FreeSWITCH: Unable to connect from browser(WebRTC) behind enterprise firewall - webrtc

I am running a FreeSWITCH server on a public domain. I am able to make call from my browser(WebRTC with sipjs) to the FreeSWITCH server from a direct Internet connection.
I am testing it on a Firewall that allows only TCP on port 443. I am running a separate TURN server. I am trying to connect from my browser by specifying TURN server with credentials. I am unable to make it work. PeerConnection is getting closed.
FreeSWTICH server is NOT behind Firewall
Client(browser) is behind Firewall
TURN server is available
Is there any configuration I have to do either in FreeSWITCH server or in the client end(javascript) to make it work?

You need to open UDP ports, cause signalling will go via WSS and media via UDP ports:
mod_sofia to serve SIP signaling via WSS and media via SRTP/DTLS.
https://www.packtpub.com/books/content/configuring-freeswitch-webrtc

Yes, you can use a TURN server. You will have to configure it to listen on port 443 with TCP, because by default a TURN server listens on port 3478.
However, if the Firewall checks for a TLS connection (i.e. for HTTPS), you will have to configure the TURN server as a TURNS (TURN over TLS).

Related

configure my TURN server for client whose firewall blocks UDP traffic

I have a client who sits behind a firewall that blocks UDP traffic and only allows port 443 for tcp. I need to configure my turn server so that it can bypass the firewall and a connection between server and client can be established. I tried setting up coturn server but it fails to overcome the issue. I think there is some issue with the turn server configuration that I'm using. Need help for this issue.
Turn server configuration that I'm using =>
listening-port=80
tls-listening-port=443
user=user:pass
listening-ip=<private_ip_ec2>
relay-ip=<private_ip_ec2>
external-ip=<public_ip_ec2>/<private_ip_ec2>
#enable verbose logging
verbose
realm=domain.com
server-name=a.domain.com
fingerprint
lt-cred-mech
#use real-valid certificate/privatekey files
cert=/etc/ssl/certificate.pem
pkey=/etc/ssl/private.key
log-file=/var/log/turnserver/turn.log
no-stdout-log
`
Need help in configuring turn server for the above issue.

Telnet inner-workings: Is telnet server necessary if client connects to an HTTP server?

One way to quickly test the first-order functionality of a web server is to use the application layer tool Telnet, e.g. How to send an HTTP request using Telnet.
This is the usage I am most familiar with, but today I learned there is such a thing as a Telnet server: https://askubuntu.com/questions/668725/how-can-the-telnet-service-on-ubuntu-server-14-04-lts-be-enabled, which listens on the well-known port 23 and can be used (though not usually, due to its lack of security) as a remote shell.
I am trying to understand if a Telnet server is necessary if I use it to connect to an HTTP server on port 80, e.g.,
telnet 192.168.0.5 80
Does the Telnet client first connect to the telnet server on port 23, then somehow the server's Telnet process then establish a connection to port 80 on localhost? Or does the client directly connect to the HTTP server (or some other TCP/IP server, for that matter) on 80, without need the Telnet server to be present at all?
I could not immediately find a piece of Telnet documentation that explains how Telnet works in this regard; their scarcity might be attributed to Telnet's lack of security...

Multiple application under SSL (TCP 443)

I implemented a server with two deploy of different services(Apache and OpenFire).
And I want to implement https for my server, so my question is.
How to implement the SSL certificate on my server with two different application working with different ports?
I was looking about how to create a NAT network but I'm not sure if this is the best way to do it.
Apache is an HTTP Server and for SSL by default HTTP Servers use 443 port.
However, Openfire in an XMPP Server and you can enable TLS in it which will by default use 5222 port. And for Openfire's admin application, HTTPS will be on 9091 port by default.
So you can have both servers on same machine with SSL enabled.

DNS through socks proxy. How do I change windows settings for domain resolution.

I am looking for a program to reroute windows domain resolution lookup through a socks proxy capable with many internet browsers and internet proxies.
So far in Control Panel, Local Area Connection 1, TCP/IP Properties, I use the following DNS server addresses, preferred DNS Server, I put 127.0.0.1 and use the default in-built port request 53.
I am reading that it is possible to forward this. I can not find a program to forward it through socks 4/5. I think this is possible because Socks supports UDP.
Has anyone come up with the answer to a solution about a UDP-to-socks forwarding program capable and adapted for socks and windows DNS.
It's really quite easy to configure.
You could write your own server and set the server to listen to incoming calls to port 53 or use this program
http://dns2socks.sourceforge.net
here my sample configuration for a socks server running on 1050 and TCP / IP settings on 127.0.0.1
DNS2SOCKS.exe /la:socks.log 127.0.0.1:1050 8.8.8.8:53 127.0.0.1:53
For such a program you can have a look at dnsadblock. Their free daemon/cli app opens up a proxy server that can be configured to use a proxy/socks to communicate with the upstream server. It works since the remote endpoint listens on https which makes DOH (dns over https) possible. Config options/install instructions: https://knowledgebase.dnsadblock.com/how-to-install-and-configure-our-software/

SQL Server Ports

We recently installed a sonic firewall on our network. We have a SQL 2005 express server that's configured to listen on dynamic ports. In its configuration manager the dynamic port number is set as 1067 with its default port still 1433.
From my understanding we need to have the following ports open for it to work:
Tcp 1433
Tcp 1067
Udp 1434
Problem is we still cannot connect to the server from outside. When we switch off/disconnect the firewall we can can access the server.
This tells me that the SQL server's setup is fine and the that the problem must be some port we are missing on the firewall.
Any ideas?
Issue netstat -an from an MS-DOS command and try to find what are all ports opend as given in the artilce at
http://support.microsoft.com/kb/287932
and configuring SQL 2005 to allow connections at
http://support.microsoft.com/kb/914277
these may help according those articles:
Client-Server Communication Over a Firewall
Setting up a client to communicate to a SQL Server over a firewall is a simple three-step process:
Make SQL Server listen on a specific port on TCP (the default is 1433) or RPC (the default is a random port greater than 1023). You have to cycle the server after this change.
Configure your firewall server to allow traffic on the specific .
Make the client (on the other side of firewall) use the appropriate connection string to talk to the on the server. You can also use the Client Configuration Utility to add an "Advanced" entry with the appropriate Net-Library and connection string.