You are here: Integration > Reverse proxy and TURN server > When is RP/TURN/STUN required?

When is a reverse proxy, TURN server or STUN server required?

When your Conferencing Nodes are privately addressed, you will need to use a reverse proxy and a TURN server to allow external endpoints such as Infinity Connect and Lync / Skype for Business clients to access your Pexip Infinity services. A TURN server can also act as a STUN server, however, in some Pexip Infinity deployment scenarios where the TURN server is deployed inside your enterprise firewall, you may need to configure a separate, external STUN server.

When connecting to a privately-addressed Conferencing Node, Infinity Connect WebRTC clients that are behind a NAT may also use a STUN server to find out their public NAT address.

The following table shows when each of these devices needs to be deployed. When used, they must be publicly accessible, and routable from your Conferencing Nodes.

External endpoint / client Conferencing Node addresses Reverse proxy TURN server STUN server
(for Conferencing Nodes)
STUN server
(for WebRTC clients behind NAT)

Infinity Connect WebRTC clients

Private (on-premises)

(if the TURN server is inside the firewall)

Lync / Skype for Business clients* Private (on-premises) -

(if the TURN server is inside the firewall)

Any endpoint / client Publicly reachable — either directly or via static NAT - - - -
* Also requires a Lync / Skype for Business Edge server when Conferencing Nodes are privately addressed

Note that you may also need to deploy a reverse proxy if you want to host multiple Infinity Connect Web App customizations.