Preparing your network for WorkAdventure
This article is for network administrators
To provide high-quality audio and video conversations with WorkAdventure, you need to set up your network so that the users' browsers can efficiently communicate with the WorkAdventure infrastructure.
You should:
- Ensure that WorkAdventure traffic has a direct route to the internet.
- Avoid using packet inspection, proxies, protocol analyzers, and quality of service (QoS)
- Monitor and optimize your latency, bandwidth, and Wi-Fi network.
Setting up your network
Update your firewalls to allow media traffic to flow to and from your organization.
Open P2P WebRTC traffic
When in a conversation bubble (or when only 2 in a meeting room), WorkAdventure will try to create a direct connection between users using the WebRTC protocol. The connection will be done using UDP and NAT traversal techniques to establish a direct connection. If you can allow WebRTC connections between peers, please do. The video stream will go directly from one user to the other using the shortest possible route. And if your users are in the same local network, you will save internet bandwidth. This will by far give the best experience for your users.
If opening this kind of traffic is not an option, we provide TURN "relay" servers.
TURN servers:
- URL: coturn.workadventure.fr
- UDP ports: 443 and 10000 -> 20000
- TCP port: 443
By default, UDP connections will be tried first and a fallback to TCP will happen if UDP connections are not possible. We strongly advise against blocking the UDP traffic as video/audio on TCP is suboptimal. When using TCP, video and audio can suffer important delays making discussions less natural.
Allow access to uniform resource identifiers (URIs)
The core WorkAdventure services need full network access. If there are restrictions or filtering policies for users on your network, give network access to the following URI patterns using port 443.
- https://*.workadventu.re
- https://*.workadventure.fr
Allow access to WorkAdventure address ranges
Solution 1
The easiest solution is to allow UDP traffic on port 443 on all IP addresses. This will be "future-proof" as it won't require updating the address range as we expand WorkAdventure to new data centers.
Solution 2
If solution 1 is not an option, allow full access to all the IPs listed in the streaming.workadventu.re
DNS record.
The list of IP addresses listed at streaming.workadventu.re
will evolve in time as we expand to new data centers. If
you can, please configure your firewall so that it regularly updates the list of IPs filtered based on the domain.
For all IP addresses listed at streaming.workadventu.re
, please open full network access (both in UDP and TCP).
If your firewall can only block IPs (if you cannot pass it a domain name), you can find the list of IPs to whitelist here. Please be aware this is suboptimal as you will have to regularly update the list of IPs manually.