faq.txt (23182B)
1 FAQ 2 ===== 3 4 This is an exhaustive list of frequently asked questions, including 5 some technical questions. 6 7 .. contents:: 8 :local: 9 :depth: 3 10 11 Basics 12 ------ 13 14 What is Jami? 15 ~~~~~~~~~~~~~ 16 17 Read the :doc:`Introduction <introduction>`. 18 19 What makes Jami different from other communication platforms? 20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 21 22 Jami doesn't work like most communication platforms because it is 23 *distributed*: 24 25 .. image:: ../media/distributed-network-topo.png 26 27 Some of the consequences may seem surprising. For instance, since 28 accounts are stored on your device, passwords are optional. However, 29 the most significant practical differences are that you have more 30 *freedom* and *privacy*. 31 32 TODO: expand on this 33 34 What do the red/green status circles next to avatars mean? 35 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 36 37 On your own account, a red circle means that you aren't connected to 38 the DHT. You may need to check your connection or restart the app. 39 40 On other contacts, a red circle means that they are not online, and a 41 green circle means they are online and you should be able to message 42 them. 43 44 Note that a green circle only means that the contact has announced 45 their presence on the DHT. It does not indicate a direct connection to 46 their device. In some cases, a contact may be able to send and receive 47 messages but cannot make calls or file transfers because of their 48 firewall. 49 50 51 Why is a feature missing on my client? 52 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 53 54 Not every client implements all features; check the list :doc:`here 55 <all-features-by-client>` to see if your client is missing the 56 feature. 57 58 You can make feature requests at 59 https://git.jami.net/. 60 61 Does Jami support read reciepts? Can I turn them on or off? 62 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 63 64 You can enable or disable read receipts on Android. Other platforms 65 may still be working on this feature. Please see :doc:`All Features by 66 Client <all-features-by-client>` for the current status. 67 68 Does Jami support typing notifications? Can I turn them on or off? 69 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 70 71 Most of the client support sending and receiving typing 72 notifications. You can enable/disable them in the general settings. 73 74 Can I share my screen? 75 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 76 77 Yes, on all platforms except for iOS. Search for a dedicated "Share 78 screen" button while you are in a video call. 79 80 81 Can I make group conference calls? 82 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 83 Yes. You can add Jami contacts to existing calls (audio or video) by 84 clicking the "Add participant" button. 85 86 Does Jami have group chats? 87 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 88 89 Not yet. Group chats are :ref:`coming soon 90 <general/technical-overview:Swarms>`. 91 92 93 Why is my contact not seeing my avatar? 94 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 95 96 Due to technical limitation, avatars are only transfered to your 97 contacts during a voice or video call. This limitation will disappear 98 when :ref:`group chats <general/technical-overview:swarms>` are 99 released. 100 101 Why aren't my sent messages showing up on all linked devices? 102 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 103 104 All of your devices receive the same messages from your contacts, but 105 *sent* messages will not show up on all of your devices. 106 107 The :ref:`swarm <general/technical-overview:swarms>` update will introduce 108 full conversation sync between linked devices for all conversations 109 (including one-on-one conversations). 110 111 Can I message offline contacts? 112 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 113 114 Jami does not yet have offline/persistent messages because of its 115 distributed nature. 116 117 Your messages can't be queued on a central server so both contacts 118 must be online to message each other. If you send a message to an 119 offline contact, Jami will save the message on your device and send it 120 to them when they come online. 121 122 There are some possible future solutions to this issue, including 123 :ref:`swarms <general/technical-overview:swarms>`, which will allow 124 users to set up their own "server" node to receive messages for 125 them. 126 127 How can I make a bug report? 128 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 129 130 Please see :doc:`How to Make a Bug Report <../guides/how-to-make-a-bug-report>`. 131 132 Where are the configuration files located? 133 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 134 135 Jami saves its configuration (account, certificates, history) at 136 different locations depending the platform. 