jami-docs/user/faq.rst

FAQ
===

This is an exhaustive list of frequently asked questions, including
some technical questions.

.. contents::
   :local:
   :depth: 3


Basics
------

What is Jami?
~~~~~~~~~~~~~

See the :doc:`introduction`.

What does Jami mean?
~~~~~~~~~~~~~~~~~~~~

The choice of the name Jami was inspired by the Swahili word `jamii`
which means `community` as a noun and `together` as an adverb.  It was
chosen as it reflects the vision for the project: a free/libre program
available to all that helps bring communities together, is community
supported, and respects the freedom and privacy of the users.

How can I make a bug report?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please see the :doc:`bug-report-guide`.

What makes Jami different from other communication platforms?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jami does not work like most communication platforms because it is
*distributed*:

.. image:: ../_static/network-topology.svg
   :alt: Centralized, Decentralized, and Distributed network topology

Some of the consequences may seem surprising.  For instance, since
accounts are stored on your device, passwords are optional.  However,
the most significant practical differences are that you have more
*freedom* and *privacy*.

..
   TODO: expand on this

What do the red/green status circles next to avatars mean?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On your own account, a red circle means that you aren't connected to
the DHT.  You may need to check your connection or restart the app.

On other contacts, a red circle means that they are not online, and a
green circle means they are online and you should be able to message
them.

Note that a green circle only means that the contact has announced
their presence on the DHT.  It does not indicate a direct connection
to their device.  In some cases, a contact may be able to send and
receive messages but cannot make calls or file transfers because of
their firewall.

Why is a feature missing on my client?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Not every client implements all features; check the list :doc:`here
<all-features-by-client>` to see if your client is missing the
feature.

You can make feature requests at https://git.jami.net.

Does Jami support read receipts?  Can I turn them on or off?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You can enable or disable read receipts on Android. Other platforms
may still be working on this feature.  Please see :doc:`All Features
by Client <all-features-by-client>` for the current status.

Does Jami support typing notifications?  Can I turn them on or off?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Most of the client support sending and receiving typing notifications.
You can enable/disable them in the general settings.

Can I share my screen?
~~~~~~~~~~~~~~~~~~~~~~

Yes, on all platforms except for iOS.  Search for a dedicated "Share
screen" button while you are in a video call.


Can I make group conference calls?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Yes.  You can add Jami contacts to existing calls (audio or video) by
clicking the "Add participant" button.

Does Jami have group chats?
~~~~~~~~~~~~~~~~~~~~~~~~~~~

Yes, Jami now has :doc:`../developer/swarm` group chats.  However,
they are currently experimental and must be manually enabled from
application settings.  Also, group chats are currently limited to 8
participants (so that bugs and issues could be more easily found and
fixed in smaller scenarios, and hopefully lift this limit in the
future).

Why aren't my sent messages showing up on all linked devices?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Before :doc:`../developer/swarm`, an account's devices would receive
the same messages from contacts if the device was online at the time
of the message being sent, but *sent* messages would not show up on
devices other than the one sending the message.

With the introduction of Swarm, conversation histories of new Swarm
conversations (including one-on-one conversations) are fully
synchronized between all of an account's linked devices.  If you are
using an older version of Jami, please upgrade to the latest version
with Swarm support.  The latest version of Jami is always available
from the Download page of the Jami website, at
https://jami.net/download/.

To learn more about Swarm, you can read our blog post `Synchronizing
conversation history with Swarm
<https://jami.net/synchronizing-conversation-history-with-swarm/>`_
and see the :doc:`../developer/swarm` page of the Jami developer
manual.

Can I message offline contacts?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

With :doc:`../developer/swarm` conversations, every device stores all
a copy of all of the messages in that conversation.  If a device
(whether your own, or another participant's) is not available/online
when a message is sent, when it comes back online again it will try to
fetch any new messages from other online devices/peers and synchronize
message history.  This can be done whenever at least one other device
that has a copy of the new messages is also online.

.. note:: You can read more about how Swarm conversations are
          synchronized in our blog post `Synchronizing conversation
          history with Swarm
          <https://jami.net/synchronizing-conversation-history-with-swarm/>`_.

If the participants in a conversation are often not online at the same
time (for instance, due to timezone differences), one of them might
choose to set up Jami on an often-online device that would receive the
messages from each participant and relay it to the other(s) whenever
they come online.  Thus, acting similarly to a "server", all the while
Jami remains distributed by nature.

