Evercast is a modern, dynamic application that leverages WebRTC on our own servers as well as the STUN protocol from our providers at Google and Cloudflare. Where networking configurations (NAT) preclude STUN, we support a fallback to TURN via Cloudflare. 

app.evercast.us

login.app.evercast.us

router.evercast.us

The majority of our traffic will originate from these IP ranges:

TCP port 443 for traffic to app.evercast.us, login.app.evercast.us, and router.evercast.us (Note: firewall rules for these must not rely on a reverse DNS lookup of IPs, as these are CNAMEs)

TCP and UDP port 3478, and UDP ports 10000-60000, for traffic to the subnets listed above, and occasionally other AWS-based IP ranges as mentioned earlier

TCP and UDP port 19302 for traffic to stun.l.google.com (note this URL uses a lowercase “L” and not a capital “i”)

TCP and UDP ports 53 and 3478 for traffic to stun.cloudflare.com

Firewalls must be configured to allow STUN UDP traffic (ingress and egress) to properly establish the connection between clients and the media server. Alternatively or in addition, if you wish to enable TURN, allow the following ports:

TCP ports 80, 443, 3478, and 5349, and UDP port 53, for traffic to turn.cloudflare.com

UDP port 3478 for traffic to turnv2.realtime.cloudflare.com

(For additional information on TURN, please see this FAQ from Cloudflare)

If you are using the Evercast Box integration, you need to allow TCP port 443 access to *.evercast.us

If your firewall blocks outbound HTTP traffic by default, you need to allow http://r10.c.lencr.org (TCP port 80) to be able to fetch the CRL relevant to Evercast's “Let's Encrypt” certs.  We recommend allowing *.lencr.org.

Firewall access to our home page, evercast.us, is not required for Evercast functionality. The home page loads external resources from multiple locations. The “Sign in” link on the home page goes to app.evercast.us and users with restrictive firewalls should simply navigate directly to app.evercast.us for sign in.