Learn, Execute, Innovate

How to Configure Janus Behind NAT

Written by: Bagus Facsi Aginsa
Published at: 01 Sep 2021

It is very common that we make a service running behind a NAT because lack of Public IP, security reason, and etc. But, service like Janus (communication service) is very sensitive to NAT, they need additional protocol like ICE to help them overcome this problem, hence we need additional configuration in the janus it self.

Prerequisite

  1. Ubuntu 18.04
  2. Janus Installed, you can read this tutorial to help you install janus: How to Install Janus WebRTC Server on Ubuntu 18.04

Sudo Privileges

Before start we make sure that we will have no permission issue on the configuration.

sudo su

Core Janus Configuration

Janus make it easy to configure NAT. First, open the janus core configuration

nano /opt/janus/etc/janus/janus.jcfg

Find nat: keyword, you can find the default configuration inside nat configuration block is like this

nat: {
        #stun_server = "stun.voip.eutelia.it"
        #stun_port = 3478
        nice_debug = false
        #full_trickle = true
        #ice_nomination = "regular"
        #ice_keepalive_conncheck = true
        #ice_lite = true
        #ice_tcp = true

        . . .
}

Uncomment the stun_server, stun_port, and full_trickle directive and set the value. We will use google stun server in this example. You can choose to use your own stun server if you want.

nat: {
        stun_server = "stun.l.google.com"
        stun_port = 19302
        nice_debug = false
        full_trickle = true
        #ice_nomination = "regular"
        #ice_keepalive_conncheck = true
        #ice_lite = true
        #ice_tcp = true

        . . .

Additionally, we need to define the rtp_port_range under media configuration block. You can search media: keyword to find them. This rtp_port_range will also determine the firewall NAT configuration. Firewall must listen in the same port as janus to make the media work. In this example, we will configure it to use port 10000 - 20000.

media: {
        #ipv6 = true
        #ipv6_linklocal = true
        #min_nack_queue = 500
        rtp_port_range = "10000-20000"
        #dtls_mtu = 1200
        #no_media_timer = 1
        #slowlink_threshold = 4
        #twcc_period = 100
        #dtls_timeout = 500

        . . .
}

Restart janus

service janus restart

On the firewall side, we must config destination nat from (firewall-ip):10000-20000/udp to (janus-ip):10000-20000/udp.

Related Tutorials:



Latest Tutorials:



Learn, Execute, Innovate

This website was developed with love by Bagus Facsi Aginsa, Illustration by Pixeltrue from Ouch!, and hosted on Cloudflare Pages. Please read through our Privacy Policy to ensure you that we value your privacy.