I work for a company that has an environment for people to communicate with customers and up until now we’ve used Skype. With that going away, I am in the process of getting Jami setup for video use going forward. The Windows computers that Jami will be used on are very locked down and restricted, and video calls made with Jami will be one of the few uses that those Windows user accounts are allowed to perform.
Internet usage is restricted by using a proxy (Internet options under Control Panel) and pointing all Internet traffic to itself (127.0.0.1). Then I allow only the specific domains that users have permission to access.
I noticed that if I install Jami with the proxy enabled it seems like it is unable to find users and also update the software. My question is what domains does Jami need to use for full functionality. For instance, I found in the FAQ that to lookup user’s names ns.jami.net is used. Does anyone know what other domains Jami uses by default to function?
In case that helps anyone else, I did notice that if I install and setup Jami with the proxy initially disabled I’m able to find users after the proxy is enabled, but updates don’t work. I’m hoping to head off any potential issues in the future by allowing via the proxy any domain that Jami would potentially use.
Hello, as a distributed peer to peer communication software Jami does not work through a HTTP proxy. Jami connects to peers that can be anywhere on the local network or the Internet. If you have heard of BitTorrent before it is a similar concept. You will NOT be able to use Jami if computers on your network can only access the Internet using only the HTTP (or HTTPS) protocol through a HTTP proxy.
Jami works as a server and gets new ports for each connections (randomly bound). These are the ranges that can be used for each component:
dht: UDP [4000, 8888]
audio: UDP [16384-32766]
video: UDP [49152-65534]
SIP Control: UDP/TCP randomly bound
The proxy you see in advanced Jami settings is a DHT (Distributed Hash Table) proxy, not a HTTP proxy. It allows the proxy to register users’ presence on DHT on their behalf. It is mainly used for mobile devices to improve battery life. However, when you want to call someone else using Jami, your voice and video do not go through DHT proxy servers. Currently these proxy servers are provided by the Jami project:
TCP ports 80 through 95 are used by DHT proxy servers.
HTTPS is used only for https://ns.jami.net which resolves Jami human readable usernames to Jami IDs (long hexadecimal string). It is not sufficient to allow https access to ns.jami.net to communicate with other Jami users.
When a Jami user connects to the network for the first time, it will connect to bootstrap.jami.net (UDP ports 4000 and 8888) as an entry point to the DHT.
When end to end communication is not possible because of firewall issues, Jami can relay voice and video streams through a TURN server. The Jami projects provides TURN servers by default (turn.jami.net) but you can set up your own TURN server.
It is actually possible to use Jami only on a local IP network without any Internet access but this setup does not allow you to communicate with people outside this network: Use Jami on a LAN — Jami documentation