jami-docs

Forked version of Jami documentation, see wrycode.com/jami-docs-demo
git clone git://git.wrycode.com/wrycode/jami-docs.git
Log | Files | Refs

faq.txt (23182B)


      1 FAQ
      2 =====
      3 
      4 This is an exhaustive list of frequently asked questions, including
      5 some technical questions.
      6 
      7 .. contents::
      8    :local:
      9    :depth: 3
     10 
     11 Basics
     12 ------
     13 
     14 What is Jami?
     15 ~~~~~~~~~~~~~
     16 
     17 Read the :doc:`Introduction <introduction>`.
     18 
     19 What makes Jami different from other communication platforms?
     20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     21 
     22 Jami doesn't work like most communication platforms because it is
     23 *distributed*:
     24 
     25 .. image:: ../media/distributed-network-topo.png
     26 
     27 Some of the consequences may seem surprising. For instance, since
     28 accounts are stored on your device, passwords are optional. However,
     29 the most significant practical differences are that you have more
     30 *freedom* and *privacy*.
     31 
     32 TODO: expand on this
     33 
     34 What do the red/green status circles next to avatars mean?
     35 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     36 
     37 On your own account, a red circle means that you aren't connected to
     38 the DHT. You may need to check your connection or restart the app.
     39 
     40 On other contacts, a red circle means that they are not online, and a
     41 green circle means they are online and you should be able to message
     42 them.
     43 
     44 Note that a green circle only means that the contact has announced
     45 their presence on the DHT. It does not indicate a direct connection to
     46 their device. In some cases, a contact may be able to send and receive
     47 messages but cannot make calls or file transfers because of their
     48 firewall.
     49 
     50 
     51 Why is a feature missing on my client?
     52 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     53 
     54 Not every client implements all features; check the list :doc:`here
     55 <all-features-by-client>` to see if your client is missing the
     56 feature.
     57 
     58 You can make feature requests at
     59 https://git.jami.net/.
     60 
     61 Does Jami support read reciepts? Can I turn them on or off?
     62 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     63 
     64 You can enable or disable read receipts on Android. Other platforms
     65 may still be working on this feature. Please see :doc:`All Features by
     66 Client <all-features-by-client>` for the current status.
     67 
     68 Does Jami support typing notifications? Can I turn them on or off?
     69 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     70 
     71 Most of the client support sending and receiving typing
     72 notifications. You can enable/disable them in the general settings.
     73 
     74 Can I share my screen?
     75 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     76 
     77 Yes, on all platforms except for iOS. Search for a dedicated "Share
     78 screen" button while you are in a video call.
     79 
     80 
     81 Can I make group conference calls?
     82 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     83 Yes. You can add Jami contacts to existing calls (audio or video) by
     84 clicking the "Add participant" button.
     85 
     86 Does Jami have group chats?
     87 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     88 
     89 Not yet. Group chats are :ref:`coming soon
     90 <general/technical-overview:Swarms>`.
     91 
     92 
     93 Why is my contact not seeing my avatar?
     94 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     95 
     96 Due to technical limitation, avatars are only transfered to your
     97 contacts during a voice or video call. This limitation will disappear
     98 when :ref:`group chats <general/technical-overview:swarms>` are
     99 released.
    100 
    101 Why aren't my sent messages showing up on all linked devices?
    102 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    103 
    104 All of your devices receive the same messages from your contacts, but
    105 *sent* messages will not show up on all of your devices.
    106 
    107 The :ref:`swarm <general/technical-overview:swarms>` update will introduce
    108 full conversation sync between linked devices for all conversations
    109 (including one-on-one conversations).
    110 
    111 Can I message offline contacts?
    112 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    113 
    114 Jami does not yet have offline/persistent messages because of its
    115 distributed nature.
    116 
    117 Your messages can't be queued on a central server so both contacts
    118 must be online to message each other. If you send a message to an
    119 offline contact, Jami will save the message on your device and send it
    120 to them when they come online.