.. _config-file-location:

Where are the configuration files located?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Jami saves its configuration (account, certificates, history) at
different locations depending on the platform.

- **GNU/Linux**: global configuration is under
  ``~/.config/jami/dring.yml``, and account-specific files are under
  ``~/.local/share/jami/``.  Finally, there is a cache directory at
  ``~/.cache/jami/``.

- **macOS**: the full configuration is under
  ``~/Library/Application Support/Jami/`` if installed via
  https://jami.net.  The app store version uses
  ``~/Library/Containers/com.savoirfairelinux.ring.macos/Data/Library/Application Support/jami/``.

- **Android**: the full configuration is under ``/data/data/cx.ring/``
  (may require root privileges to view or change from outside Jami).

- **Windows**: global configuration is under
  ``%AppData%/Local/jami/dring.yml``, and account-specific files are
  under ``%AppData%/Local/jami/``.  Finally, there is a cache
  directory at ``%USERPROFILE%/.cache/jami/``.

Note: audio and video messages are recorded in the local-data in the
folder: ``sent_data``

For files, if a file is saved (right click on the file, then Save) it
will be added to the directory you configured in the application
settings.

How much bandwidth do I need for calls?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For audio calls, Jami uses about 100 Kbps.  For a video call, you need
about 2 Mbit/s for medium quality.  If your connection is slower, the
bitrate will be automatically reduced.

If you are hosting a video conference, you will approximately need an
additional 2 Mbps per participant.  So, for example for a conference
with 10 participants, each participant will need 2 Mbps up & down and
the host will need 20 Mbps up and down.

Jami also uses an algorithm to change the consumption depending of the
quality of the link. So, the bitrate can have a minimum of 200 Kbit/s
and maximum of 6 Mbit/s.

How can Savoir-Faire Linux (SFL) afford to give Jami away for free?  How does/will SFL make money off Jami?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Savoir-Faire Linux](https://savoirfairelinux.com/) (SFL) is a consulting company with some R&D projects.
Jami is a GPLv3+ project and this will not change. Savoir-Faire Linux already sells services
for several fields of expertise (hosting, developing websites and applications, embedded
software, etc). Jami is financed several ways:

+ [Donations](https://www.paypal.com/donate?hosted_button_id=MGUDJLQZ4TP5W)
+ Customization contracts
+ Services for other projects
+ Visibility
+ R&D
+ https://jami.biz

+ As a distributed system, Jami incurs very low costs by design
+ Opt-in collection of anonymized statistics might be added in the future to better understand
Jami usage; however, no personal data will be collected.


Account management
------------------

What is a Jami account?
~~~~~~~~~~~~~~~~~~~~~~~

A Jami account is an `asymmetric encryption key
<https://en.wikipedia.org/wiki/Public-key_cryptography>`_.
Your account is identified by a Jami ID, which is a `fingerprint
<https://en.wikipedia.org/wiki/Public_key_fingerprint>`_ of your
public key.

What information do I need to provide to create a Jami account?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When you create a new Jami account, you don't have to provide any
private information like an email, address, or phone number.

This is the information you can provide if you choose (it's all
optional):

1. An avatar.
2. A display name, which is the name that clients will display for
   your contact.  It can contain special characters.
3. An optional username, which is a unique identifier that is directly
   associated with your Jami ID.  This username->Jami ID mapping is
   stored on a server (``ns.jami.net`` by default, but you can host
   your own).
4. A password.  This password is used to protect the account archive
   in your device.

More information about Jami accounts is available in the
:ref:`Technical Overview <developer/technical-overview:Jami Account>`.

Where is my Jami ID?
~~~~~~~~~~~~~~~~~~~~

Your Jami ID should be displayed prominently in whichever app you're
using.  It looks like a long string of letters and numbers; for
example: ``f2c815f5554bcc22689ce84d45aefdda1bce9146``.

Why don't I have to use a password?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You are not forced to have a password on your account.  On a
centralized system you would use your password to authenticate with a
public server where your account is stored.  Someone who knows your
password could steal your identity.

With Jami, your account is stored in a :ref:`folder <user/faq:Where
are the configuration files located?>` on your device.  **The password
is only used to encrypt your account in order to protect you from
someone who has physical access to your device.**

If your device is encrypted, you may not want or need to use a
password, and indeed recent versions of Jami don't ask for an account
encryption password by default when creating new accounts.

