When I travel on business, I like to set up video chat to talk to my family at home. The problem is, home is behind a NAT firewall (a PIX to be exact). I have limited IP addresses and cannot spare one to statically assign to an endpoint inside my network for this purpose. Regardless, I'd like to be able to connect to any node in my network, depending on who I want to call. I never know what I'm going to be behind, but it's usually also some sort of NAT firewall that I do not control. I've tried ekiga (nee Gnome Meeting), and a few others with almost no luck. I thought something like skype (which doesn't support video under linux) or an instant messenger that uses an intermediary server (Yahoo, ICQ, etc.) to get around the NAT issues but none of those support video either. I've tried VPN to my PIX, but as I can't control where I'm coming from, I haven't been able to configure a reliable VPN client for linux.
In short, when trying to video conference under linux, I'm successful around 5% of the time. It's almost always easier to boot into Windows and do it from there. What do you use for mobile video chat and how have you set it up?
On Thursday 01 February 2007 15:05, Frank Pineau wrote:
When I travel on business, I like to set up video chat to talk to my family at home. The problem is, home is behind a NAT firewall (a PIX to be exact). I have limited IP addresses and cannot spare one to statically assign to an endpoint inside my network for this purpose. Regardless, I'd like to be able to connect to any node in my network, depending on who I want to call. I never know what I'm going to be behind, but it's usually also some sort of NAT firewall that I do not control. I've tried ekiga (nee Gnome Meeting), and a few others with almost no luck. I thought something like skype (which doesn't support video under linux) or an instant messenger that uses an intermediary server (Yahoo, ICQ, etc.) to get around the NAT issues but none of those support video either. I've tried VPN to my PIX, but as I can't control where I'm coming from, I haven't been able to configure a reliable VPN client for linux.
Much depends on your router. The NetGear that I bought recently does allow a service to be made available to more than one end-point box. I believe that it's what is called a 'stateful inspection firewall'. I've not tried it out, so I don't know whether the initialisation would have to be from the home box, though. Without that, it would be necessary to change port-forwarding settings each time a new user was required - obviously not a good idea for your situation.
aMSN is quite good in serving video, but there is no voice chat yet - it's in the pipeline. You see the other person, but have to type your messages. I've used it with a windows msn user at the other end, without any problems, too.
In short, when trying to video conference under linux, I'm successful around 5% of the time. It's almost always easier to boot into Windows and do it from there. What do you use for mobile video chat and how have you set it up?
I used to use GnomeMeeting with h.323 and that worked very well. I think ekiga's move to sip, while good in the long run, introduces more complications. Sadly, I don't have a friend using ekiga that I can test it with, but I believe the people do get very good results.
Things are far from perfect, but improving all the time.
Anne
On 2/1/07, Frank Pineau frank@pineaus.com wrote:
When I travel on business, I like to set up video chat to talk to my family at home. The problem is, home is behind a NAT firewall (a PIX to be exact). I have limited IP addresses and cannot spare one to statically assign to an endpoint inside my network for this purpose. Regardless, I'd like to be able to connect to any node in my network, depending on who I want to call. I never know what I'm going to be behind, but it's usually also some sort of NAT firewall that I do not control. I've tried ekiga (nee Gnome Meeting), and a few others with almost no luck. I thought something like skype (which doesn't support video under linux) or an instant messenger that uses an intermediary server (Yahoo, ICQ, etc.) to get around the NAT issues but none of those support video either. I've tried VPN to my PIX, but as I can't control where I'm coming from, I haven't been able to configure a reliable VPN client for linux.
In short, when trying to video conference under linux, I'm successful around 5% of the time. It's almost always easier to boot into Windows and do it from there. What do you use for mobile video chat and how have you set it up?
I can't say that I have done anything with video yet but I was under the impression that the STUN settings in Ekiga/Gizmo/etc. will help you out here. Make sure those are enabled and it should allow you to traverse NAT firewalls without any further intervention on your part. It works for the audio stream so I am not sure why it wouldn't work for the video stream also.
Another trick I use something is to set up ssh tunnels for the ports I need to get through a firewall. That way I only need to have port 22 forwarded through the firewall and I can get any number of ports through after that. It only works with protocols that have a fixed number of non-dynamic ports though like VNC.