137 138 - **GNU/Linux**: global configuration is under 139 **~/.config/jami/dring.yml** and account files are under 140 **~/.local/share/jami/**. Finally, a cache can be stored in 141 **~/.cache/jami** 142 143 144 - **OSX**: The full configuration is under **~/Library/Application Support/Jami** if installed via https://jami.net. 145 The app store version uses 146 **~/Library/Containers/com.savoirfairelinux.ring.macos/Data/Library/Application Support/jami** 147 148 - **Android**: The full configuration is under **/data/data/cx.ring** 149 (may require root privileges) 150 151 - **Windows**: global configuration is under 152 **%AppData%/Local/jami/dring.yml** and Account files are under 153 **%AppData%/Local/jami/**. Finally, a cache is stored in 154 **%USERPROFILE%/.cache/jami** 155 156 Note: audio and video messages are recorded in the local-data in the 157 folder: ``sent_data`` 158 159 TODO: check this ^^^ and add note about file downloads (like images) 160 161 How much bandwidth do I need for calls? 162 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 163 164 For audio calls, Jami uses about 100 Kbps. For a video call, you need 165 about 2 Mbit/s for medium quality. If your connection is slower, the 166 bitrate will be automatically reduced. 167 168 If you are hosting a video conference, you will need approximately 2 169 Mbps more per participant. For a conference with 10 participants, each 170 participants will need 2Mbps up & down and the host will need 20Mbps 171 up and down. 172 173 Auto-adaptation is done between 200Kbit/s / max:6Mbit/s 174 175 TODO: ^^^^^^^^^^^^^ What does this last line mean? 176 177 TODO: How can SFL afford to give Jami away for free? How does/will SFL make money off Jami? 178 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 179 180 Summary: ethical company, they will make money supporting managed Jami 181 solutions for organizations; their main source of income is elsewhere; 182 all Jami code is GPL3 etc. etc. 183 184 185 Account management 186 ------------------ 187 188 What is a Jami account? 189 ~~~~~~~~~~~~~~~~~~~~~~~ 190 191 A Jami account is an `asymmetric encryption key 192 <https://en.wikipedia.org/wiki/Public-key_cryptography>`_. Your 193 account is identified by a Jami ID, which is a `fingerprint 194 <https://en.wikipedia.org/wiki/Public_key_fingerprint>`_ of your 195 public key. 196 197 What information do I need to provide to create a Jami account? 198 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 199 200 When you create a new Jami account, you don’t have to provide private 201 information like an email, address, or phone number. 202 203 This is the information you can provide if you choose (it's all 204 optional): 205 206 1. An avatar 207 2. A display name, which is the name that clients will display for 208 your contact. It can contain special characters. 209 3. An optional username, which is a unique identifier that is directly 210 associated with your JamiID. This username->Jami ID mapping is 211 stored on a server (ns.jami.net by default, but you can host your 212 own) 213 4. A password. This password is used to protect the account archive in 214 your device. 215 216 More information about Jami accounts is in Jami's :ref:`Technical Overview 217 <general/technical-overview:jami account>`. 218 219 Where is my Jami ID? 220 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 221 222 Your Jami ID should be displayed prominently in whichever app you're 223 using. It looks like a long string of numbers and letters: 224 ``f2c815f5554bcc22689ce84d45aefdda1bce9146`` 225 226 Why don't I have to use a password? 227 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 228 229 You are not forced to have a password on your account. On a 230 centralized system you would use your password to authenticate with a 231 public server where your account is stored. Someone who knows your 232 password could steal your identity. 233 234 With Jami, your account is stored in a `folder 235 <#where-are-the-configuration-files-located>`_ on your device. **The 236 password is only used to encrypt your account to protect you from 237 someone who has physical access to your device.** 238 239 If your device is encrypted, you may not want or need to use a 240 password. 241 242 Why don't I have to register a username? 243 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 244 245 The most permanent, secure identifier is your `Jami Id 246 <#where-is-my-jami-id>`_, but since these are difficult to use for 247 some people, you also have the option of registering a 248 username. Username registration requires a name server, such as Jami's 249 default one at ns.jami.net. 250 251 If you don't register a username, you can still choose to register one 252 later at any time. 253 254 Can I change my username? 255 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 256 257 With the default nameserver you cannot change your username. 258 259 What is the difference between a username and a display name? 260 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 261 262 You can use your username as an identifier. The username points to 263 your `Jami Id <#where-is-my-jami-id>`_, which is your permanent, 264 secure identifier. Two people cannot have the same username. 