How does WebRTC work with SmarterMail 17.x?
Question asked by Stefan Mössner - 3/22/2020 at 3:19 PM
Hello all,

I'm a user of SmarterMail 17.x Free and want to use the team workspace for video conferencing. But this doesn't work every time or not with all features and I think this is related to my network and firewall implementation.

What I want to do is:

  1. Connecting with an internal client to the SmarterMail server by using Google Chrome. Because of the need of SSL for getting the video and audio to work I have to connect to the external address of my server. The server is located in the same internal network as the client.
  2. Connecting from a second client to the SmarterMail server. This could be a mobile phone with Android 10 connected to LTE using Google Chrome.
This is my network design:

  1. I only have one public IP address. So this address is the same for my internal client connecting to the internet and for my server accessed from the internet.
  2. There is a Sophos UTM 9.7 firewall which terminates the SSL connection and forwards decrypted traffic to the server. The Sophos UTM works as WAF (web application firewall) for the server. The WAF is configured to passthrough websocket traffic to the server. 
  3. The firewall itsself is connected to a DSL router which is connected to the internet. The Sophos UTM is an exposed host to the router to get all external traffic redirected to the firewall.
  4. The Sophos UTM is a transparent proxy with SSL interception for the internal clients connecting to the internet. For accessing the external address of my server there's a skip rule for the transparent proxy.
What's working and what's not working:

  1. Accessing the Team workspace is possible.
  2. Chat is working.
  3. Muting video and/or audio device is possible and this could be seen on the other client.
  4. Two internal Windows based clients can do video conferencing without issues.
  5. With Android 10 connected to internal WLAN I got video up running but there's no audio. And this isn't related to hardware issues. With Android 9 there are no issues with audio.
  6. Using Windows based clients internal and external needs to open all TCP and UDP ports from internal to external network for a working video conference.
  7. Using Android 10 from external there's no video and no audio.
Sometimes I saw outgoing UDP traffic from the internal client connecting to an external STUN/TURN Server and the external client tried to connect to the firewall by UDP ports. But opening these ports didn't help. I think the Sophos UTM doesn't know where to redirect these connections. For today I have no more idea how to get the video conference working with all the devices. For now it's working accidentally. So this isn't reliable.

To get WebRTC working I need some more information:

  1. Where is the signaling server for WebRTC? Is it the SmarterMail server?
  2. Is there a STUN/TURN server for relaying the UDP traffic?
  3. Which TCP and UDP ports are used by the WebRTC implementation of SmarterMail?
  4. Is there a detailed technical documentation of the WebRTC implementation in SmarterMail which helps to get the video conference working?
Hopefully you can help. Any ideas are welcome.

Thank You.

9 Replies

Reply to Thread
Christopher Hiatt Replied
I hope you get a solution.

I've been trying for two months. Crickets......

Stefan Mössner Replied
So, I'm not alone with this issue. This is good to know because at first I wasn't sure if it's an issue regarding my infrastructure. I didn't see your similar issue.

Today I did some further investigation using wireshark: When trying to connect to an external system the connection will use STUN server from Google to handle the connection parameters. This is the normal way if there's no possibility to connect directly to the other system without NAT etc. But then I don't see any UDP packets going to the external client. And I don't know what the external system is doing. Is it connecting to the same STUN server? And is it then trying to connect to the internal server directly via UDP? The packet capture of my Android phone isn't working as I expected.

Maybe there's a need to have a relay server to passthrough the firewall limitations regarding the requirements for getting WebRTC to work.
Stefan Mössner Replied
Interesting: Yesterday we tested videoconferencing with a Android smartphone connected to the internal network and a Windows system outside. There were no issues with using the videoconference. Actually I only opened all outgoing UDP instead of all TCP and UDP ports.

But it doesn't help to solve the issues I found and documented at start of this thread. The situation is more confusing now...
Christopher Hiatt Replied
Put the Android in airplane mode then turn on the wifi making sure it can't bypass your firewall on cellular data.
Stefan Mössner Replied
Putting the Android 10 in airplane mode then turning on the wifi doesnt solve the issue with having video but no audio.

Yesterday I found out that WebRTC (with 3CX webmeeting) doesn't like HTTP and HTTPs proxies. Only bypassing the SSL intercept is not enough. You have to deactivate all proxy features. This is easy because you can set an exception rule with a regex for *

But with SmarterMail it seems to have another implementation of WebRTC which causes to the testing results I documented at start of this thread. Conferencing between 2 Windows based systems (1 inside and 1 outside of my network) and between an Android 9 (inside of my network) and a Windows system (outside of my network) works although there's no proxy exception set. You need only to open all outgoing UDP ports because WebRTC opens a direct connection to the conferencing partner for transferring the video and audio data.

For the Android devices the transparent proxy is bypassed because of certificate issues. For Windows systems the HTTP/HTTPS proxy is active.
Chris Le Replied
Try opening Firewall Ports:
3478 UDP & TCP (STUN and TURN)
5349 UDP & TCP (STUN and TURN over TLS)
Stefan Mössner Replied
Incoming or outgoing? I opened all outgoing UDP ports because there are used dynamic UDP high ports when WebRTC is used. And for me it's not clear why it's working with Windows systems connected from outside but not with the Android 10. And with an internal connected Android 10 device using Chrome browser I see video but I have no audio. An internal connected Android 9 doesn't have issues. Both devices have the same firewall and proxy policies on my Sophos UTM.
Chris Le Replied
Stefan Mössner Replied
I don't see Incoming connections with these ports from my Android 10 using LTE.

Reply to Thread