public?

Thank you.

Best Regards,
Chandramouli.

0 Kudos
Highlighted
Employee
7 Views

In Intel CS for WebRTC, STUN

Jump to solution

In Intel CS for WebRTC, STUN/TURN server is supposed to help clients to build the peerconnection, not for the server(webrtc-agent).

0 Kudos
Highlighted
Beginner
7 Views

Hello Xiande,

Jump to solution

Hello Xiande,

Thank you for your reply. Do you mean, If we use MCU/SFU, we no need to use/depend on STUN/TURN server? Please clarify. For your information, we deployed our MCU server in AWS.

Thank you.

Best Regards,
Chandramouli.

0 Kudos
Highlighted
Beginner
7 Views

Hello Xiande,

Jump to solution

Hello Xiande,

I tried MCU with out using STUN/TURN server and didn't work. So, we need STUN/TURN server to work with MCU. But, my question is STUN/TURN server requires public IP address or not? If not required, I will put STUN/TURN server in Demilitarized Zone(DMZ).

Any update would be appreciated. Thank you.

Best Regards,
Chandramouli.

0 Kudos
Highlighted
Employee
7 Views

It depends on where your

Jump to solution

It depends on where your client devices locate, If clients outside needs to access to conference behind DMZ, then your STUN/TURN server needs to be deployed in DMZ.

 

0 Kudos
Highlighted
Beginner
7 Views

Hello Xiande,

Jump to solution

Hello Xiande,

Thanks for your reply. I believe that there is some communication gap in explaining my query. Obviously, end users (clients) may or may not behind the NAT and can assume that end users (client) connects from outside of the network. I am just simply following the "Security Recommendations" in official Conference server documentation. Please find my below queries:

1) According to the diagram in the documentation, where I can put our STUN/TURN server? Do you want me to deploy along with RabbitMQ, MongoDB servers OR along with Manager and worker servers?

2) If you want me to deploy STUN/TURN server along with Manager and worker servers, Do I need to must assign the public IP address to STUN/TURN server? Because, As I explained in my first post, I had given private IP address of the STUN/TURN server in webrtc_agent/agent.toml file and worked successfully. Please clarify.

Thank you.

Best Regards,
Chandramouli.

0 Kudos
Highlighted
Employee
8 Views

Hi, Chandramouli

Jump to solution

Hi, Chandramouli

MCU server only support STUN server, clients can support both STUN and TURN server. We don't restrict where STUN/TURN server put, but it should have public IP to act for NAT traversal capability.

 

 

View solution in original post

0 Kudos
Highlighted
Beginner
7 Views

Hello Lei Zhai,

Jump to solution

Hello Lei Zhai,

Thank you for your reply and information.

Best Regards,
Chandramouli.

0 Kudos