Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

True, but the problem you're mentioning is solved, for the most part. STUN/TURN servers serve this purpose, there are open source ones[0][1] and you can can even use public STUN servers[2] (as you might expect free TURN servers aren't really a thing).

Solutions like Jitsi Meet[3], whereby (formerly appear.in)[4] use WebRTC to great success and are fantastic for quick meetings.

WebRTC these days is pretty mature and ready for primetime -- TURN servers are a last resort, but they're a small price to pay for something that might be free (to you the service provider) most of the time, if signaling succeeds.

[0]: https://github.com/jselbie/stunserver

[1]: https://github.com/enobufs/stun

[2]: https://gist.github.com/mondain/b0ec1cf5f60ae726202e

[3]: https://meet.jit.si

[4]: https://whereby.com



According to Tsahi Levent-Levi, some of your biggest customers (corporation wise) are behind firewalls and need TURN.

This “last resort” is about 10% he says


I do a significant amount of work with Hospitals and secure environments (Military, etc). TURN is needed 100% of the time. P2P traffic is not allowed. All IP addresses need to be known and kept static upfront for firewall whitelisting.

This means products which help alleviate WebRTC infrastructure such as AWS Kinesis are not allowed (due to how they allocate turn servers with unknown IP addresses) and a company needs to manage their own infrastructure / TURN servers (which allows you to cherry pick where server locations are (HIPAA, country legal for what is streamed)) or accept Twillio's, or their competitors etc, large IP ranges (and don't have server location flexibility / increased commercial and market growth restrictions).

Whichever route you go down it is quite an undertaking!

P.s. Tsahi Levent-Levi is truly exceptional in this area. I highly recommend reading his blog and training courses: https://bloggeek.me/, https://webrtccourse.com/, AND he runs an amazing testing product https://www.testrtc.com. if you build your own infrastructure testRTC is a must.


If you can't do P2P, you can have an SFU forwarding the call with more features than a "dumb" TURN relay.

And it would just be STUN between each participant and the SFU deployed in the internal network for example.


Nice suggestion, we do this for certain deployments. Amazing what magic you can do in Janus, etc, :)


Why even need STUN, the SFU can join as a WebRTC participant, right? Node.js maybe


STUN is only useful if you're trying to negotiate a P2P connection, which isn't the case when using an SFU. If everything you're doing is going through an SFU then you don't need STUN.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: