Contact us
Mail us
💻 Let's Get Digital
Let's Get Started
🧬 Let's Get Digital platform & application
🕐Getting started
📲 The application
☯ Hybrid Events
✔️ Testing suite
The admin panel
Users
Content
Communication
Navigation
Feedback
Matchmaking
Appointments
Virtual event
Settings
Virtual Platform features
🌳 Sustainability (VP)
☕ Chat (VP)
🧍 My profile (VP)
⭐ My connections (VP)
FAQ's
❓ FAQ about the Virtual Platform (VP)
❔ FAQ about the Application (App)
📳 Platform and Application compatibility
📋 Change log
PRICING & PACKAGING
📦 Service packages (App + VP)
🧾 Feature list (App + VP)
🎫 Subscription model (VP)
💸 Invoice system (VP)
MISC
💻 Virtual platform (VP)
📟 Technical specifications (VP)
🔑 GDPR, data & access (VP)
✳️ Whitelisting (VP)
🔒 Technical and Organisational Measures (VP)
📱 Application (App)
Powered by GitBook

✳️ Whitelisting (VP)

This article describes what can be whitelisted to guarantee a good connection with LetsGetDigital.

DNS Whitelisting

If possible it's best to whitelist based on domain names. The following domains should have access:

*.letsgetdigital.io *.daily.co turn.aquila-eu.wbcnf.net

turn.aquila-eu.wbcnf.net is a specific server for Samba used in case certain ports are blocked.

Samba explanation

The server tries to proxy media traffic over UDP or TCP on ports 80 or 443. If media traffic cannot be carried over the direct connection to those UDP ranges on the mediaserver - the front end tries each port / protocol to see if it can carry media traffic that way.

TURN is only used as a last resort, so it either allows the mediaserver UDP range OR allows UDP/443 (preferred) to the TURN server.

For more information see (select the 'Ports' tab):

Testing the TURN server

You can test in Windows by playing with the in built firewall.

  • Create a rule - Block UDP out - ports : 1000-65535 ( don't enable it )

  • Join a session and broadcast

  • Enable the rule - note your audio and video freezes

  • Refresh browser - note your audio and video works again

If you really want to prove TURN is being used to carry traffic, you can also inspect chrome://webrtc-internals/

Select the legacy API to get the stats from there, and find 'Conn-0-1-0) googCandicatePair' The find 'googleLocalCandidateType'

REF : https://developer.mozilla.org/en-US/docs/Web/API/RTCIceCandidateType

With the UDP outgoing ports blocked, this changes to relay meaning the TURN server is proxying the media traffic. Without these ports blocked - you will likely see stun or prflx candidate show there.

Used ports

Port

Usage

443

Default SSL connection

3478

For signalling and media tunnelling, where necessary

40000 - 65534

For direct peer-to-peer media connections

IP Whitelisting

Let's Get Digital can possibly use the following IP's.

Note: This list contains a very large set of IP addresses. We have a big range of IP addresses because all the services are behind a DDOS-protection layer. Publishing or sharing the IP-addresses

Cloudflare

IPv4 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/12 172.64.0.0/13 131.0.72.0/22

IPv 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32

Leaseweb

89.255.248.0/21 185.28.68.0/22 149.5.5.128/25 80.231.204.32/27 81.20.70.96/27 37.48.105.96/27 178.162.217.160/27 38.68.192.192/27 80.239.231.64/27 209.58.153.8/29 103.254.152.0/26 43.249.37.244/30 46.28.246.48/29 77.109.138.32/29 23.105.70.232/29 23.108.68.90/29 149.11.174.80/29

Media servers

95.168.174.119 5.79.71.20 3.126.212.8 52.58.3.101 213.227.143.147 85.17.220.8 95.168.174.154 213.227.131.204 213.227.131.205 178.162.151.245 178.162.151.242 85.17.74.233 95.211.97.50 95.211.92.180 95.211.92.179 95.211.97.51 213.227.150.199

Previous
🔑 GDPR, data & access (VP)
Next
🔒 Technical and Organisational Measures (VP)
1
Last updated 1 month ago
Contents
DNS Whitelisting
IP Whitelisting
Cloudflare
Leaseweb
Media servers