RE: SM17 build 7242, video chat in team workspaces
Problem reported by Christopher Hiatt - 1/24/2020 at 3:32 PM
Submitted
Has anyone tried to use video chat in team workspaces across different networks? I setup a new install of SM17 to test everything out and am having an issue with this feature. If users are on the same network everything works fine. But users on separate networks will not connect the video. All other features still work fine.

I looked at the firewall logs on one location and when video starts there are connections created in a reserved IP range between the clients that the firewalls are correctly blocking. Something like 100.115.92.x. 

I can see no special setup instructions for the video chat other than having the site SSL secured which it is so I'm a bit stumped here.



3 Replies

Reply to Thread
0
Christopher Hiatt Replied
I tried this again this morning with mixed results. This seems dependent on the firewall appliance in play and how they treat certain protocol traffic. I'm by no means an expert on any of this so I tried several scenarios to see why it fails sometimes.

It generally works from cell to cell or if users are behind generic, home user type routers with no real filtering or firewall features.

-Cell to cell through TMO works fine.
-Cell to cell between TMO and Verizon works fine.
-Cell to wired internet with one user behind generic Linksys router works fine.
-Wired internet to wired internet with one user behind generic Linksys and the other on generic Netgear works fine.

Where it didn't work.

-Wired internet to wired internet with one user behind generic Linksys and the other behind Ubituiti with DPI and other app security features turned on. If both users are behind same Ubiguiti it works fine but any additional user on the other side of it does not share video.

-Wired internet to cell with one user behind Netgate firewall is no good. Same as above. If both users are behind the Netgate device it works fine. Add a third on the other side of the Netgate and they do not share video.

Doing packet captures during video connections it looks like the actual video protocol is attempting to create connections in a 100.115.92.0/29 space which is reserved under RFC 6890 and should not be found in the public address space. The Ubiquiti and Netgate are properly blocking this traffic as it should not be seen on the WAN. The generic routers from Linksys, Netgear and the others don't seem to care so this traffic passes without issue.

The 100.115.92.0/29 is also trying to send/receive to 192.0.0.4 which is a protocol address that encapsulates IPV4 traffic in IPV6 only networks. I had IPV6 disabled internally but did open it all up all the way through but the problem persists since it is still trying to send/receive from the 100.115.92.0/29 network.

If anyone else can't connect to video, see if you also have blocks on your firewalls from 100.115.92.0/29 or 192.0.0.4

Thanks!

0
Christopher Hiatt Replied
Anyone had a chance to test video chat in team workspace? Trying to see if anyone else is having an issue with video getting blocked between users across a firewall.
1
Dave Feuer Replied
Yeah, it's not working for me either with a client behind a SonicWall.
Opened a ticket. Lets see what they come up with.
-Dave

Reply to Thread