MS Teams in Speedfusion

Innovative_IoT · March 6, 2023, 8:50pm

Does anyone know how I can make MS Teams go through Speedfusion?

C_Metz · March 6, 2023, 10:14pm

The only easy way is to take the IP address of a work computer and send all the traffic from it’s IP address down the tunnel. Teams uses - UDP 3478-3481, TCP 443, and UDP 50000-50059.

I documented some of the behavior here … Peplink | Pepwave - Forum

mystery · March 6, 2023, 11:49pm

I have had no issue routing teams through speedfusion smoothing. used device IP and routed the necessary ports over the tunnel. i only needed 3478-3481 but its possible something has changed in the past year.

C_Metz · March 7, 2023, 1:27am

If memory serves…
TURN server connection is 3478-3481 UDP, if that fails TCP, if that fails 443 UDP, if that fails 443 TCP
Peer direct is 50000-50059 UDP. but fails pretty rapidly to the TURN server, so as long as this doesn’t succeed, then 3478-3481 is all you need.
Call control is always 443.

My wife’s computer when working from home does a surprising amount of Peer Direct (55000 range) to other PC’s who are also working from home. Her corporate firewall works well at blocking Bi-Directional UDP and always falls back to the TURN server instead. Users home firewall’s / NAT routers, seem to establish bi-directional UDP way too easily in my opinion.

Innovative_IoT · March 8, 2023, 3:45pm

Thanks for the discussion.

My issue is that I am not this companies firewall or their router. I am sitting in front of the firewall, so I cannot see the devices IP.
In my case, do I have to do deep packet inspection to see Teams?
Or can I have them port forward to my device?
Robert

C_Metz · March 8, 2023, 5:03pm

Robert,

Generally port forwarding is not needed as long as both PC’s can talk 443/HTTPS to the call control server. MS Teams uses NAT Discovery. So when it goes to start a new call, it sends a test packet to the turn server and then reports the findings. For example, it will report to the call control that your real IP address is 192.168.1.100 on port 3478 but your public IP (what it saw arrive at the server) is 177.177.177.101 on Port 3478. So using this NAT discovery from both client PC’s and then initiating connections at the same time from both PC’s… formal port forwarding isn’t needed. You can say in a way that it is achieving a form of port forwarding by opening ports on both firewalls using simultaneous outbound connections, therefore allowing an inbound connection.

You can watch all this happen on your Peplink device by looking at the Active Sessions on the device. Located at Status (Top Menu) → Active Sessions (Left Menu) → Search (Body)