coturn: Need help configurating my server correctly

I am trying to set up a STUN/TURN server on my local computer for a webrtc application of me. I decided to use coturn. Note that my server is running behind a NAT.

So i fired up my Ubuntu VM and installed it. After reading through the wiki I got it working, atleast on my local network. For testing purposes, i use this site. Therefore, when i try it there with 192.168.178.25:3478, it works. When i try it with "public-ip":3478, it doesnt.

This told me, it is working locally and it should be a port/NAT issue. What i did:

1) I set the VM to Bridging

2) I opened the port 3478 on my router. To test if this is really working, i used telnet on a remote machine and it worked. Another test was that i set up a quick apache server on my local machine on port 3478 and it could be accessed from the outside. This told me that there is, or should be, not port/NAT issue and my turn server should be working.

Any ideas?

I am running my server with the following command:

"sudo turnserver -X "public-ip" -listening-port=3478 -v

The turnserver.conf looks something like this:

  • fingerprint

  • realm="myRealm"

  • lt-cred-mech

  • user=test:test

As telnet and apache server are both working, i am pretty sure i have a configuration issue. I basically spent the weekend trying and im really lost on what could be wrong.

Thanks for any help!

  • WebSocket connection to a server behind NAT

    I am building a system in which multiple devices are talking to each other using WebSocket connection. The data needs to be transferred in real-time and it can vary in volumes from several bytes to streams of images. Therefore, data providers run WebSocket servers and data consumers request data from them. Everything is working fine on the same network if I use IP addresses to connect to WebSocket servers. But what to do, if I have WebSocket server behind a NAT and I cannot configure port forwarding? I have a separate external machine, with known IP address, which can be accessed from anywhere and I've started digging into STUN/TURN protocols, but did not come to any result so far and I would be glad if there is already a ready to use solution.

  • Using TURN/STUN server for local communication

    I've started working on a cloud solution that has a part when 2 clients (in java) needs to talk to each other (TCP over SSL). However we have no network topology requirements so clients might or might not be on the same network.

    I was reading about TURN/STUN server that could provide the communication when direct connection is not available.

    From what I understand having TURN server in cloud with STUN should basically find shortest route between clients but it always mentions NAT traversal but what if clients are on local network? Will they connect to each other directly?

    Or should I put both client IPs into Cloud DB and when connection is initiated clients should try direct connection first and then fallback to TURN if failed.

    Thanks

  • COTURN treats new user from same address/port combination as same user

    I'm using COTURN as a STUN/TURN server in combination with ice4j as the client sided library.

    For TURN I use a LongTermCredential. The first time I request a relay candidate from the turn server this works (I can e.g. connect 2 clients). But if I now terminate those clients (not gracefully), any new incoming connections to the turn server from the same address/port combination will be treated as the same user/session and get an error 437: Mismatched allocation: wrong transaction ID.

    The Binding request will succeed, but I won't be able to obtain a TURN candidate from this.

    Is there anyway to make coturn use a new session on each new request using a different user?

  • How can i have TURN protocol request?

    I want to connect to Coturn ICE server with TURN protocol in my android app , but I can't find any library or sample code to connect Coturn server.

  • What may be the expected percentage of connections that will fallback to TURN?

    Say I have built the WebRTC video chat website, some connections after the handshake (ICE Candidates) will go directly p2p, some will use the STUN server, and some will use the "last resort" the TURN server to establish the connection. TURN server based connection is very expensive compared to the direct connection and the STUN connection (which are free) because all traffic must actually go through the TURN server.

    How can we estimate the percentage of connections of random users that will need to to go via TURN? Imagine we know very little about the expected audience, except that the majority is in the US. I believe it must be difficult to figure, but my current estimation is somewhere beween 1% and 99%, which is just too wide, can this at least be narrowed down?

  • WebRTC STUN/TURN Server Connection Problem on Host

    I am trying to develop a webrtc application on web I have set up a stun/turn server on Centos 7 and it seems everything works fine on test.webrtc.com and ice trickle test. When both peers join the call from same network connection it also works but if they are on different networks connection fails.

    Time    Component   Type    Foundation  Protocol    Address Port    Priority
    0.003   1   host    2520168268  udp my-ip-adress    53077   126 | 32542 | 255
    0.003   1   host    913901197   udp 192.168.1.111   53078   126 | 32286 | 255
    0.106   1   host    3635760060  tcp my-ip-adress    9   90 | 32542 | 255
    0.106   1   host    2029714045  tcp 192.168.1.111   9   90 | 32286 | 255
    0.163   1   srflx   3073441849  udp 78.167.181.140  53078   100 | 32286 | 255
    0.237   1   relay   4269116220  udp server-ip   49700   2 | 32286 | 255
    

    ice trickle with relay

    Time    Component   Type    Foundation  Protocol    Address Port    Priority
    0.189   1   relay   4269116220  udp server-ip-adress    60723   2 | 32286 | 255
    

    This is how my COTURN server settings are;

    listening-port=3478
    tls-listening-port=5349
    listening-ip=server-ip
    relay-ip=server-ip
    external-ip=server-ip
    lt-cred-mech
    realm=domain-name
    user=username1:key1
    cert=/etc/letsencrypt/live/domain-name/fullchain.pem
    pkey=/etc/letsencrypt/live/domain-name/privkey.pem
    no-stdout-log
    syslog
    pidfile="/var/run/turnserver/turnserver.pid"
    

    And logs when I run the server here ;

    0: log file opened: /var/log/turn_23152_2018-09-01.log
    0:
    RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
    Version Coturn-4.5.0.7 'dan Eider'
    0:
    Max number of open files/sockets allowed for this process: 4096
    0:
    Due to the open files/sockets limitation,
    max supported number of TURN Sessions possible is: 2000 (approximately)
    0:
    
    ==== Show him the instruments, Practical Frost: ====
    
    0: TLS supported
    0: DTLS supported
    0: DTLS 1.2 supported
    0: TURN/STUN ALPN supported
    0: Third-party authorization (oAuth) supported
    0: GCM (AEAD) supported
    0: OpenSSL compile-time version: OpenSSL 1.0.2k-fips  26 Jan 2017 (0x100020bf)
    0:
    0: SQLite supported, default database location is /var/db/turndb
    0: Redis supported
    0: PostgreSQL supported
    0: MySQL supported
    0: MongoDB is not supported
    0:
    0: Default Net Engine version: 3 (UDP thread per CPU core)
    
    =====================================================
    
    0: Listener address to use: server-ip-adress
    0: Relay address to use: server-ip-address
    

    and I shut down the firewall of the server in case it blocks the connection but still no difference