Foundry Virtual Tabletop includes built-in technology to allow for audio/video (A/V) calls shared between all of the players in your game. This is achieved using a technology called WebRTC which is a standard specification for Real Time Communications. In order to enable A/V functionality in Foundry VTT, you will need to satisfy some specific requirements.

Warning: Most importantly, in order to use built-in AV you need to run Foundry VTT using SSL certificates.


What You Need

The following are requirements in order to use A/V functionality:

Why do I need SSL certificates?

For security reasons, browsers (such as Chrome or Firefox) will not let a website capture your camera and microphone unless that connection is secure. In order for the connection to be secure, the website needs to be access using https:// rather than http://. In order to enable HTTPS support in Foundry VTT, you will need an SSL certificate. You have two choices for that, either you create a valid SSL certificate generated by a trusted Certificate Authority for your domain name, or you create the certificate by yourself. Regardless of the choice you make (and the security concerns with the self signed certificate method), the use of HTTPS is simply to allow the browser to capture from your webcam and microphone and in this case isn’t really used to ensure a secure connection between you and your players.

How can I create a self-signed certificate?

Creating your own SSL certificate is easier to achieve so we’ll start with that. While it is easier, it does not guarantee security because it does not efficiently protect the data transiting over the internet and a hacker, a three-letter government agency or your ISP (Internet Service Provider) could potentially monitor your communications. It is however still more secure than not having an SSL certificate and simply using http://

When using a self-signed certificate, your browser will warn you about entering an unsecured site when you visit it for the first time. You will need to click on the "Advanced" button and then "Proceed". Here are some links which explain methods of creating a self-signed certificates for different platforms:

How can I create a trusted certificate?

The ideal method for enabling SSL is to create a valid certificate using a trusted Certificate Authority. This process is more complicated, and it requires having a registered domain name which points to your server IP address. If you have bought a domain name or use a web hosting service, you might have the ability to create a valid certificate from your service provider directly. Otherwise, simply follow the instructions provided by the Let’s Encrypt project which provides free verified SSL certificates.


A/V Connectivity Guide

To configure Foundry VTT to use the certificate you have created, you need to copy the certificate and the private key to your FVTT’s Config directory, and then edit the options.json file and specify the filename of the certificate and the key file under the sslCert and sslKey fields.

From within the Foundry app, the AV Configuration panel is accessible from the Settings sidebar within your active World. This allows you to customize the A/V broadcast mode (including enabling or disabling it), configure a custom signaling or relay server, and designate your preferred webcam and microphone hardware.

Using the Built-In Relay Server

You can customize the signaling and relay servers used for A/V functionality within the AV Config application accessed through the Settings Sidebar. The Foundry VTT server also acts as a signalling server so there is nothing to do here either. As long as you can connect to FVTT, you are good to go. FVTT also has support for using an external signalling server if you wish and the GameMaster can configure it in the Audio/Video Configuration window under the Server tab. Using a custom server might be preferred if you are having trouble setting up a relaying server, though you can also configure a custom relay server to use directly.

Note

When you make an audio or video call using Foundry VTT, every player connects to every other player using peer-to-peer connections.

WebRTC Mesh Network
An example visualization of how the mesh network structure works with peer-to-peer calls.

Unfortunately, due to various factors, two participants in the call may be unable to connect to each other. This can occur due to firewalls or other routing settings which do not work well together. In such (rare) situations, a player may not be able to interface with the call. This can be solved through use of a Relay Server which acts as a middle-point to which both players connect and exchange their audio and video streams. The Foundry VTT server automatically starts a relay server which can be used for your calls - but the built in relay server does require a few things in order to work properly:

If you are self hosting Foundry VTT and you have not done any port forwarding, then the relay server may not work correctly for you. If you are using a server such as AWS or DigitalOcean or any other VPS service, then as long as the proper ports are allowed access to the server, you shouldn’t have any issues.

Foundry’s Relay Server

You can use the relay server included with the Foundry VTT server. In the options.json file of the FVTT’s Config directory, you can customize its behavior with the following fields (default values are given here if those keys are not specified) :

"turnListeningPort": 33478,
"turnListeningIps": ["0.0.0.0"],
"turnRelayIps": [],
"turnMinPort": 49152,
"turnMaxPort": 65535

Warning: If your host machine is behind a NAT you must configure port forwarding in your router to make sure UDP port 33478 and the UDP port range 49152-65535 are forwarded to your machine properly.

Using a Custom Relay Server

You may run a custom relay server using an external application such as coturn, which is a more advanced relay server which supports things such as relaying over UDP and TCP, using SSL for encrypting relayed data, use of a database for authentication, and many more options, as well as being optimized for heavy traffic production-ready systems. If you use such a custom relay and would like to tell Foundry VTT to use it by default for all players, or you would like to disable the use of the FVTT provided relay server entirely, you can do so by providing an array of configurations in the turnConfigs field in the options.json file.

"turnConfigs": [{
      "url": "turn:example.com:3478",
      "urls": ["turn:example.com:3478", "turns:example.com:5349"],
      "username": "my username",
      "credential": "my password"
    }
  ]

To disable Foundry’s relay server, simply provide an empty list of turn configurations.


Glossary of A/V Related Terminology

NAT

Network Address Translation (Routers create a NAT from the local network to the outside)

STUN

Simple Traversal of UDP through NAT (A tool for UDP hole-punching through NATs)

TURN

Traversal Using Relays around NAT (A relay for data)

ICE

Interactive Connectivity Establishment (A methodology for using STUN (and TURN) to ensure a connection between 2 peers)

SDP

Session Description Protocol (A protocol for describing media, like “we want to share audio, here are the codecs we support, here are our list of ICE candidates (IP addresses), etc… “)

RTP

Real Time Protocol (Protocol used to packetize the audio and video encoded streams over UDP packets)

RTC

Real Time Communications (A broad name that encapsulates all of these technologies (and more) to make them work together so we can have real time communications)