    121 
    122 There are some possible future solutions to this issue, including
    123 :ref:`swarms <general/technical-overview:swarms>`, which will allow
    124 users to set up their own "server" node to receive messages for
    125 them.
    126 
    127 How can I make a bug report?
    128 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    129 
    130 Please see :doc:`How to Make a Bug Report <../guides/how-to-make-a-bug-report>`.
    131 
    132 Where are the configuration files located?
    133 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    134 
    135 Jami saves its configuration (account, certificates, history) at
    136 different locations depending the platform.
    137 
    138 -  **GNU/Linux**: global configuration is under
    139    **~/.config/jami/dring.yml** and account files are under
    140    **~/.local/share/jami/**. Finally, a cache can be stored in
    141    **~/.cache/jami**
    142 
    143 
    144 - **OSX**: The full configuration is under **~/Library/Application Support/Jami** if installed via https://jami.net.
    145   The app store version uses
    146   **~/Library/Containers/com.savoirfairelinux.ring.macos/Data/Library/Application Support/jami**
    147 
    148 -  **Android**: The full configuration is under **/data/data/cx.ring**
    149    (may require root privileges)
    150 
    151 -  **Windows**: global configuration is under
    152    **%AppData%/Local/jami/dring.yml** and Account files are under
    153    **%AppData%/Local/jami/**. Finally, a cache is stored in
    154    **%USERPROFILE%/.cache/jami**
    155 
    156 Note: audio and video messages are recorded in the local-data in the
    157 folder: ``sent_data``
    158 
    159 TODO: check this ^^^ and add note about file downloads (like images)
    160 
    161 How much bandwidth do I need for calls?
    162 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    163 
    164 For audio calls, Jami uses about 100 Kbps. For a video call, you need
    165 about 2 Mbit/s for medium quality. If your connection is slower, the
    166 bitrate will be automatically reduced.
    167 
    168 If you are hosting a video conference, you will need approximately 2
    169 Mbps more per participant. For a conference with 10 participants, each
    170 participants will need 2Mbps up & down and the host will need 20Mbps
    171 up and down.
    172 
    173 Auto-adaptation is done between 200Kbit/s / max:6Mbit/s
    174 
    175 TODO: ^^^^^^^^^^^^^ What does this last line mean?
    176 
    177 TODO: How can SFL afford to give Jami away for free? How does/will SFL make money off Jami?
    178 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    179 
    180 Summary: ethical company, they will make money supporting managed Jami
    181 solutions for organizations; their main source of income is elsewhere;
    182 all Jami code is GPL3 etc. etc.
    183 
    184 
    185 Account management
    186 ------------------
    187 
    188 What is a Jami account?
    189 ~~~~~~~~~~~~~~~~~~~~~~~
    190 
    191 A Jami account is an `asymmetric encryption key
    192 <https://en.wikipedia.org/wiki/Public-key_cryptography>`_. Your
    193 account is identified by a Jami ID, which is a `fingerprint
    194 <https://en.wikipedia.org/wiki/Public_key_fingerprint>`_ of your
    195 public key.
    196 
    197 What information do I need to provide to create a Jami account?
    198 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    199 
    200 When you create a new Jami account, you don’t have to provide private
    201 information like an email, address, or phone number.
    202 
    203 This is the information you can provide if you choose (it's all
    204 optional):
    205 
    206 1. An avatar
    207 2. A display name, which is the name that clients will display for
    208    your contact. It can contain special characters.
    209 3. An optional username, which is a unique identifier that is directly
    210    associated with your JamiID. This username->Jami ID mapping is
    211    stored on a server (ns.jami.net by default, but you can host your
    212    own)
    213 4. A password. This password is used to protect the account archive in
    214    your device.
    215 
    216 More information about Jami accounts is in Jami's :ref:`Technical Overview
    217 <general/technical-overview:jami account>`.
    218 
    219 Where is my Jami ID?
    220 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    221 
    222 Your Jami ID should be displayed prominently in whichever app you're
    223 using. It looks like a long string of numbers and letters:
    224 ``f2c815f5554bcc22689ce84d45aefdda1bce9146``
    225 
    226 Why don't I have to use a password?
    227 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    228 
    229 You are not forced to have a password on your account. On a
    230 centralized system you would use your password to authenticate with a
    231 public server where your account is stored. Someone who knows your
    232 password could steal your identity.