Note: changing a password will only change the password on the current
device and it's not synced (because their is no server and other devices
can be offline anyway).

Why don't I have to register a username?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The most permanent, secure identifier is your :ref:`Jami ID
<user/faq:Where is my Jami ID?>`, but since these are difficult to use
for some people, you also have the option of registering a username.
Username registration requires a name server, such as Jami's default
one at ``ns.jami.net``.

If you don't register a username, you can still choose to register one
later at any time.

If you host your own nameserver at ``example.com``, usernames registered
there can be looked up by searching for ``username@example.com``.

Can I change my username?
~~~~~~~~~~~~~~~~~~~~~~~~~

With the default nameserver (``ns.jami.net``) you cannot change your
username.

What is the difference between a username and a display name?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

You can use your username as an identifier.  The username points to
your :ref:`Jami ID <user/faq:Where is my Jami ID?>`, which is your
permanent, secure identifier.  Two people cannot have the same
username.

A display name allows you to choose another name that identifies you
to your contacts.  Display names can be edited or changed at any time
and only your contacts can see them.

How can I back up my account?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

There are two ways to back up your account:

1. Link another device to your account so your account will be on two
   devices.  You can find this option in the account settings page.
2. Back up the :ref:`account archive
   <developer/technical-overview:Jami archive (export.gz)>`.  This
   file can be found in the account files :ref:`folder <user/faq:Where
   are the configuration files located?>`.  In some clients, you can
   export this archive from the account settings.

Can I retrieve my username without my keys?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you used the default name server at ``ns.jami.net``, **you can not**.
There is no way to prove it's your username without your key.

If you use a different name server, there may be a way to move a
username to a new Jami ID at the discretion of the administrator of
that name server.

For more information about name servers, see
:doc:`../developer/name-server-protocol`.

Can I recover my account if I forget my password?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

No.  There can not be a traditional account recovery process; you are
the only person with access to your data.  If you are worried about
forgetting your password, please use a password manager.

What happens when I delete my account?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your account is only stored on your own devices.  If you delete your
account from each device, the account is gone and you cannot get it
back (unless you already made a backup of it earlier).  Nobody else
can use your account after that.

Your contacts will still have the messages you sent them, but all
public record of your account on the DHT will eventually disappear
due to absence and lack of activity.

.. warning:: The default ``ns.jami.net`` name server **does not**
   delete any registered usernames -- other name servers might (not
   recommended), at their administrator's discretion.  So, if you have
   an account with a username registered on the default name server
   and you delete or lose your account, and did not back up your
   account earlier, nobody (including you) will be able to register a
   new account with that username again, thus nobody can reach you at
   that username anymore.

   To avoid losing your account **please** :ref:`back it up
   <user/faq:How can I back up my account?>`!

What happens when I link a new device?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When you link a device to your account, your :ref:`account archive
<developer/technical-overview:Jami archive (export.gz)>` is put on the
Jami network for a few minutes.  It is protected by a password Jami
gives you.

The new device receives your full account certificate with the master
RSA keys, but it generates a new device key for signing/encrypting
messages.


Advanced
--------

What protocol does Jami use for the end-to-end encryption?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We use TLS 1.3 with a perfect forward secrecy requirement for the
negotiated ciphers for calls and file transfers.  Messages are
encrypted with an RSA key.


What data passes through my machine when I participate in the Jami network?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**All these data are encrypted**.  There is:

- ICE descriptors of other Jami users (ICE is a protocol that helps
  establishing communication between two computers);
- certain text messages; and
- accounts currently being linked to a new device, as explained above.

Audio/video streams and some text messages pass through the VOIP
protocol.  Text messages can be sent either via VOIP or DHT (the
distributed network) depending on whether a VOIP communication channel
is already open or not.

Why am I able to communicate with myself?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Many users use Jami to transfer data from one machine to another.

Should I enable push notifications?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Push notifications allow Jami to operate in a way more adapted to the
context of mobility (energy consumption, data, ...).  However, for the
moment, notifications go through Google's servers, via the Firebase
service.  Only one identifier is transferred and it is unusable for
anyone who does not have access to your account.

What is a bootstrap server?
~~~~~~~~~~~~~~~~~~~~~~~~~~~

A bootstrap server is the entry point of the distributed network.
To enter in a network, Jami must know one other node.  This is the
role of the bootstrap. It can be any node in the network, but,
bootstrap nodes are generally always up and available.
The default one in Jami is ``bootstrap.jami.net``.

