Effective Date: 5/11/2026
Note: If you want to be informed when this information changes, please sign up here.
This page provides information on how to connect to Evercast using firewall access rules. It's intended for networking and IT professionals in your organization.
Evercast is a modern, dynamic application that leverages WebRTC on our own servers as well as the STUN protocol from our provider at Google.
app.evercast.us
login.app.evercast.us
router.evercast.us
The majority of our traffic will originate from these IP ranges:
- 76.76.17.0/24
- 161.199.67.0/24
- Occasionally we leverage other AWS-based IP ranges outside of these, primarily for rooms hosted in other world regions, as requested by customers for latency reasons.
TCP port 443 for traffic to app.evercast.us, login.app.evercast.us, and router.evercast.us (Note: firewall rules for these must not rely on a reverse DNS lookup of IPs, as these are CNAMEs.)
TCP and UDP ports 3478, 20000-25000 for traffic to the subnets listed above, and occasionally other AWS-based IP ranges as mentioned earlier.
TCP and UDP port 19302 for traffic to stun.l.google.com (note this URL uses a lowercase “L” and not a capital “i”)
Firewalls must be configured to allow stun UDP traffic (ingress and egress) to properly establish the connection between clients and the media server.
If you are using the Evercast Box integration, you need to allow TCP port 443 access to *.evercast.us
If your firewall blocks outbound HTTP traffic by default, you need to allow http://r10.c.lencr.org (TCP port 80) to be able to fetch the CRL relevant to Evercast's “Let's Encrypt” certs. We recommend allowing *.lencr.org.
Firewall access to our home page, evercast.us, is not required for Evercast functionality. The home page loads external resources from multiple locations. The “Sign in” link on the home page goes to app.evercast.us and users with restrictive firewalls should simply navigate directly to app.evercast.us for sign in.