Port and firewall configuration for best VSee video calls

Overview

VSee Messenger will attempt to navigate network architecture to its best ability. However, in order to guarantee the best results, please add the following port and firewall rules to your corporate firewall / router systems.

Please note VSee is generally not able to provide the fixed IP addresses for these servers because they may be switched without prior notification. However, other than the bandwidth server, most IPs are relatively stationary.

Simplified Rules

If *.vsee.com can be whitelisted, please add them into your firewall rules with the following ports:

Purpose	Protocol: Port	Detail Servers
VSee Directory, Relay, Call management, Diagnostics etc Required for VSee Messenger authentication, address book services, establishing video calls, video packets relay, VSee Messenger chat communication.	UDP (STUN): 3478, 6000, 6001, 6256 UDP: 6000, 1853 UDP: 10000 TCP (XMPP) 5222 TCP: 3478 HTTPS – TLS 1.2: 443 TLS: 443 UDP: 49152 – 65535 (TURN allocated)	*.vsee.com
Network route for peer-to-peer UDP (Optional) For optimal performance: Allowing for VSee endpoints to directly communicate with each other. This will improve A/V performance and reduce load on firewalls and web proxies.	UDP	any host
Call presence and reporting Update VSee user’s status, e.g. Offline, Online, In a call, Busy, etc.	HTTPS: 443	*.pubnub.com vsee-activeapi.firebaseio.com
Cloud recording service Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.	HTTPS – TLS: 443	s3.amazonaws.com
Measure bandwidth for video quality adjustment VSee Messenger will call this service to test user’s bandwidth upon launch. Used for choosing optimal call quality.	HTTP(S): 80, 443	bw.vsee.com

Network Security Diagram

Detailed Rules (US Customers)

Please note the servers listed below are for calls within the United States only.

If *.vsee.com cannot be whitelisted, the following subdomains and ports are required. Please note the servers listed below are for calls within the United States only.