265 266 A display name allows you to choose another name that identifies you 267 to your contacts. Display names can be edited or changed at any time 268 and only your contacts can see them. 269 270 271 How can I back up my account? 272 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 273 274 There are two ways to back-up your account: 275 276 1. Link another device to your account so your account will be on two 277 devices. You can find this option in the account settings page. 278 2. Back up the :ref:`account archive 279 <general/technical-overview:Account storage and backup>` . This file 280 can be found in the account files `folder 281 <#where-are-the-configuration-files-located>`_. In some clients, 282 you can export this archive from the account settings. 283 284 Can I retrieve my username without my keys? 285 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 286 287 If you used the default name server at ``ns.jami.net``, **you 288 can’t**. There is no way to prove it’s your username without your key. 289 290 If you use a different name server, there may be a way to move a 291 username to a new Jami Id at the discretion of the administrator of 292 that name server. 293 294 For more information about name servers, see :ref:`the Technical Overview 295 <general/technical-overview:Name servers and ns.jami.net>`. 296 297 Can I recover my account if I forget my password? 298 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 299 300 No. There can't be a traditional account recovery process; you are the 301 only person with access to your data. If you are worried about 302 forgetting your password, please use a password manager. 303 304 What happens when I delete my account? 305 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 306 307 Your account is only stored on your own devices. If you delete your 308 account from each device, the account is gone and you cannot get it 309 back. Nobody else can use your account after that. 310 311 Your contacts will still have the messages you sent them, but all 312 public record of your account on the DHT will disappear. 313 314 **Note for accounts with a username:** 315 316 The default nameserver at ``ns.jami.net`` will not delete your 317 username, but nobody will be able to message you at that username or 318 register a new account with that username. 319 320 Other name servers may allow username deletion (not recommended) at 321 the administrator's discretion. 322 323 If you do not want to lose your account, please `back it up 324 <#how-can-i-back-up-my-account>`_! 325 326 What happens when I link a new device? 327 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 328 329 When you link a device to your account, your :ref:`account archive 330 <general/technical-overview:account storage and backup>` is put on the 331 Jami network for a few minutes. It is protected by a password Jami 332 gives you. 333 334 The new device receives your full account certificate with the master 335 RSA keys, but it generates a new device key for signing/encrypting 336 messages. 337 338 Advanced 339 -------- 340 341 What protocol does Jami use for the end-to-end encryption? 342 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 343 344 We use TLS 1.3 with a perfect forward secrecy requirement for the 345 negotiated ciphers for calls and file transfers. Messages are 346 encrypted with an RSA key. 347 348 349 What data passes through my machine when I participate in the Jami network? 350 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 351 352 **All these data are encrypted**. There is: 353 354 - ICE descriptors of other Jami users. ICE is a protocol that help 355 establishing communication between two computers 356 - certain text messages 357 - as indicated above, accounts currently being linked to a new device 358 359 Audio/video streams and some text messages pass through the VOIP 360 protocol. Text messages can be sent either via VOIP or DHT (the 361 distributed network) depending on whether a VOIP communication channel 362 is already open or not. 363 364 Why am I able to communicate with myself? 365 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 366 367 Many users use Jami to transfer data from one machine to another. 368 369 Should I enable push notifications? 370 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 371 372 Push notifications allow Jami to operate in a way more adapted to the 373 context of mobility (energy consumption, data…). However, for the 374 moment, notifications go through Google’s servers, via the Firebase 375 service. Only one identifier is transferred and it is unusable for 376 anyone who does not have access to your account. 377 378 What is a bootstrap server? 379 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 380 TODO 381 382 What is a TURN server? What is STUN? 383 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 384 TODO 385 386 What is DHT proxy? 