Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Video Conferencing -- recommendations?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
Pistos
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 175
Location: Canada

PostPosted: Mon Jun 18, 2018 4:05 pm    Post subject: Video Conferencing -- recommendations? Reply with quote

I'd like to have fully self-hosted video conferencing for private use among a small group of people. Free/Libre is a must, and, as much as possible, I do not want to involve any middlemen external servers or services. I don't know a lot about the technical details, but, for example, I believe with webRTC, you need some kind of TURN or STUN server as well, and a lot of software just relies on third-party servers for this. I don't want that, I want to run all the services and software necessary for the whole round trip of a video conference call myself, on my own server.

I have actually successfully installed Rocket Chat using a Portage overlay, but was dismayed to find that the video conferencing part of Rocket Chat merely delegates that functionality to meet.jit.si . I've seen jitsi packages in another overlay, but it seems it is no longer maintained (no update in 3 years). Has anyone successfully installed a fully-functional jitsi setup in Gentoo?

Or are there other packages I could look into for video chat?
Back to top
View user's profile Send private message
bunder
Bodhisattva
Bodhisattva


Joined: 10 Apr 2004
Posts: 5934

PostPosted: Mon Jun 18, 2018 10:03 pm    Post subject: Reply with quote

there is discord, its a little gamer oriented but it has video and voice chat...

cisco webex will apparently work on linux, if you need something super "enterprise-y".
_________________
Neddyseagoon wrote:
The problem with leaving is that you can only do it once and it reduces your influence.

banned from #gentoo since sept 2017
Back to top
View user's profile Send private message
Pistos
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 175
Location: Canada

PostPosted: Tue Jun 19, 2018 2:15 am    Post subject: Reply with quote

Discord doesn't seem to be open source and installable.

I'm going to try manually installing Jitsi.
Back to top
View user's profile Send private message
steveL
Watchman
Watchman


Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery

PostPosted: Tue Jun 19, 2018 10:23 am    Post subject: Re: Video Conferencing -- recommendations? Reply with quote

Pistos wrote:
I want to run all the services and software necessary for the whole round trip of a video conference call myself, on my own server.
I'd take a look at Asterisk, which I haven't reviewed since 2007, and appears to have moved on wrt video-support.
The homepage has a link to a "presentation" on "multi-party video-conferencing" in asterisk-15, but I didn't click-through.

Found this (looks official) with a web-search on: asterisk video-conferencing.

It might seem a bit excessive, but the project has been around since 1999 running on commodity PC hardware and Linux, so worth a look.

There's an O'Reilly book that is pretty good, but like I said, my edition is from 2007.
Back to top
View user's profile Send private message
Chiitoo
Administrator
Administrator


Joined: 28 Feb 2010
Posts: 2551
Location: Here and Away Again

PostPosted: Tue Jun 19, 2018 2:57 pm    Post subject: ><)))°€ Reply with quote

For peer-to-peer chat, without servers in the middle, there's Tox for example. There are several clients for it, but I'm mainly familiar with qTox myself.

It has not gone through a security audit yet, and has more and/or less issues depending on whom you ask, but it certain works for a lot of things.

I have not tested video chat recently, nor voice chat at all, but I know they are there.
_________________
Kindest of regardses.
Back to top
View user's profile Send private message
steveL
Watchman
Watchman


Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery

PostPosted: Fri Jun 22, 2018 2:19 pm    Post subject: Re: ><)))°€ Reply with quote

Chiitoo wrote:
For peer-to-peer chat, without servers in the middle, there's Tox for example. There are several clients for it, but I'm mainly familiar with qTox myself.
Damn, that looks good.
Thanks for the heads-up. :-)
Back to top
View user's profile Send private message
Pistos
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 175
Location: Canada

PostPosted: Sun Jun 24, 2018 5:43 pm    Post subject: Reply with quote

I tried Tox, on your recommendation. Kind of impressive, because it worked out of the box, interoperating easily between Android and Linux. It is peer-to-peer and decentralized. You do have to hook up to the initial pool/network it seems, but after that, I believe it is peer-to-peer and independent of the network. I'm looking into running a Tox node in order to have a private pool.
Back to top
View user's profile Send private message
steveL
Watchman
Watchman


Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery

PostPosted: Sun Jun 24, 2018 10:50 pm    Post subject: Reply with quote

Pistos wrote:
I tried Tox, on your recommendation. Kind of impressive, because it worked out of the box, interoperating easily between Android and Linux.
What was the quality of the video like?
Quote:
I'm looking into running a Tox node in order to have a private pool.
Cool; do let us know how you get on. I'd love to read a write-up.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1268

PostPosted: Mon Jun 25, 2018 8:47 pm    Post subject: Reply with quote

Maybe nextcloud with talk app ?
Back to top
View user's profile Send private message
Pistos
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 175
Location: Canada

PostPosted: Tue Jul 03, 2018 6:46 pm    Post subject: Reply with quote

steveL: Tox video chat quality was... well there was room for improvement. :) It was choppy compared to pretty much any other videochat solution I've tried (Zoom, Skype, WebRTC, Slack). I was told by the #tox IRC channel to try to turn down the frame rate in the settings, but I haven't tried that yet.

Elleni: Excellent suggestion! I didn't know that existed, but after a bit of time spent installing, I eventually got it going. I did not get full success with it, unfortunately. I am able to almost establish a connection with a remote person, but the most we were able to get was just audio-only with no video. But most of the time, it was neither. I'll keep plugging away at it. There is also an Android app for it, available from F-Droid.

I'll report back if I get any further with anything.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1268

PostPosted: Fri Jul 06, 2018 8:55 pm    Post subject: Reply with quote

Keep trying. Tested it again with two accounts. One logged in with firefox on my gentoo box, one with android app. Maybe you need a stun or turn server as proxy for clients behind a firewall? Btw there is a talk app for iphone users too.

Edit: Wait, I realize, videocalls only works because my cellphone is on wifi and thus on the same network as my gentoo box :D I ll try to setup a turnserver myself to see if I can get video to work through different networks too :twisted:

Edit2: Configured coturn on my nextcloud server and now I can do videocalls even when cellphone is not connected on my home wifi and thus beeing on different network than my gentoo box.

turnserver.conf options enabled:
Code:
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=some password
static-auth-secret=north
realm=cloud.mydomain.com
total-quota=100
stale-nonce
cert=/path/to/my/letsencrypt/fullchain.pem
pkey=/path/to/my/letsencrypt/privkey.pem
cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"
log-file=/var/log/turnserver.log
simple-log
no-loopback-peers
no-multicast-peers
secure-stun


Used this:
https://blog.wirelessmoves.com/2018/06/a-turn-server-for-nextcloud-talk.html
https://blog.netways.de/2017/08/16/setting-up-a-turn-server-for-nextcloud-video-calls/

And opened firewall:

Code:
iptables -A INPUT -p tcp --dport 3478 -j ACCEPT
iptables -A INPUT -p udp --dport 3478 -j ACCEPT
iptables -A INPUT -p tcp --dport 5349 -j ACCEPT
iptables -A INPUT -p udp --dport 5349 -j ACCEPT
iptables -A INPUT -p udp --dport 49152:65535 -j ACCEPT


As having setup coturn anyways, I also use its stun functionality now, just didn't add no-stun option but instead additionally added secure-stun option in turnserver.conf

Nextcloud settings:
Code:
cloud.mydomain.com:3478

To keep things simple, I used the nextcloud hostname for coturn too and thus the same letsencrypt certificate
:D


Last edited by Elleni on Sat Jul 07, 2018 1:23 am; edited 1 time in total
Back to top
View user's profile Send private message
Pistos
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 175
Location: Canada

PostPosted: Sat Jul 07, 2018 1:21 am    Post subject: Reply with quote

@Elleni: Wow, thank you so much for this detailed info! I did about half of what you have written here, so I will try again with these really valuable config examples you've given. I'll let you know how it goes.
Back to top
View user's profile Send private message
Pistos
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 175
Location: Canada

PostPosted: Sat Jul 07, 2018 3:42 am    Post subject: Reply with quote

@Elleni: I got one successful call at first, but after that, nothing, it is still back to black screens on both sides.

I notice that the letsencrypt files are only readable by root, so the turnserver.log keeps saying: 0: WARNING: cannot find certificate file. Did you expose the cert files to non-root?

Previously, I also was able to get one call before things stopped working. This leads me to believe there is some random factor involved here, and I am just coincidentally getting a rare successful call.

I did not try to fiddle with iptables yet, I'm hoping I don't have to do that. I have no special restrictions on this server that I set up, so I don't see why most ports wouldn't just be open.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1268

PostPosted: Sat Jul 07, 2018 11:07 am    Post subject: Reply with quote

Well thats some progress anyhow :)

I did not configure coturn to run on different user or groups so I guess, it is started as root. I did not see any messages regarding certificate in my log, not even in Verbose mode. Access rights to cert files are -rw-r--r-- as they are installed by certbot/letsencrypt.

To ensure it is not an firewall problem, you could temporary stop iptables and see if it works then. On my setup, I also had got black screen when trying to issue a videocall, as I have

Code:
iptables -L
Chain INPUT (policy DROP)
...
...
...


So I had to open mentioned ports on my nextcloud/coturn server in order to let it do its magic.

You could also try if it is working with two clients on the same network. If it does, than it is likely to be a turn problem.
Back to top
View user's profile Send private message
Pistos
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 175
Location: Canada

PostPosted: Sat Jul 07, 2018 2:18 pm    Post subject: Reply with quote

@Elleni:

Yes, the cert files themselves are rw r r but the parent directories all seem to be drwx------ and owned by root:root . Could you confirm that that's the case for you? You can also check the user running the turnserver process with `ps aux | grep turn`. It seems to me a security problem if non-root users can just read the private key?
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1268

PostPosted: Sat Jul 07, 2018 4:25 pm    Post subject: Reply with quote

ps aux | grep turn
Code:
turnser+ 11220  0.0  0.1 643348  8036 ?        Ssl  03:07   0:24 /usr/bin/turnserver -o --pidfile /var/run/turnserver/turnserver.pid
root     20178  0.0  0.0  12720  1100 pts/0    S+   18:18   0:00 grep --colour=auto turn


ls -l /etc/letsencrypt/archive/
Code:
insgesamt 4
drwxr-xr-x 2 root root 4096  4. Jun 03:45 www.mydomain.com


ls -l /etc/letsencrypt/live/www.mydomain.com/
Code:
insgesamt 4
-rw-r--r-- 1 root root 543  7. Jun 2017  README
lrwxrwxrwx 1 root root  41  4. Jun 03:45 cert.pem -> ../../archive/www.mydomain.com/cert8.pem
lrwxrwxrwx 1 root root  42  4. Jun 03:45 chain.pem -> ../../archive/www.mydomain.com/chain8.pem
lrwxrwxrwx 1 root root  46  4. Jun 03:45 fullchain.pem -> ../../archive/www.mydomain.com/fullchain8.pem
lrwxrwxrwx 1 root root  44  4. Jun 03:45 privkey.pem -> ../../archive/www.mydomain.com/privkey8.pem

ls -l /etc/letsencrypt/archive/www.mydomain.com/
Code:

insgesamt 136
-rw-r--r-- 1 root root 2277  7. Jun 2017  cert1.pem
-rw-r--r-- 1 root root 2338  8. Jun 2017  cert2.pem
-rw-r--r-- 1 root root 2378  6. Aug 2017  cert3.pem
-rw-r--r-- 1 root root 2378  6. Okt 2017  cert4.pem
-rw-r--r-- 1 root root 2378  5. Dez 2017  cert5.pem
-rw-r--r-- 1 root root 2378  3. Feb 03:45 cert6.pem
-rw-r--r-- 1 root root 2736  5. Apr 03:45 cert7.pem
-rw-r--r-- 1 root root 2736  4. Jun 03:45 cert8.pem
-rw-r--r-- 1 root root 1647  7. Jun 2017  chain1.pem
-rw-r--r-- 1 root root 1647  8. Jun 2017  chain2.pem
-rw-r--r-- 1 root root 1647  6. Aug 2017  chain3.pem
-rw-r--r-- 1 root root 1647  6. Okt 2017  chain4.pem
-rw-r--r-- 1 root root 1647  5. Dez 2017  chain5.pem
-rw-r--r-- 1 root root 1647  3. Feb 03:45 chain6.pem
-rw-r--r-- 1 root root 1647  5. Apr 03:45 chain7.pem
-rw-r--r-- 1 root root 1647  4. Jun 03:45 chain8.pem
-rw-r--r-- 1 root root 3924  7. Jun 2017  fullchain1.pem
-rw-r--r-- 1 root root 3985  8. Jun 2017  fullchain2.pem
-rw-r--r-- 1 root root 4025  6. Aug 2017  fullchain3.pem
-rw-r--r-- 1 root root 4025  6. Okt 2017  fullchain4.pem
-rw-r--r-- 1 root root 4025  5. Dez 2017  fullchain5.pem
-rw-r--r-- 1 root root 4025  3. Feb 03:45 fullchain6.pem
-rw-r--r-- 1 root root 4383  5. Apr 03:45 fullchain7.pem
-rw-r--r-- 1 root root 4383  4. Jun 03:45 fullchain8.pem
-rw-r--r-- 1 root root 3268  7. Jun 2017  privkey1.pem
-rw-r--r-- 1 root root 3272  8. Jun 2017  privkey2.pem
-rw-r--r-- 1 root root 3272  6. Aug 2017  privkey3.pem
-rw-r--r-- 1 root root 3272  6. Okt 2017  privkey4.pem
-rw-r--r-- 1 root root 3268  5. Dez 2017  privkey5.pem
-rw-r--r-- 1 root root 3272  3. Feb 03:45 privkey6.pem
-rw-r--r-- 1 root root 3272  5. Apr 03:45 privkey7.pem
-rw-r--r-- 1 root root 3272  4. Jun 03:45 privkey8.pem


ls -l /etc/letsencrypt/live/www.mydomain.com/
Code:
insgesamt 4
-rw-r--r-- 1 root root 543  7. Jun 2017  README
lrwxrwxrwx 1 root root  41  4. Jun 03:45 cert.pem -> ../../archive/www.mydomain.com/cert8.pem
lrwxrwxrwx 1 root root  42  4. Jun 03:45 chain.pem -> ../../archive/www.mydomain.com/chain8.pem
lrwxrwxrwx 1 root root  46  4. Jun 03:45 fullchain.pem -> ../../archive/www.mydomain.com/fullchain8.pem
lrwxrwxrwx 1 root root  44  4. Jun 03:45 privkey.pem -> ../../archive/www.mydomain.com/privkey8.pem


Maybe it is (a security issue), but I dont like to fiddle with those file permissions, as they were created from certbot, so I did not touch. Besides that, if someone gets on my machine - even with user rights only, I would consider my system compromised already, so I dont think, I'll change something on the file permissions of those, because I am afraid it could brake automatic certification renewal process of certbot. And my server is more for fun and learning anyway, no production server, so I am not worried too much.

I have no entries about cert at all in turnserver.log so I dont know, if they are actually used. Are you sure, you have no typo in the path as you get warnings in the logfile? Does videocalling work with iptables service temporary stopped on your server? And if not - does it work when both callers are within the same network? Good luck :)
Back to top
View user's profile Send private message
Pistos
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 175
Location: Canada

PostPosted: Sun Jul 08, 2018 5:02 am    Post subject: Reply with quote

I'm not suggesting you change the permissions to make them stricter, I'm questioning whether you made them more loose than the defaults. :) It sounds like you haven't. But I haven't touched the defaults set by certbot, either. My permissions on the descendant dirs and files are just as you have them, rw r r. But the /etc/letsencrypt/archive directory itself is drwx------ .