    233 
    234 With Jami, your account is stored in a `folder
    235 <#where-are-the-configuration-files-located>`_ on your device. **The
    236 password is only used to encrypt your account to protect you from
    237 someone who has physical access to your device.**
    238 
    239 If your device is encrypted, you may not want or need to use a
    240 password.
    241 
    242 Why don't I have to register a username?
    243 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    244 
    245 The most permanent, secure identifier is your `Jami Id
    246 <#where-is-my-jami-id>`_, but since these are difficult to use for
    247 some people, you also have the option of registering a
    248 username. Username registration requires a name server, such as Jami's
    249 default one at ns.jami.net.
    250 
    251 If you don't register a username, you can still choose to register one
    252 later at any time.
    253 
    254 Can I change my username?
    255 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    256 
    257 With the default nameserver you cannot change your username.
    258 
    259 What is the difference between a username and a display name?
    260 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    261 
    262 You can use your username as an identifier. The username points to
    263 your `Jami Id <#where-is-my-jami-id>`_, which is your permanent,
    264 secure identifier. Two people cannot have the same username.
    265 
    266 A display name allows you to choose another name that identifies you
    267 to your contacts. Display names can be edited or changed at any time
    268 and only your contacts can see them.
    269 
    270 
    271 How can I back up my account?
    272 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    273 
    274 There are two ways to back-up your account:
    275 
    276 1. Link another device to your account so your account will be on two
    277    devices. You can find this option in the account settings page.
    278 2. Back up the :ref:`account archive
    279    <general/technical-overview:Account storage and backup>` . This file
    280    can be found in the account files `folder
    281    <#where-are-the-configuration-files-located>`_. In some clients,
    282    you can export this archive from the account settings.
    283 
    284 Can I retrieve my username without my keys?
    285 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    286 
    287 If you used the default name server at ``ns.jami.net``, **you
    288 can’t**. There is no way to prove it’s your username without your key.
    289 
    290 If you use a different name server, there may be a way to move a
    291 username to a new Jami Id at the discretion of the administrator of
    292 that name server.
    293 
    294 For more information about name servers, see :ref:`the Technical Overview
    295 <general/technical-overview:Name servers and ns.jami.net>`.
    296 
    297 Can I recover my account if I forget my password?
    298 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    299 
    300 No. There can't be a traditional account recovery process; you are the
    301 only person with access to your data.  If you are worried about
    302 forgetting your password, please use a password manager.
    303 
    304 What happens when I delete my account?
    305 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    306 
    307 Your account is only stored on your own devices. If you delete your
    308 account from each device, the account is gone and you cannot get it
    309 back. Nobody else can use your account after that.
    310 
    311 Your contacts will still have the messages you sent them, but all
    312 public record of your account on the DHT will disappear.
    313 
    314 **Note for accounts with a username:**
    315 
    316 The default nameserver at ``ns.jami.net`` will not delete your
    317 username, but nobody will be able to message you at that username or
    318 register a new account with that username.
    319 
    320 Other name servers may allow username deletion (not recommended) at
    321 the administrator's discretion.
    322 
    323 If you do not want to lose your account, please `back it up
    324 <#how-can-i-back-up-my-account>`_!
    325 
    326 What happens when I link a new device?
    327 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    328 
    329 When you link a device to your account, your :ref:`account archive
    330 <general/technical-overview:account storage and backup>` is put on the
    331 Jami network for a few minutes. It is protected by a password Jami
    332 gives you.
    333 
    334 The new device receives your full account certificate with the master
    335 RSA keys, but it generates a new device key for signing/encrypting
    336 messages.
    337 
    338 Advanced
    339 --------
    340 
    341 What protocol does Jami use for the end-to-end encryption?
    342 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    343 
    344 We use TLS 1.3 with a perfect forward secrecy requirement for the
    345 negotiated ciphers for calls and file transfers. Messages are
    346 encrypted with an RSA key.