387 ~~~~~~~~~~~~~~~~~~ 388 389 The DHT proxy is a server that registers on the DHT for you and relays 390 your information to you. Thus, it is the server that will be active on 391 the DHT and will participate in the network, and no longer the target 392 device. Multiple devices can register on the same DHT proxy. 393 394 How the username registration service work? 395 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 396 397 For default parameters the usernames are registered on an Ethereum 398 blockchain. By default, it’s ns.jami.net that is used, but if you are a 399 developper, you can create your own system. Hence, nothing forces you to 400 implement it with a blockchain. You can check results at 401 http://ns.jami.net/name/test, where “test” is a username for which we 402 are looking for a matching `Infohashs <guidelines/Identifiers>`__. Once 403 registered, this server doesn’t provide a way to remove the mapping. 404 More informations there: 405 https://git.jami.net/savoirfairelinux/ring-project/wikis/technical/Name-Server-Protocol 406 407 How can I change the timeout for a call? 408 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 409 410 In the ``dring.yml`` file, you can change your ringingTimeout (in 411 seconds) 412 413 How to back up and reimport conversations and accounts 414 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 415 416 Note: This is only for client based on LRC (desktop ones) 417 418 First you will need to export all your accounts (For GNU/Linux: Settings 419 => Account => Export account). Then you will need to copy the database 420 (in ``~/.local/share/jami`` for example). 421 422 Then on the new device, when you will open Jami for the first time, you 423 have to re-import your accounts via the archive previously saved. This 424 will re-import your settings and contacts (with empty conversations). 425 Then close the client and replace the database with the one previously 426 saved. That’s all! 427 428 How secure are you? 429 ~~~~~~~~~~~~~~~~~~~ 430 431 \*\* We use TLS/SRTP to secure connection and communications over the 432 network.*\* 433 434 We implement SRTP over SIP using recommendations written in following 435 RFCs: 436 437 - ```http://tools.ietf.org/html/rfc3711`` <http://tools.ietf.org/html/rfc3711>`__ 438 - ```http://tools.ietf.org/html/rfc4568`` <http://tools.ietf.org/html/rfc4568>`__ 439 440 Typically 2 kind of sockets are negotiated. One for the control socket, 441 the other for the media sockets 442 443 Typical control session will use the following cipher suite: 444 (TLS1.3)-(ECDHE-SECP384R1)-(RSA-PSS-RSAE-SHA384)-(AES-256-GCM) 445 (TLS_ECDHE_RSA_AES_256_GCM_SHA384) 446 447 DTLS (fallback) supported: 448 “SECURE192:-KX-ALL:+ANON-ECDH:+ANON-DH:+SECURE192:-VERS-TLS-ALL:+VERS-DTLS-ALL:-RSA:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION” 449 TLS: 450 “SECURE192:-KX-ALL:+ANON-ECDH:+ANON-DH:+SECURE192:-RSA:-GROUP-FFDHE4096:-GROUP-FFDHE6144:-GROUP-FFDHE8192:+GROUP-X25519:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION” 451 452 Supported crypto suite for the media session are: 453 454 - AES_CM_128_HMAC_SHA1_80 / SRTP_AES128_CM_HMAC_SHA1_80 455 - AES_CM_128_HMAC_SHA1_32 / SRTP_AES128_CM_HMAC_SHA1_32 456 457 When do public IPs get exposed? 458 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 459 460 We can describe 3 main connectivity scenarios. A classic configuration 461 (1.), behind a VPN (2.), via Tor (3.). As Jami is a p2p app, I think you 462 understand that (2.) or (3.) is a bit mandatory to avoid IP leaking. 463 464 Moreover, even if it’s my answer, you can choose to not trust my answer 465 and check the code, or use wireshark or other tools. Generally, I (and 466 the other devs I think) are using the first scenario (sometimes the 467 second one), and we surely can’t test all the network we want, so if you 468 discover a bug, please open a issue. 469 470 Anyway, in these 3 scenarios, there is 3 main actions: 471 472 - Send a message (this will use the DHT) 473 - Send a file (TCP ICE connection as described here: 474 https://git.jami.net/savoirfairelinux/ring-project/wikis/technical/2.5.%20File%20transfer) 475 - Do a call (TCP + UDP ICE connection as described here: 476 https://git.jami.net/savoirfairelinux/ring-project/wikis/technical/2.4.%20Let’s%20do%20a%20call) 477 478 Classic config 479 ^^^^^^^^^^^^^^ 480 481 - Send a message 482 483 The Jami application is running a DHT (https://opendht.net) node on your 484 device. So every operations on the DHT will use your ips. This is why 485 Jami has the option to use a dhtproxy (eg dhtproxy.jami.net), this will 486 avoid to use your node, but will use another node on the network (which 487 will see your ip). Note that your message is not sent directly to the 488 other device. In fact your message is sent on some nodes of the DHT and 489 your contact will retrieve the message on this node. So, your contact 490 don’t see your IP at this step, but the node who get the message will 491 (or they will see the IP of the proxy). 