/Mike
On Thursday 01 February 2007 16:31, Michael Wiktowy wrote:
On 2/1/07, Frank Pineau frank@pineaus.com wrote:
When I travel on business, I like to set up video chat to talk to my family at home. The problem is, home is behind a NAT firewall (a PIX to be exact). I have limited IP addresses and cannot spare one to statically assign to an endpoint inside my network for this purpose. Regardless, I'd like to be able to connect to any node in my network, depending on who I want to call. I never know what I'm going to be behind, but it's usually also some sort of NAT firewall that I do not control. I've tried ekiga (nee Gnome Meeting), and a few others with almost no luck. I thought something like skype (which doesn't support video under linux) or an instant messenger that uses an intermediary server (Yahoo, ICQ, etc.) to get around the NAT issues but none of those support video either. I've tried VPN to my PIX, but as I can't control where I'm coming from, I haven't been able to configure a reliable VPN client for linux.
In short, when trying to video conference under linux, I'm successful around 5% of the time. It's almost always easier to boot into Windows and do it from there. What do you use for mobile video chat and how have you set it up?
I can't say that I have done anything with video yet but I was under the impression that the STUN settings in Ekiga/Gizmo/etc. will help you out here. Make sure those are enabled and it should allow you to traverse NAT firewalls without any further intervention on your part. It works for the audio stream so I am not sure why it wouldn't work for the video stream also.
I believe I found this in the FAQ:
6.1. How can I easily use Ekiga behind a NAT/PAT gateway? Ekiga has extensive and improved NAT support thanks to STUN. In 99% of the cases, you do not have any configuration to do, and you can even be reachable from the outside without any port forwarding. SIP only: The following explanation is valid only for SIP. Please read below for H.323. The first thing to do is to run the configuration assistant NAT test: If it reports "Cone NAT" or "Port Restricted NAT" you just have to answer "yes" to the dialog asking you to activate STUN support. You do not have to do anything else. You will be reachable from the outside.
If it reports "Symmetric NAT" and that you are using GNU/Linux, please use the script (or a variation of it) given below. You can run the NAT test again, you will notice that your NAT will behave as a "Cone NAT" or "Port Restricted NAT" as in case 1). That script is safe, it does not forward any port and the default POLICY is to DROP everything.
If it reports "Symmetric NAT" and that you are not using GNU/Linux, then you are not part of the 99% of lucky users. You will have to forward UDP ports 5000 to 5100 to your internal machine. Run the test again, it should report "Cone NAT" or "Port Restricted NAT" and it will work.
Another trick I use something is to set up ssh tunnels for the ports I need to get through a firewall. That way I only need to have port 22 forwarded through the firewall and I can get any number of ports through after that. It only works with protocols that have a fixed number of non-dynamic ports though like VNC.
HTH
Anne
On 2/1/07, Anne Wilson cannewilson@tiscali.co.uk wrote:
I believe I found this in the FAQ:
6.1. How can I easily use Ekiga behind a NAT/PAT gateway? Ekiga has extensive and improved NAT support thanks to STUN. In 99% of the cases, you do not have any configuration to do, and you can even be reachable from the outside without any port forwarding. SIP only: The following explanation is valid only for SIP. Please read below for H.323. The first thing to do is to run the configuration assistant NAT test: If it reports "Cone NAT" or "Port Restricted NAT" you just have to answer "yes" to the dialog asking you to activate STUN support. You do not have to do anything else. You will be reachable from the outside.
If it reports "Symmetric NAT" and that you are using GNU/Linux, please use the script (or a variation of it) given below. You can run the NAT test again, you will notice that your NAT will behave as a "Cone NAT" or "Port Restricted NAT" as in case 1). That script is safe, it does not forward any port and the default POLICY is to DROP everything.
If it reports "Symmetric NAT" and that you are not using GNU/Linux, then you are not part of the 99% of lucky users. You will have to forward UDP ports 5000 to 5100 to your internal machine. Run the test again, it should report "Cone NAT" or "Port Restricted NAT" and it will work.
Ahhh ... good info. Here is a link for reference and context: http://www.gnomemeeting.org/index.php?rub=3&pos=0&faqpage=x161.html#...