    347 
    348 
    349 What data passes through my machine when I participate in the Jami network?
    350 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    351 
    352 **All these data are encrypted**. There is:
    353 
    354 -  ICE descriptors of other Jami users. ICE is a protocol that help
    355    establishing communication between two computers
    356 -  certain text messages
    357 -  as indicated above, accounts currently being linked to a new device
    358 
    359 Audio/video streams and some text messages pass through the VOIP
    360 protocol. Text messages can be sent either via VOIP or DHT (the
    361 distributed network) depending on whether a VOIP communication channel
    362 is already open or not.
    363 
    364 Why am I able to communicate with myself?
    365 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    366 
    367 Many users use Jami to transfer data from one machine to another.
    368 
    369 Should I enable push notifications?
    370 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    371 
    372 Push notifications allow Jami to operate in a way more adapted to the
    373 context of mobility (energy consumption, data…). However, for the
    374 moment, notifications go through Google’s servers, via the Firebase
    375 service. Only one identifier is transferred and it is unusable for
    376 anyone who does not have access to your account.
    377 
    378 What is a bootstrap server?
    379 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    380 TODO
    381 
    382 What is a TURN server? What is STUN?
    383 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    384 TODO
    385 
    386 What is DHT proxy?
    387 ~~~~~~~~~~~~~~~~~~
    388 
    389 The DHT proxy is a server that registers on the DHT for you and relays
    390 your information to you. Thus, it is the server that will be active on
    391 the DHT and will participate in the network, and no longer the target
    392 device. Multiple devices can register on the same DHT proxy.
    393 
    394 How the username registration service work?
    395 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    396 
    397 For default parameters the usernames are registered on an Ethereum
    398 blockchain. By default, it’s ns.jami.net that is used, but if you are a
    399 developper, you can create your own system. Hence, nothing forces you to
    400 implement it with a blockchain. You can check results at
    401 http://ns.jami.net/name/test, where “test” is a username for which we
    402 are looking for a matching `Infohashs <guidelines/Identifiers>`__. Once
    403 registered, this server doesn’t provide a way to remove the mapping.
    404 More informations there:
    405 https://git.jami.net/savoirfairelinux/ring-project/wikis/technical/Name-Server-Protocol
    406 
    407 How can I change the timeout for a call?
    408 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    409 
    410 In the ``dring.yml`` file, you can change your ringingTimeout (in
    411 seconds)
    412 
    413 How to back up and reimport conversations and accounts
    414 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    415 
    416 Note: This is only for client based on LRC (desktop ones)
    417 
    418 First you will need to export all your accounts (For GNU/Linux: Settings
    419 => Account => Export account). Then you will need to copy the database
    420 (in ``~/.local/share/jami`` for example).
    421 
    422 Then on the new device, when you will open Jami for the first time, you
    423 have to re-import your accounts via the archive previously saved. This
    424 will re-import your settings and contacts (with empty conversations).
    425 Then close the client and replace the database with the one previously
    426 saved. That’s all!
    427 
    428 How secure are you?
    429 ~~~~~~~~~~~~~~~~~~~
    430 
    431 \*\* We use TLS/SRTP to secure connection and communications over the
    432 network.*\*
    433 
    434 We implement SRTP over SIP using recommendations written in following
    435 RFCs:
    436 
    437 -  ```http://tools.ietf.org/html/rfc3711`` <http://tools.ietf.org/html/rfc3711>`__
    438 -  ```http://tools.ietf.org/html/rfc4568`` <http://tools.ietf.org/html/rfc4568>`__
    439 
    440 Typically 2 kind of sockets are negotiated. One for the control socket,
    441 the other for the media sockets
    442 
    443 Typical control session will use the following cipher suite:
    444 (TLS1.3)-(ECDHE-SECP384R1)-(RSA-PSS-RSAE-SHA384)-(AES-256-GCM)
    445 (TLS_ECDHE_RSA_AES_256_GCM_SHA384)
    446 
    447 DTLS (fallback) supported:
    448 “SECURE192:-KX-ALL:+ANON-ECDH:+ANON-DH:+SECURE192:-VERS-TLS-ALL:+VERS-DTLS-ALL:-RSA:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION”
    449 TLS:
    450 “SECURE192:-KX-ALL:+ANON-ECDH:+ANON-DH:+SECURE192:-RSA:-GROUP-FFDHE4096:-GROUP-FFDHE6144:-GROUP-FFDHE8192:+GROUP-X25519:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION”