492 493 - Send a file 494 495 As described in the docs, you will send a message with all the IP you 496 know that your peer can contact in an encrypted packet. So, if your peer 497 send you a file or you send a file, your addresses will appear in the 498 ICE message. 499 500 - Calls 501 502 Same as above, the IP is present in the ICE. 503 504 Behind a VPN 505 ^^^^^^^^^^^^ 506 507 - Send a message 508 509 The IP of your VPN will be used by the DHT node. If you want a proof, 510 you can compile dhtnode and run the ‘la’ command to get your public 511 detected address. This is what I got: 512 513 :: 514 515 ./tools/dhtnode -b bootstrap.jami.net 516 Bootstrap: bootstrap.jami.net:4222 517 OpenDHT node be58fdc9f782269bfc0bbfc21a60bca5f02cb881 running on port 54299 518 (type 'h' or 'help' for a list of possible commands) 519 520 >> la 521 Reported public addresses: 522 IPs OF MY VPN 523 524 So, if you don’t use a proxy, your VPN addresses will be used for using 525 the DHT. If you use a dhtproxy, the dhtproxy will see your VPN addresses 526 527 - Send a file 528 529 Same as above, the ICE will contains: + addresses from your LAN + public 530 address of your VPN + TURN address if TURN is enabled 531 532 - Do a call 533 534 Same as above, your public address is replaced by your VPN address. You 535 can see it in the logs from daemon. See 536 https://git.jami.net/savoirfairelinux/ring-project/wikis/tutorials/Bug-report-guide#logs 537 538 Tor 539 ^^^ 540 541 - Send a message 542 543 Tor basically doesn’t supports UDP. This means that you can’t use your 544 DHT node locally, you MUST use a DHTProxy. That proxy will see the Exit 545 node. 546 547 - Send a file 548 549 I prefer a proof that any description. So, I did a file transfer with 550 Jami + TOR. This is what I see in the logs for the remote: 551 552 :: 553 554 [1574218330.556|10688|p2p.cpp :241 ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a8c801 1 TCP 2130706431 192.168.200.1 33293 typ host tcptype passive 555 [1574218330.556|10688|p2p.cpp :241 ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a8c801 1 TCP 2130706431 192.168.200.1 9 typ host tcptype active 556 [1574218330.556|10688|p2p.cpp :241 ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a80103 1 TCP 2130706431 192.168.1.3 33293 typ host tcptype passive 557 [1574218330.556|10688|p2p.cpp :241 ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a80103 1 TCP 2130706431 192.168.1.3 9 typ host tcptype active 558 [1574218330.556|10688|p2p.cpp :241 ] [Account:93a03f519f394143] add remote ICE candidate: R33fe279d 1 TCP 16777215 51.254.39.157 27427 typ relay tcptype passive 559 [1574218330.556|10688|p2p.cpp :241 ] [Account:93a03f519f394143] add remote ICE candidate: Sc0a8c801 1 TCP 1694498815 185.220.101.24 33293 typ srflx tcptype passive 560 561 The first ones are some 192.168.x.x so we don’t care. 51.254.39.157 is 562 the TURN address in France (my device is in the Canada). 185.220.101.24 563 is the Tor exit node: 564 565 :: 566 567 inetnum: 185.220.101.0 - 185.220.101.127 568 netname: MK-TOR-EXIT 569 570 - Do a call 571 572 This will not work (actually, you can create the SIP control connection 573 because it’s a TCP connection), but medias are negotiated in UDP, so 574 this will fail. 575 576 What ports does Jami use? 577 ~~~~~~~~~~~~~~~~~~~~~~~~~ 578 579 Jami works as a server and gets new ports for each connections (randomly 580 binded). These are the ranges that can be used for each component: 581 582 - dht: UDP [4000, 8888] 583 - audio: UDP [16384-32766] 584 - video: UDP [49152-65534] 585 - SIP Control: UDP/TCP randomly binded 586 587 So for ufw, we recommend to run: ``sudo ufw default allow outgoing`` 588 589 For now, you can’t specify a specific range to configure ports used by 590 Jami. The inbound traffic can be controlled without issue, Jami should 591 work and can use a TURN server if needed. 592 593 If you run your own proxy or nameserver: 594 595 - dhtproxy, nameserver: TCP [80-100], 443 596 597 If you run your own TURN server: 598 599 - TURN/STUN: TCP+UDP 3478, 5349 600 601 How can I configure the codecs even more? 602 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 603 604 Codecs can be configured via a file. In the configurations files, you 605 can create a file called ``encoder.json`` like this: 606 607 :: 608 609 { 610 "libx264": { 611 "profile": 100, 612 "level": 42, 613 "crf": 20, 614 "preset": "ultrafast" 615 }, 616 "h264_vaapi": { 617 "low_power": 1 618 }, 619 "libopus": { 620 "application": "voip" 621 } 622 } 623 624 or: 625 626 :: 627 628 { 629 "libopus": { 630 "bit_rate": 128000 631 } 632 } 633 634 This file is located in the same directory of 635 ```dring.yml`` <#basics-5>`__ 636 637 The best way to check which options are supported is through the command 638 “ffmpeg -h encoder=[encoder_name]” where encoder_name can be whichever 639 of libx264, libvpx, mpeg4, h263, libopus, libspeex, g722, pcm_alaw, 640 pcm_mulaw (FFmpeg names for all of Jami’s supported encoders).