Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
New Member
Posts: 18
Registered: ‎10-20-2016

Re: STUN Communication Failed

[ Edited ]

@UBNT-jeff I get 'bad address' when trying to ping 'unifi'. Pinging the actual controller IP is however successful.

 

Emerging Member
Posts: 329
Registered: ‎09-27-2017
Kudos: 62
Solutions: 9

Re: STUN Communication Failed

[ Edited ]

MCS_Mick wrote:

@UBNT-jeff I get 'bad address' when trying to ping 'unifi'. Pinging the actual controller IP is however successful.

 


Have you configured the applicable DNS server(s) to include the host / CNAME “unifi”? 

New Member
Posts: 18
Registered: ‎10-20-2016

Re: STUN Communication Failed

No...the site has an IT consultant involved. Are you saying it is the best resolution?
Is there an answer why four APs would be doing this?

Thanks.

Emerging Member
Posts: 329
Registered: ‎09-27-2017
Kudos: 62
Solutions: 9

Re: STUN Communication Failed

[ Edited ]

MCS_Mick wrote:

No...the site has an IT consultant involved. Are you saying it is the best resolution?
Is there an answer why four APs would be doing this?

Thanks.


As configured, the config you posted is trying to utilize "unifi", not an IP address. If the affected devices can't resolve "unifi" to an IP address, which is a function of DNS, it will never work.

 

There are a variety of reasons which could result in just 4 APs being affected. Are they on a different subnet than the other APs? If so, is the DHCP scope for that subnet set up to provision preferred (or indeed any ...) DNS servers? If so, are those DNS servers different from the ones being provisioned to the other APs? Is every DNS server these APs might touch configured with a record (either host or CNAME, although IMO CNAME is preferable) for "unifi"? etc. etc.

 

The cheapest and easiest fix is simply to set inform for the affected APs to the IP address of the controller instead of "unifi", but that's not the ideal solution. This kit rather assumes that its going to be installed into an enterprise environment, which entails properly configured DHCP / DNS / routing infrastructure, etc.

New Member
Posts: 18
Registered: ‎10-20-2016

Re: STUN Communication Failed

Yeah I get it regarding the DNS entry required, I'm just surprised that's the path for resolution. Nothing had been changed and only the controller u/g and newer firmwares. Never had STUN msg prior and the exact same network settings are in play..seems a bit odd to get it now.
I know what the IT people are going to say but nonetheless we just need it resolved so I'll seek to get the entry made.
Cheers.

Emerging Member
Posts: 329
Registered: ‎09-27-2017
Kudos: 62
Solutions: 9

Re: STUN Communication Failed


MCS_Mick wrote:

Yeah I get it regarding the DNS entry required, I'm just surprised that's the path for resolution. Nothing had been changed and only the controller u/g and newer firmwares. Never had STUN msg prior and the exact same network settings are in play..seems a bit odd to get it now.
I know what the IT people are going to say but nonetheless we just need it resolved so I'll seek to get the entry made.
Cheers.


Quick question:

 

cat /etc/resolv.conf

 

Post the response

Emerging Member
Posts: 61
Registered: ‎02-19-2013
Kudos: 5
Solutions: 3

Re: STUN Communication Failed

Have you tried set inform again? I have this same issue with all our devices, and we have a mix of AP's, switches, and routers. Ever since we moved our controller to Azure. Again, all of our devices have this STUN error. We are an MSP and host a single controller in Windows for all of our customers. About 60 devices.
Emerging Member
Posts: 329
Registered: ‎09-27-2017
Kudos: 62
Solutions: 9

Re: STUN Communication Failed

[ Edited ]

SportinSS wrote:
Have you tried set inform again? I have this same issue with all our devices, and we have a mix of AP's, switches, and routers. Ever since we moved our controller to Azure. Again, all of our devices have this STUN error. We are an MSP and host a single controller in Windows for all of our customers. About 60 devices.

You need to configure your firewall rules in Azure to allow inbound UDP traffic on port 3478.

Emerging Member
Posts: 61
Registered: ‎02-19-2013
Kudos: 5
Solutions: 3

Re: STUN Communication Failed

Yeah I did that, UDP and TCP, no dice.
Emerging Member
Posts: 329
Registered: ‎09-27-2017
Kudos: 62
Solutions: 9

Re: STUN Communication Failed


SportinSS wrote:
Yeah I did that, UDP and TCP, no dice.

I've only had to mess with it once, but as I recall getting ports opened in all of the various places Azure required was a beast. There was no "this is the one setting you have to change" IIRC. I had to change it in like three or four different places. BY the time I finally got it to pass traffic I was near homicidal. The interface for that product is abysmal IMO.

 

Have you tested STUN communications with a STUN client? I'm willing to bet that you'll find the port isn't actually open.

Emerging Member
Posts: 61
Registered: ‎02-19-2013
Kudos: 5
Solutions: 3

Re: STUN Communication Failed

STUN client? I did from a website a while back that just tested ttge port open. But I hhat avent been able to find a client for windows.
Emerging Member
Posts: 329
Registered: ‎09-27-2017
Kudos: 62
Solutions: 9

Re: STUN Communication Failed

[ Edited ]

SportinSS wrote:
STUN client? I did from a website a while back that just tested ttge port open. But I hhat avent been able to find a client for windows.

https://sourceforge.net/projects/stun/files/WinStun/0.96/

 

if the port isn't actually open, you'll see something like this:

 

Could not reach the stun server - check server name is correct
Does not preserve port number
Does not supports hairpin of media
Public IP address: 0.0.0.0

If it's working, it'll look (something) like this:

 

Nat with Independent Mapping and Port Dependent Filter - VoIP will work with STUN
Preserves port number
Does not supports hairpin of media
Public IP address: x.x.x.x

 or this:

 

No NAT detected - VoIP should work
Preserves port number
Supports hairpin of media
Public IP address: x.x.x.x

 

Ubiquiti Employee
Posts: 2,582
Registered: ‎01-11-2016
Kudos: 812
Solutions: 21

Re: STUN Communication Failed

@MCS_Mick Also, which controller version are you on?
Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
Having connectivity issues? See: https://help.ubnt.com/hc/en-us/articles/221029967-UniFi-Debugging-Intermittent-Connectivity-Issues-on-your-UAP
Emerging Member
Posts: 64
Registered: ‎02-09-2015
Kudos: 11

Re: STUN Communication Failed

I am having this issue with a fully up to date cloudkey. No idea why!

Highlighted
Ubiquiti Employee
Posts: 2,582
Registered: ‎01-11-2016
Kudos: 812
Solutions: 21

Re: STUN Communication Failed

@bnakash As a quick test, you can stop the controller, do "nc -u -l 3478" on the controller, and then "echo test | nc -u CONTROLLER_IP 3478" on a local Linux box. And if you don't see "test" on the controller terminal, then you have a firewall issue.
Want to try out new features or fixes before they're released as Stable? Sign up for Beta here: https://help.ubnt.com/hc/en-us/articles/204908664-How-To-Signup-for-Beta-Access
Having connectivity issues? See: https://help.ubnt.com/hc/en-us/articles/221029967-UniFi-Debugging-Intermittent-Connectivity-Issues-on-your-UAP
New Member
Posts: 2
Registered: a week ago
Kudos: 1

Re: STUN Communication Failed

I don't understand something here. A few weeks ago, I didn't have "STUN Communication Failed" error in my unifi/ubiquiti APs.Now I do. I do not have a STUN server, so why would I need to open up a port through my firewall? From where? To where? in order to get this error to go away. There should be nothing exteranal from my network coming into the network needing to connect to my APs or my controller software machine.

 

Both my controller software (Docker on unRAID) and my 3 APs are on the same local lan (192.168.30.x, for example) and the 3 APs can ping the controller server's IP address. There is a firewall rule in place to allow all local lan traffic to other local lan devices.

 

Nothing has changed other than updating the firmware on the 3 APs (all 3 are UniFi AP-AC-Lite models running 3.9.3.7537 version, it seems).

New Member
Posts: 10
Registered: a week ago

Re: STUN Communication Failed

Opening UDP port doesn't work.

 

3 AP AC Pro's on 5.6.22 controller. Latest FW.

 

Didn't do it on previous controller revision.

Emerging Member
Posts: 329
Registered: ‎09-27-2017
Kudos: 62
Solutions: 9

Re: STUN Communication Failed

Your controller is a STUN server.
New Member
Posts: 10
Registered: a week ago

Re: STUN Communication Failed

yeah, no kidding....

 

now what?

Emerging Member
Posts: 329
Registered: ‎09-27-2017
Kudos: 62
Solutions: 9

Re: STUN Communication Failed

[ Edited ]

baileyj0611 wrote:

yeah, no kidding....

 

now what?


Look at the post above yours (which is who I was replying to).

 

"now what" is that you've probably always had STUN comm problems. The controller didn't used to tell you about it. Now it does.

 

What does your DNS infrastructure look like?

Reply