Purpose	Protocol: Port	Detail Servers
VSee Directory Authentication and address book services for VSee Messenger and in-browser call and chat.	TCP (XMPP): 5222 HTTPS – TLS 1.2: 443	talk.vsee.com xmpp01.vsee.com – 52.52.36.123 xmpp02.vsee.com – 52.52.111.88 xmpp03.vsee.com – 52.52.245.139 xmpp04.vsee.com – 54.215.77.199
Call management Establishing and managing VSee video call sessions.	HTTPS – TLS 1.2: 443	api.vsee.com – 13.52.171.113, 52.9.150.124, 184.72.21.195 client.vsee.com – 13.52.171.113, 52.9.150.124, 184.72.21.195
Chat file transfer File transfer inside of VSee Messenger and in-browser chat sessions.	HTTPS – TLS 1.2: 443	assets.vsee.com – 13.52.171.113, 52.9.150.124, 184.72.21.195
Call presence and reporting Update VSee user’s status, e.g. Offline, Online, In a call, Busy, etc.	HTTPS: 443	*.pubnub.com vsee-activeapi.firebaseio.com
Messenger diagnostics Various diagnostic messages in VSee Messenger.	HTTPS – TLS 1.2: 443	ironmq.vsee.com – 13.52.171.113, 52.9.150.124, 184.72.21.195
Messenger update service Automated check for new versions of VSee Messenger.	HTTPS – TLS 1.2: 443	cloudfront.vsee.com
Cloud recording (optional depends on contract) Record video calls performed via VSee Messenger and/or in-browser calls. The calls will be recorded on the server side and will be available via a cloud link.	HTTPS – TLS: 443	s3.amazonaws.com
Bandwidth Test Measure bandwidth for video quality adjustment	HTTP: 80 HTTPS: 443	bw.vsee.com
Profile management (optional) Managing VSee user profile – changing profile details, changing password, etc.	HTTPS – TLS 1.2: 443	vsee.com my.vsee.com – 13.52.171.113, 52.9.150.124, 184.72.21.195
Network route for peer-to-peer UDP (recommended) For optimal performance: Allowing for VSee endpoints to directly communicate with each other. This will improve A/V performance and reduce load on firewalls and web proxies. VSee Messenger will attempt to bind local UDP port 6000-6255 but router might allocate other public port.	Inbound and outbound for UDP on any port	Any hosts
Discover network route for peer-to-peer UDP (optional)	UDP (STUN): 3478, 6000, 6001, 6256	stun01.vsee.com – 50.18.91.143 stun02.vsee.com – 52.52.56.79 stun-map01.vsee.com – 50.18.91.143 stun-map02.vsee.com – 52.52.56.79 net.vsee.com net-1.vsee.com – 50.18.91.143 net-2.vsee.com – 52.52.56.79
US TURN Servers ** Servers that relay packets during VSee video call in case no peer-to-peer connection can be established.	UDP: 3478 TCP: 3478 TLS: 443 UDP: 49152 – 65535 (TURN allocated)	cl-coturn.vsee.com cl-coturn-use01.vsee.com – 34.195.60.220 cl-coturn-use02.vsee.com – 3.91.120.247 cl-coturn-use03.vsee.com – 18.204.252.34 cl-coturn-use04.vsee.com – 34.198.123.188 cl-coturn-use05.vsee.com – 3.94.156.192 cl-coturn-use06.vsee.com – 44.198.130.26 cl-coturn-use07.vsee.com – 3.216.83.102 cl-coturn-use08.vsee.com – 18.213.46.117 cl-coturn-usw01.vsee.com – 52.52.31.136 cl-coturn-usw02.vsee.com – 13.52.175.91 cl-coturn-usw03.vsee.com – 52.9.63.102 cl-coturn-usw04.vsee.com – 54.177.39.6 cl-coturn-usw05.vsee.com – 54.151.95.19 cl-coturn-usw06.vsee.com – 54.215.118.248 cl-coturn-usw07.vsee.com – 52.9.100.25 cl-coturn-ohio01.vsee.com – 3.15.110.201 cl-coturn-ohio02.vsee.com – 3.14.225.49 cl-coturn-oregon01.vsee.com – 34.210.252.42 cl-coturn-oregon02.vsee.com – 44.231.34.161 Test TURN connectivity here
Region Identification Service Used to detect the endpoint’s region, to choose the optimal video bridge server for better call performance.	TCP: 443	region.vsee.com – 13.52.171.113, 52.9.150.124, 184.72.21.195
Video Bridge ** During a VSee video call networking packets may pass through a video bridge server for best perfomance.	TCP: 443 UDP: 10000	US West Coastjvb01-ncal.vsee.com – 54.151.67.234 jvb02-ncal.vsee.com – 54.177.202.54 jvb03-ncal.vsee.com – 54.215.26.79 jvb04-ncal.vsee.com – 54.219.55.241 jvb05-ncal.vsee.com – 184.169.198.132 jvb06-ncal.vsee.com – 54.177.84.55 jvb07-ncal.vsee.com – 54.67.10.243 jvb08-ncal.vsee.com – 54.176.204.219 jvb09-ncal.vsee.com – 184.72.28.249 jvb10-ncal.vsee.com – 50.18.195.100 US East Coastjvb01-nvir.vsee.com – 35.174.23.28 (existing) jvb02-nvir.vsee.com – 34.237.10.5 (existing) jvb03-nvir.vsee.com – 34.232.244.246 (existing) jvb04-nvir.vsee.com – 18.214.46.241 jvb05-nvir.vsee.com – 18.214.51.10 jvb06-nvir.vsee.com – 54.242.133.141 jvb07-nvir.vsee.com – 54.147.165.97 jvb08-nvir.vsee.com – 34.236.235.124 jvb09-nvir.vsee.com – 54.204.161.153 jvb10-nvir.vsee.com – 174.129.121.60 Test new video bridge connectivity here
US Relays Relay packets in case no peer-to-peer connection and no TURN connection can be established.	UDP: 6000, 1853 HTTP:80 HTTPS: 443	`cl-relay.vsee.com` `usw01-rel.vsee.com -- 54.215.19.55` `usw02-rel.vsee.com -- 184.72.50.82`
Connectivity Testing Service A set of test tools to define if the VSee user’s network conditions are good enough for video calls, checking the reachability of critical VSee infrastructure.	HTTPS: 443	`test.vsee.com - 3.95.130.94`