What is a TURN server?  What is STUN?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A TURN server is a relay, and is generally used when two peers can not
contact to each other due to some firewall restriction, have NAT
without any opened port, and no IPv6.

A STUN server is only used for SIP accounts, and is generally used to
get your public IP.  For Jami accounts, the DHT already gives this
information.

What is DHT proxy?
~~~~~~~~~~~~~~~~~~

The DHT proxy is a server that registers on the DHT for you and relays
your information to you.  Thus, it is the server that will be active
on the DHT and will participate in the network, and no longer the
target device.  Multiple devices can register on the same DHT proxy.

Generally, to transfer data between two peers, there are 3 steps:

1. Exchange candidates (IPs) via the DHT
2. Negotiate the best p2p channel between the peers
3. Transfer data on this socket.

The DHT is only used for the first step.

What if I disable the DHT proxy on Android and what about push notifications?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

There is basically 3 modes on how to use the Android application:

+ With push notifications (DHT proxy must be enabled). This mode supports
notifications for Android (via Google/Firebase, and soon Unified Push or Apple/APN).
This decrease battery usage, by removing the sync needed with the DHT and without
any socket always alive.
+ Without push notifications but with DHT proxy enabled. This avoids the application
 synchronizing with other nodes, but "Run in background" MUST be enabled to avoid the
 operating system killing the application.
+ Without DHT proxy. In this case, "Run in background" MUST be enabled to avoid the operating
system killing the application. The application will synchronize with the other DHT nodes.

I still have issues with the Android application even if battery optimization is disabled
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please read https://dontkillmyapp.com for more details.
If it does not solve your issue, you can open a bug report (ideally with a scenario to help
us to reproduce and/or logs).

How does the username registration service work?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

With the default name server (``ns.jami.net``), the usernames are
registered on an Ethereum blockchain.  If you are a developer, you can
build your own name server with the underlying data storage technology
of your choice (e.g. you could use a SQL database rather than using a
blockchain).

With the default name server, you can look up usernames at
``https://ns.jami.net/name/test``, where ``test`` is a username
for which we are looking for a matching :doc:`Infohash
<../developer/jami-identifiers>`.  Once registered, this name server
**does not** provide any way to remove the mapping.

Read more about the Jami :doc:`../developer/name-server-protocol`.

How can I change the timeout for a call?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In the ``dring.yml`` file (see :ref:`user/faq:Where are the
configuration files located?`), you can change the ``ringingTimeout``
(in seconds).

How to back up and reimport conversations and accounts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. note:: This is only for clients based on LRC (desktop ones).

First you will need to export all your accounts (For GNU/Linux:
``Settings`` => ``Account`` => ``Export account``).  Then you will
need to copy the database (in ``~/.local/share/jami/`` for example).

Then on the new device, when you will open Jami for the first time, you
have to re-import your accounts via the archive previously saved.  This
will re-import your settings and contacts (with empty conversations).
Then close the client and replace the database with the one previously
saved.  That's all!

How secure are you?
~~~~~~~~~~~~~~~~~~~

**We use TLS/SRTP to secure connection and communications over the
network.**

We implement SRTP over SIP using recommendations described in the
following two RFCs:

- `RFC 3711 <https://tools.ietf.org/html/rfc3711>`_
- `RFC 4568 <https://tools.ietf.org/html/rfc4568>`_

Typically 2 kinds of sockets are negotiated.  One for the control
socket, the other for the media sockets.

