Hi,
For openvidu pro on-prem, is it possible to deploy master node in a DMZ and keep media node inside LAN without fronting internet? Or media node will always need internet access? Can’t master just relay all traffic toward media node inside LAN and vice versa?
It is possible, but you will experience a bottleneck in Coturn. All the traffic will go through that service.
You need to configure OPENVIDU_PRO_COTURN_IN_MEDIA_NODES=false in master node and open port 3478 TCP/UDP also in the master node. Make sure master nodes can reach all media nodes at ports 40000-65535 so relay connections can be established.
An alternative approach could involve setting up a TURN server within a separate DMZ. This TURN server would need to be configured with the capability to access the media nodes through ports 40000-65535.
https://docs.openvidu.io/en/stable/deployment/allow-users-behind-firewalls/