** Subject to change with at least 1 month of prior notice. We might be adding more video bridge / TURN servers for better performance

Performance Impact of Web Proxies: The VSee client can connect to all the above hosts via a Web Proxy. However, A/V performance will be dependent on the Web Proxy’s capacity. Some factors that might affect performance through a proxy are:

Load on the Web Proxy
Prioritization of persistent HTTP(S) connections through the proxy.

For optimal performance:

The Web Proxy should allow persistent HTTP(S) connections.
The Web Proxy should be configured to allow traffic to the VSee TURN Servers to proceed directly.

Detailed Rules (International Customers)

For international customers, please apply all rules in the US Customers section as well as the following:

Purpose	Protocol: Port	Detail Servers
International TURN servers	UDP: 3478 TCP: 3478 TLS: 443 UDP: 49152 – 65535 (TURN allocated)	cl-coturn.vsee.com cl-coturn-me01.vsee.com – 15.185.164.222 cl-coturn-sg01.vsee.com – 18.138.7.255 cl-coturn-sg02.vsee.com – 18.138.205.235 cl-coturn-euw01.vsee.com – 108.128.27.231

Testing VSee Connectivity

You can use the following page to test for basic VSee connectivity: VSee Network Test Page
If any of the test above result in failure, you need to resolve it first.
All tests pass might not mean you will have a successful call. It is important to ensure that the firewall rules are to follow.

Update on 21 Jun 2022:

Removed International Relays sg01-rel.vsee.com, euw01-rel.vsee.com

Update on 15 Jun 2022:

Removed US Relays use01-rel.vsee.com, use02-rel.vsee.com

Update on 30 May 2022:

Added TURN connectivity test URL – https://test.vsee.com/turn
Added new TURN servers
- US EAST – cl-coturn-use04.vsee.com, cl-coturn-use05.vsee.com, cl-coturn-use06.vsee.com, cl-coturn-use07.vsee.com, cl-coturn-use08.vsee.com
- US WEST – cl-coturn-usw03.vsee.com, cl-coturn-usw04.vsee.com, cl-coturn-usw05.vsee.com, cl-coturn-usw06.vsee.com, cl-coturn-usw07.vsee.com

Update on 4 Jun 2021:

Total of 20 video bridges will be available in Aug 1, 2021
IP addresses are added for convenience

Update on 16 Feb 2021:

Added 5 more video bridges jvb04-nvir.vsee.com, jvb01-ncal.vsee.com, jvb02-ncal.vsee.com, jvb03-ncal.vsee.com, jvb04-ncal.vsee.com
Removed port 4443, 10001-20000 range for video bridge
Removed US Relays usw03-rel.vsee.com, use03-rel.vsee.com, use04-rel.vsee.com, use05-rel.vsee.com
Removed International Relays euw02-rel.vsee.com
Removed International TURN server cl-coturn-sn01.vsee.com

Update on 13 July 2020:

Updated network connectivity test URL
Increase priority for Peer-to-peer UDP
Added 6001, 6256 port for STUN
Added note for new TURN, Video bridge will be added in with 1 month notice
Added region.vsee.com

Update on 8 Jun 2020:

Added cl-coturn-ohio01.vsee.com, cl-coturn-ohio02.vsee.com, cl-coturn-oregon01.vsee.com, cl-coturn-oregon02.vsee.com into TURN server list

Update on 1 Jun 2020:

Added UDP: 49152 – 65535 (TURN allocated) to TURN protocol / port info