Typical control session will use the following cipher suite::

    (TLS1.3)-(ECDHE-SECP384R1)-(RSA-PSS-RSAE-SHA384)-(AES-256-GCM)
    (TLS_ECDHE_RSA_AES_256_GCM_SHA384)

DTLS (fallback) supported::

    "SECURE192:-KX-ALL:+ANON-ECDH:+ANON-DH:+SECURE192:-VERS-TLS-ALL:+VERS-DTLS-ALL:-RSA:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION"

TLS::

    "SECURE192:-KX-ALL:+ANON-ECDH:+ANON-DH:+SECURE192:-RSA:-GROUP-FFDHE4096:-GROUP-FFDHE6144:-GROUP-FFDHE8192:+GROUP-X25519:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION"

Supported crypto suite for the media session are:

- ``AES_CM_128_HMAC_SHA1_80 / SRTP_AES128_CM_HMAC_SHA1_80``
- ``AES_CM_128_HMAC_SHA1_32 / SRTP_AES128_CM_HMAC_SHA1_32``

When do public IPs get exposed?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We can consider three main connectivity scenarios: (1) a classic
configuration, (2) behind a VPN, (3) via Tor.  As Jami is a p2p
application, the reader would probably know that (2) or (3) is a bit
mandatory to avoid IP leaking.

Moreover, even if it's my answer, you can choose to not trust my
answer and check the code, or use wireshark or other tools.
Generally, I (and as far as I know most other Jami developers) use the
first scenario (sometimes the second one), and we surely can not test
all the possible networks configurations we would like to, so if you
discover a bug, please :doc:`open an issue <bug-report-guide>`.

Anyway, in these 3 scenarios, there are 3 main actions:

- sending a message (this will use the DHT);
- sending a file (TCP ICE connection as described here:
  :doc:`../developer/file-transfer`; and
- placing a call (TCP + UDP ICE connection as described here:
  :doc:`../developer/calls`).

Classic config
^^^^^^^^^^^^^^

-  Send a message

The Jami application is running a DHT (https://opendht.net) node on your
device. So every operations on the DHT will use your ips. This is why
Jami has the option to use a dhtproxy (eg dhtproxy.jami.net), this will
avoid to use your node, but will use another node on the network (which
will see your ip). Note that your message is not sent directly to the
other device. In fact your message is sent on some nodes of the DHT and
your contact will retrieve the message on this node. So, your contact
don't see your IP at this step, but the node who get the message will
(or they will see the IP of the proxy).

-  Send a file

As described in the docs, you will send a message with all the IP you
know that your peer can contact in an encrypted packet. So, if your peer
send you a file or you send a file, your addresses will appear in the
ICE message.

-  Calls

Same as above, the IP is present in the ICE.

Behind a VPN
^^^^^^^^^^^^

-  Send a message

The IP of your VPN will be used by the DHT node. If you want a proof,
you can compile dhtnode and run the ``la`` command to get your public
detected address. This is what I got:

::

   ./tools/dhtnode -b bootstrap.jami.net
   Bootstrap: bootstrap.jami.net:4222
   OpenDHT node be58fdc9f782269bfc0bbfc21a60bca5f02cb881 running on port 54299
    (type 'h' or 'help' for a list of possible commands)

   >> la
   Reported public addresses:
   IPs OF MY VPN

So, if you don't use a proxy, your VPN addresses will be used for using
the DHT. If you use a dhtproxy, the dhtproxy will see your VPN addresses

-  Send a file

Same as above, the ICE will contains: + addresses from your LAN + public
address of your VPN + TURN address if TURN is enabled

-  Do a call

Same as above, your public address is replaced by your VPN
address. You can see it in the logs from daemon.
See :ref:`user/bug-report-guide:logs`.

Tor
^^^

-  Send a message

Tor basically does not supports UDP. This means that you can not use your
DHT node locally, you MUST use a DHTProxy. That proxy will see the Exit
node.

-  Send a file

I prefer a proof that any description. So, I did a file transfer with
Jami + TOR. This is what I see in the logs for the remote:

::

   [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a8c801 1 TCP 2130706431 192.168.200.1 33293 typ host tcptype passive
   [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a8c801 1 TCP 2130706431 192.168.200.1 9 typ host tcptype active
   [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a80103 1 TCP 2130706431 192.168.1.3 33293 typ host tcptype passive
   [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a80103 1 TCP 2130706431 192.168.1.3 9 typ host tcptype active
   [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: R33fe279d 1 TCP 16777215 51.254.39.157 27427 typ relay tcptype passive
   [1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Sc0a8c801 1 TCP 1694498815 185.220.101.24 33293 typ srflx tcptype passive

The first ones are some 192.168.x.x so we don't care. 51.254.39.157 is
the TURN address in France (my device is in the Canada). 185.220.101.24
is the Tor exit node:

::

   inetnum:        185.220.101.0 - 185.220.101.127
   netname:        MK-TOR-EXIT

-  Do a call

This will not work (actually, you can create the SIP control connection
because it's a TCP connection), but medias are negotiated in UDP, so
this will fail.