For those who may not know, SIP is for the audio stream and H.323 is for the video stream.
/Mike
On Thursday 01 February 2007 18:55, Michael Wiktowy wrote:
For those who may not know, SIP is for the audio stream and H.323 is for the video stream.
I'm no expert here, but that doesn't make sense to me. GnomeMeeting ran with H.323 before SIP had been brought into the package. SIP and H.323 are quite separate protocols, as far as I'm aware. SIP began to be important with the advent of VOIP, which was why it had to become part of ekiga. As it is, you can use either protocol with ekiga.
Anne
On 2/1/07, Anne Wilson cannewilson@tiscali.co.uk wrote:
On Thursday 01 February 2007 18:55, Michael Wiktowy wrote:
For those who may not know, SIP is for the audio stream and H.323 is for the video stream.
I'm no expert here, but that doesn't make sense to me. GnomeMeeting ran with H.323 before SIP had been brought into the package. SIP and H.323 are quite separate protocols, as far as I'm aware. SIP began to be important with the advent of VOIP, which was why it had to become part of ekiga. As it is, you can use either protocol with ekiga.
I am no expert either. I could be very wrong but I was just under the impression that Ekiga still did the video portion with H.323 and did audio with SIP if requested. It is a confusing mish-mash of clients out there and I don't know of any pure SIP client that handles video even if SIP can handle a video stream. There seems to be a reluctance to do everything with SIP. Even Gizmo uses SIP for voice and Jabber/XMPP for text when text can be done with SIP/SIMPLE.
Maybe XMPP promises to unify audio/video/text but that has yet to happen.
On Thursday 01 February 2007 19:43, Michael Wiktowy wrote:
On 2/1/07, Anne Wilson cannewilson@tiscali.co.uk wrote:
On Thursday 01 February 2007 18:55, Michael Wiktowy wrote:
For those who may not know, SIP is for the audio stream and H.323 is for the video stream.
I'm no expert here, but that doesn't make sense to me. GnomeMeeting ran with H.323 before SIP had been brought into the package. SIP and H.323 are quite separate protocols, as far as I'm aware. SIP began to be important with the advent of VOIP, which was why it had to become part of ekiga. As it is, you can use either protocol with ekiga.
I am no expert either. I could be very wrong but I was just under the impression that Ekiga still did the video portion with H.323 and did audio with SIP if requested. It is a confusing mish-mash of clients out there and I don't know of any pure SIP client that handles video even if SIP can handle a video stream. There seems to be a reluctance to do everything with SIP. Even Gizmo uses SIP for voice and Jabber/XMPP for text when text can be done with SIP/SIMPLE.
Maybe XMPP promises to unify audio/video/text but that has yet to happen.
Ekiga does audio and video with SIP
Anne
On Thu, 2007-02-01 at 19:55 +0000, Anne Wilson wrote:
On Thursday 01 February 2007 19:43, Michael Wiktowy wrote:
On 2/1/07, Anne Wilson cannewilson@tiscali.co.uk wrote:
On Thursday 01 February 2007 18:55, Michael Wiktowy wrote:
For those who may not know, SIP is for the audio stream and H.323 is for the video stream.
I'm no expert here, but that doesn't make sense to me. GnomeMeeting ran with H.323 before SIP had been brought into the package. SIP and H.323 are quite separate protocols, as far as I'm aware. SIP began to be important with the advent of VOIP, which was why it had to become part of ekiga. As it is, you can use either protocol with ekiga.
I am no expert either. I could be very wrong but I was just under the impression that Ekiga still did the video portion with H.323 and did audio with SIP if requested. It is a confusing mish-mash of clients out there and I don't know of any pure SIP client that handles video even if SIP can handle a video stream. There seems to be a reluctance to do everything with SIP. Even Gizmo uses SIP for voice and Jabber/XMPP for text when text can be done with SIP/SIMPLE.
Maybe XMPP promises to unify audio/video/text but that has yet to happen.
Ekiga does audio and video with SIP
Annie, email me with how I can test connect to you. Thanx! Ric
-
Anne Wilson -
Frank Pineau -
Michael Wiktowy -
Ric Moore