Most open-source servers will now be supporting IETF TURN drafts later than draft-08, which is what Flash Player 10.0 supports. Additionally, Flash Player 10.0 has no way of sending authentication. I have talked with the authors of some of these packages but they seemed less than interested in adding an unauthenticated mode of operation at that time, so it is unlikely that a draft-08-compatible server with no authentication would be easily available. You will need to implement your own from the draft-08 specification.
Authentication support is not included because for the IT-firewall-bypass case, IT departments already have control over the systems running behind their firewalls and so authentication would simply be an additional configuration hurdle.
Clear answer, Matthew, but not entirely practical.
Writing proxies like this is not really our kind of business.
But it must be a piece of cake for Adobe to build such a proxy.
I just assume this will soon be part of an Adobe product announcement, right? (Yes, I know, you can't say anything)
I would suggest that you or your IT department ask for this proxy protocol support from your firewall or other IT hardware vendor. After all, Flash Player is a widely deployed application and so this requirement shouldn't be that unusual.
Alternatively, you or your IT department can open up outbound UDP access, which is better-performing anyway.
Unfortunately this isn't going to work in our situation.
The problem is not that UDP ports aren't open.
Many of our customers are private persons or small businesses connected to Internet by a ADSL modem plus integrated (wireless) router.
Many of these boxes (around 30%) contain symmetric NAT translators, unsuitable for p2p.
We use your "garage server" at http://cc.rtmfp.net to let people test their connection, and each time we find that the test at the bottom ("preserve source UDP port number from original connection") fails for these.
We have already realized a fallback mechanism, as suggested by Mike, that routes connections over our FMS server in case p2p fails. The FMS solution has been our standard pre-Flash 10.
As we regularly had complains about latency and network congestion issues, and were benchmarked against a.o.Skype, we wanted to exploit Flash 10 for its p2p and udp support.
Unfortunately we now discover that too many people can't work with this because of symmetric NAT.
Mike has suggested to use the TURN proxy capability of Flash 10 in order to take away some of the pain, and at least retain the udp part of the solution.
I spent precious hours to discover that there isn't any product complying with the TURN standard you have implemented.
You have confirmed that.
I believe you too easily turn away from the problem.
I would really appreciate a more cooperative approach.
You have all the knowledge.
We are willing to spend more effort to get this working; see the testing we did with reSIProcate as discussed in the other thread in this forum.
Please let us know how we can make progress.
TURN support in Flash Player 10.0 / AIR 1.5 is there for the "Enterprise Firewall" use case, where an organization wishes to enable RTMFP but not open up outbound UDP to all applications.
It is NOT intended for use as a general proxy mechanism elsewhere in the Internet.
If you wish to have a fallback mechanism from P2P to client-server networking (sending data via an intermediate service) using UDP and RTMFP, you will need to use an RTMFP-capable FMS, for which there is a pre-release program.
Even in that case, you will still sometimes need to switch to client-server networking using RTMP or RTMPT, in which case any FMS will work.
How can we get access to the new FMS pre-release? Our service is based on flash p2p video/audio and we are suffering from this NAT issue.