What ports does Jami use?
~~~~~~~~~~~~~~~~~~~~~~~~~

Jami works as a server and gets new ports for each connections (randomly
bound). These are the ranges that can be used for each component:

-  dht: UDP [4000, 8888]
-  audio: UDP [16384-32766]
-  video: UDP [49152-65534]
-  SIP Control: UDP/TCP randomly bound

Note: if UDP is blocked, a dhtproxy can be used to use TCP instead.
Note that medias will not work cause it only supports UDP.

So for ufw, we recommend running ``sudo ufw default allow outgoing``.

For now, you can not specify a specific range to configure ports used by
Jami. The inbound traffic can be controlled without issue, Jami should
work and can use a TURN server if needed.

If you run your own proxy or nameserver:

-  dhtproxy, nameserver: TCP [80-100], 443

If you run your own TURN server:

-  TURN/STUN: TCP+UDP 3478, 5349

Can I use Jami in a local network (LAN) without internet access?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Yes!  Thanks to Jami's architecture, Jami users on a local/private
network can communicate among themselves using Jami, without requiring
any outside connectivity such as the internet.

To do so, from Jami's ``Account`` settings open ``Advanced account
settings``.  There, enable the ``Enable local peer discovery``
setting.  Additionally, you may want to manually set the ``bootstrap``
node's address (default: ``bootstrap.jami.net``) to the IP address of
another device on your network that also runs Jami and/or an OpenDHT
node.

.. note:: If you will use this Jami account for communicating only
   with only with other devices on the same local/private network,
   you can disable TURN if you wish.  If you do so, and later you
   decide to use this account also for communicating with other Jami
   devices outside your network, don't forget to enable TURN again,
   as it helps Jami work around issues with some overly restrictive
   firewalls.

How can I configure the codecs even more?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Codecs can be configured via a file. In the configurations files, you
can create a file called ``encoder.json`` like this:

::

   {
       "libx264": {
	   "profile": 100,
	   "level": 42,
	   "crf": 20,
	   "preset": "ultrafast"
       },
       "h264_vaapi": {
	   "low_power": 1
       },
       "libopus": {
	   "application": "voip"
       }
   }

or:

::

   {
       "libopus": {
	   "bit_rate": 128000
       }
   }

This file is :ref:`located in the same directory <user/faq:Where are
the configuration files located?>` as ``dring.yml``.

To check which options are supported, use the command ``ffmpeg -h
encoder=[encoder_name]``, where ``encoder_name`` can be any of
``libx264``, ``libvpx``, ``mpeg4``, ``h263``, ``libopus``,
``libspeex``, ``g722``, ``pcm_alaw``, or ``pcm_mulaw`` (the FFmpeg
names for all of Jami's supported encoders).

How can I configure the audio processor?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

An audio processor allows Jami to clean up and process your microphone's audio.
It can remove echo, reduce noise, and equalize your microphone's volume.
Additionally, it can detect when you're speaking and send this information to participants in your call.
The audio processor settings can be set in your ``dring.yml`` file.
See :ref:`this section to find where this file is located <config-file-location>`.

The relevant preference keys are:

- ``audioProcessor``, which configures which audio processor to use. The valid options are:

  - ``webrtc``: the `WebRTC Audio Processing library <https://www.freedesktop.org/software/pulseaudio/webrtc-audio-processing/>`_
  - ``speex``: the `Speex DSP library <https://gitlab.xiph.org/xiph/speexdsp>`_
  - ``null``: disables audio processing (though your system echo canceller may still be used, see below)

- ``echoCancel``, which configures how echo cancelling should be done. The valid options are:

  - ``auto``: try to use your operating system's echo canceller (if it exists), otherwise fall back to the chosen audio processor's echo canceller
  - ``audioProcessor``: only use the chosen audio processor's echo canceller
  - ``system``: only use your operating system's echo canceller
  - ``null``: don't do any echo cancelling

- ``noiseReduce``, ``true``/``false`` to set noise reduction on the audio processor
- ``automaticGainControl``, ``true``/``false`` to set automatic gain control on the audio processor
- ``voiceActivityDetection``, ``true``/``false`` to set voice activity detection on the audio processor