    451 
    452 Supported crypto suite for the media session are:
    453 
    454 -  AES_CM_128_HMAC_SHA1_80 / SRTP_AES128_CM_HMAC_SHA1_80
    455 -  AES_CM_128_HMAC_SHA1_32 / SRTP_AES128_CM_HMAC_SHA1_32
    456 
    457 When do public IPs get exposed?
    458 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    459 
    460 We can describe 3 main connectivity scenarios. A classic configuration
    461 (1.), behind a VPN (2.), via Tor (3.). As Jami is a p2p app, I think you
    462 understand that (2.) or (3.) is a bit mandatory to avoid IP leaking.
    463 
    464 Moreover, even if it’s my answer, you can choose to not trust my answer
    465 and check the code, or use wireshark or other tools. Generally, I (and
    466 the other devs I think) are using the first scenario (sometimes the
    467 second one), and we surely can’t test all the network we want, so if you
    468 discover a bug, please open a issue.
    469 
    470 Anyway, in these 3 scenarios, there is 3 main actions:
    471 
    472 -  Send a message (this will use the DHT)
    473 -  Send a file (TCP ICE connection as described here:
    474    https://git.jami.net/savoirfairelinux/ring-project/wikis/technical/2.5.%20File%20transfer)
    475 -  Do a call (TCP + UDP ICE connection as described here:
    476    https://git.jami.net/savoirfairelinux/ring-project/wikis/technical/2.4.%20Let’s%20do%20a%20call)
    477 
    478 Classic config
    479 ^^^^^^^^^^^^^^
    480 
    481 -  Send a message
    482 
    483 The Jami application is running a DHT (https://opendht.net) node on your
    484 device. So every operations on the DHT will use your ips. This is why
    485 Jami has the option to use a dhtproxy (eg dhtproxy.jami.net), this will
    486 avoid to use your node, but will use another node on the network (which
    487 will see your ip). Note that your message is not sent directly to the
    488 other device. In fact your message is sent on some nodes of the DHT and
    489 your contact will retrieve the message on this node. So, your contact
    490 don’t see your IP at this step, but the node who get the message will
    491 (or they will see the IP of the proxy).
    492 
    493 -  Send a file
    494 
    495 As described in the docs, you will send a message with all the IP you
    496 know that your peer can contact in an encrypted packet. So, if your peer
    497 send you a file or you send a file, your addresses will appear in the
    498 ICE message.
    499 
    500 -  Calls
    501 
    502 Same as above, the IP is present in the ICE.
    503 
    504 Behind a VPN
    505 ^^^^^^^^^^^^
    506 
    507 -  Send a message
    508 
    509 The IP of your VPN will be used by the DHT node. If you want a proof,
    510 you can compile dhtnode and run the ‘la’ command to get your public
    511 detected address. This is what I got:
    512 
    513 ::
    514 
    515    ./tools/dhtnode -b bootstrap.jami.net
    516    Bootstrap: bootstrap.jami.net:4222
    517    OpenDHT node be58fdc9f782269bfc0bbfc21a60bca5f02cb881 running on port 54299
    518     (type 'h' or 'help' for a list of possible commands)
    519 
    520    >> la
    521    Reported public addresses:
    522    IPs OF MY VPN
    523 
    524 So, if you don’t use a proxy, your VPN addresses will be used for using
    525 the DHT. If you use a dhtproxy, the dhtproxy will see your VPN addresses
    526 
    527 -  Send a file
    528 
    529 Same as above, the ICE will contains: + addresses from your LAN + public
    530 address of your VPN + TURN address if TURN is enabled
    531 
    532 -  Do a call
    533 
    534 Same as above, your public address is replaced by your VPN address. You
    535 can see it in the logs from daemon. See
    536 https://git.jami.net/savoirfairelinux/ring-project/wikis/tutorials/Bug-report-guide#logs
    537 
    538 Tor
    539 ^^^
    540 
    541 -  Send a message
    542 
    543 Tor basically doesn’t supports UDP. This means that you can’t use your
    544 DHT node locally, you MUST use a DHTProxy. That proxy will see the Exit
    545 node.