And you're right, if someone malicious has user-level permissions, that's bad news, however I think of it this way: I run numerous bits of code from third parties. If any one of them has some security problem, and an attacker exploits one of them to begin snooping around the filesystem (or worse), at least I can minimize the "footprint" of potential damage to just whatever is accessible to the user that is running the process that has been exploited.

I haven't tried iptables related stuff yet, I have been busy. But I probably will. I'm sure I have no typos in the cert path in the turnserver config, because when I temporarily expose the cert files in question to non-root, then the warnings go away, and when I put permissions back to what they were, I get the warnings back again.

It does not work when both callers are on the same network, but that's probably because the Nextcloud server is not on the same network as the callers. I am going to have a wide variety of people using this service, so it definitely needs to run properly with TURN and STUN and so on.
Back to top
View user's profile Send private message
Pistos
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 175
Location: Canada

PostPosted: Tue Jul 10, 2018 1:59 am    Post subject: Reply with quote

I got a separate cert for a separate domain, then chmodded things so that only the turnserver user can read it. Now I don't get the warnings in the coturn logs any more. I checked my iptables, and I appear to have no rules at all, with a default policy of ACCEPT, so this is as I expected.

Code:
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


Nevertheless, I am unable to get a successful call going.
Back to top
View user's profile Send private message
Pistos
Apprentice
Apprentice


Joined: 29 Jul 2003
Posts: 175
Location: Canada

PostPosted: Wed Jul 18, 2018 5:17 pm    Post subject: Reply with quote

I did eventually get Nextcloud Talk working, and am settling on this as my chosen solution for the time being.
Back to top
View user's profile Send private message
Elleni
Veteran
Veteran


Joined: 23 May 2006
Posts: 1268

PostPosted: Wed Jul 18, 2018 11:19 pm    Post subject: Reply with quote

Cool, I am happy to hear this. What was the solution finally to get it working ?
Back to top
View user's profile Send private message
potuz
Guru
Guru


Joined: 30 Jan 2010
Posts: 378

PostPosted: Wed Aug 29, 2018 10:42 pm    Post subject: Reply with quote

This is one of the most frustrating topics for me as a linux user. I'm 40 years old and have been a linux user since 1997 and never ever managed to have a good video call while on a trip on an open source native client. I got my hopes up when I saw this thread and set up qtox quickly before a trip. The video quality is horribly bad that it's impossible to hold a conversation. So we end up resorting to using video over WhatsApp on the cellphone which on the same connection (so no bandwith issue) has a flawless quality.

I wish there was any way to have a decent video call on linux without having to resort to Skype/Whatsapp or the likes.
Back to top
View user's profile Send private message
Fitzcarraldo
Advocate
Advocate


Joined: 30 Aug 2008
Posts: 2034
Location: United Kingdom

PostPosted: Fri Aug 31, 2018 10:00 pm    Post subject: Reply with quote

potuz,

I know it's only a WebRTC demonstrator, but have you tried browser-based AppRTC? I find it works quite well for PC-to-PC and PC-to-smartphone video calls.

https://webrtc.org/reference-apps/

Very simple to use. You just open https://appr.tc/ in Firefox or Chrome (possibly other browsers as well these days, as it works for me in Samsung Internet for Android, which I believe is based on Chromium) and you will get an allocated 'room name' consisting of nine digits. SMS or e-mail that room name to the other party then click on JOIN. The other party also opens https://appr.tc/ in a browser and enters the same room name and clicks on JOIN, and away you go.

WebRTC is open-source, and so is AppRTC: https://github.com/webrtc/apprtc


EDIT: Not entirely open-source, but also uses WebRTC, is talky. Similar concept to AppRTC. Supports conference calls with many participants.
_________________
Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC udev elogind & KDE on both.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum