Questions:
-
Does the Jami client make use of a STUN server ? Maybe just the mobile phone apps? I believe because Jami uses opendht bootstrap, Jami does not need to use a STUN server, but maybe it still does? If it does not, then would it be safe to specify “no-stun” for the TURN server’s configuration? ( –no-stun Run as TURN server only, all STUN requests will be ignored.)
-
If Jami does use STUN server then is it good to set " –secure-stun Require authentication of the STUN Binding request" ? As I would expect the TURN server settings in the Jami client is what Jami uses for a STUN server and user, password, and realm are specified, so I would expect any STUN requests would also use user and password. (Is realm relevant for STUN?)
I tested with Trickle ICE and the STUN test did not succeed when secure-stun was set, even if I specified user and password. -
when I did a nslookup on turn.jami.net, I noticed two IP addresses. If I use two IP addresses on my TURN server, it removes the log message “WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided” but is there any advantage for Jami if the STUN/TURN server uses two IP addresses? Does using two IP addresses improve the functionality of STUN for Jami?