    546 
    547 -  Send a file
    548 
    549 I prefer a proof that any description. So, I did a file transfer with
    550 Jami + TOR. This is what I see in the logs for the remote:
    551 
    552 ::
    553 
    554    [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a8c801 1 TCP 2130706431 192.168.200.1 33293 typ host tcptype passive
    555    [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a8c801 1 TCP 2130706431 192.168.200.1 9 typ host tcptype active
    556    [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a80103 1 TCP 2130706431 192.168.1.3 33293 typ host tcptype passive
    557    [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a80103 1 TCP 2130706431 192.168.1.3 9 typ host tcptype active
    558    [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: R33fe279d 1 TCP 16777215 51.254.39.157 27427 typ relay tcptype passive
    559    [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Sc0a8c801 1 TCP 1694498815 185.220.101.24 33293 typ srflx tcptype passive
    560 
    561 The first ones are some 192.168.x.x so we don’t care. 51.254.39.157 is
    562 the TURN address in France (my device is in the Canada). 185.220.101.24
    563 is the Tor exit node:
    564 
    565 ::
    566 
    567    inetnum:        185.220.101.0 - 185.220.101.127
    568    netname:        MK-TOR-EXIT
    569 
    570 -  Do a call
    571 
    572 This will not work (actually, you can create the SIP control connection
    573 because it’s a TCP connection), but medias are negotiated in UDP, so
    574 this will fail.
    575 
    576 What ports does Jami use?
    577 ~~~~~~~~~~~~~~~~~~~~~~~~~
    578 
    579 Jami works as a server and gets new ports for each connections (randomly
    580 binded). These are the ranges that can be used for each component:
    581 
    582 -  dht: UDP [4000, 8888]
    583 -  audio: UDP [16384-32766]
    584 -  video: UDP [49152-65534]
    585 -  SIP Control: UDP/TCP randomly binded
    586 
    587 So for ufw, we recommend to run: ``sudo ufw default allow outgoing``
    588 
    589 For now, you can’t specify a specific range to configure ports used by
    590 Jami. The inbound traffic can be controlled without issue, Jami should
    591 work and can use a TURN server if needed.
    592 
    593 If you run your own proxy or nameserver:
    594 
    595 -  dhtproxy, nameserver: TCP [80-100], 443
    596 
    597 If you run your own TURN server:
    598 
    599 -  TURN/STUN: TCP+UDP 3478, 5349
    600 
    601 How can I configure the codecs even more?
    602 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    603 
    604 Codecs can be configured via a file. In the configurations files, you
    605 can create a file called ``encoder.json`` like this:
    606 
    607 ::
    608 
    609    {
    610        "libx264": {
    611 	   "profile": 100,
    612 	   "level": 42,
    613 	   "crf": 20,
    614 	   "preset": "ultrafast"
    615        },
    616        "h264_vaapi": {
    617 	   "low_power": 1
    618        },
    619        "libopus": {
    620 	   "application": "voip"
    621        }
    622    }
    623 
    624 or:
    625 
    626 ::
    627 
    628    {
    629        "libopus": {
    630 	   "bit_rate": 128000
    631        }
    632    }
    633 
    634 This file is located in the same directory of
    635 ```dring.yml`` <#basics-5>`__
    636 
    637 The best way to check which options are supported is through the command
    638 “ffmpeg -h encoder=[encoder_name]” where encoder_name can be whichever
    639 of libx264, libvpx, mpeg4, h263, libopus, libspeex, g722, pcm_alaw,
    640 pcm_mulaw (FFmpeg names for all of Jami’s supported encoders).