0

I want to make use of a webservice that offers WebRTC for inbound calls. I log in onto the service with my browser, which redirects the call to my headphone. However, I need to bypass the firewall over here. This firewall only allows outbound traffic on 80 and 443.

Therefore, I figured out to use a proxy, namely a Socks5 tunnel (Putty --> SSH tunnel with dynamic port forwarding), to enable WebRTC. This does not work. I guess this is because WebRTC uses UDP, or that the inbound traffic on the remote end of the tunnel is not forwarded to my local pc.

So, my question is the following:

  • How can I set up a tunnel that supports WebRTC? My preference would be to use a standard SSH tunnel, because that's what I already have.
  • However, when that is not possible, I would love to know other possibilities to bypass the restrictive firewall to enable WebRTC.

Thanks

spectre
  • 31
  • 1
  • 5

1 Answers1

0

You could use a TURN server Secure (TURNS) hosted on the Internet. It will relay your WebRTC flows over a TLS layer. Your server has to listen on port 443.

Antonin M.
  • 1,744
  • 1
  • 18
  • 29
  • HOW to use webrtc for an ssh session? – Zibri Jan 25 '18 at 13:11
  • Here the issue is about WebRTC flows which are blocked by the FW/Proxy. SSH might be a solution, but IMHO it sounds complex. Within WebRTC, this issue could be solved by using a TURN server over TLS (on port 443). The proxy will "identify" those flows as HTTPS, even if STUN over TLS flows will be exchanged – Antonin M. Jan 25 '18 at 13:51
  • Care to elaborate? Imagine this situation: I have a turn server setup also as relay. How can I attach an sshd daemon to the relayed port of a turn server? – Zibri Jan 26 '18 at 14:33
  • Don't use SSH :) on your webrtc client, in the iceservers configuration (https://stackoverflow.com/a/23307588/1960671), you will just need to add a turns (turn over tls) server entry with its credentials. `turns:myturnserver:443` Automatically, the browser will bypass the proxy/FW by creating a TLS "tunnel" between the browser and the turnserver. I've tested this a couple of years ago with Chrome. I hope that it still works. – Antonin M. Feb 05 '18 at 10:48
  • What can I do if a TURN server is no option? See also my question here: https://stackoverflow.com/q/53590509/1031916 – heinob Dec 03 '18 at 10:07