How exactly does the TURN server work?
Jozef Zápotocký
This configuration works well, but the TURN server is not involved in the operation.
When I close UDP ports on BBB servers, I can access the interface but it reports: Connection failure (ICE error 1007)
Should it work and I only have an error in network configuration?
sd...@distancelearning.cloud
Looks like you are using the external turn config , 2.6 has coturn embedded with the bbb server with standard bbb-install.sh
The turn is used by the client when it cant get thru its udp ports.( in corporate network ) A good test with firefox about:config you can tell it to always relay and force turn. Or block udp on your client device.
The bbb servers needs UDP, and it talks to the turn which can relay the media with tcp.
Freeswitch/mediasoup need UDP data to work so server UDP ports open.
Your getting a 1007 most like because freeswitch SDP is failing to connect to TURN
Regards,
Stephen
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/ea293529-bbe4-4159-9f99-a3011062f367n%40googlegroups.com.
Jozef Zápotocký
BBB installation / configuration
$ wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.5.sh | bash -s -- -v focal-250 -s bbb.demo.domain -e mym...@demo.domain -a -w -g -c turn.demo.domain:00000000000000000000000000000000
$ ip addr add A.A.A.10 dev lo
$ ip route add A.A.A.15/32 via B.B.B.17 dev ens160
TURN installation / configuration
$ wget -qO- https://ubuntu.bigbluebutton.org/bbb-install-2.5.sh | bash -s -- -c test.demo.domain:00000000000000000000000000000000 -e mym...@demo.domain
$ ip addr add A.A.A.15 dev lo
$ ip route add A.A.A.10/32 via B.B.B.12 dev ens160
From BBB server
$ bbb-conf --status
nginx —————————————————► [✔ - active]
freeswitch ————————————► [✔ - active]
redis-server ——————————► [✔ - active]
bbb-apps-akka —————————► [✔ - active]
bbb-fsesl-akka ————————► [✔ - active]
tomcat9 ———————————————► [✔ - active]
mongod ————————————————► [✔ - active]
bbb-html5 —————————————► [✔ - active]
bbb-webrtc-sfu ————————► [✔ - active]
kurento-media-server ——► [✔ - active]
bbb-html5-backend@1 ———► [✔ - active]
bbb-html5-backend@2 ———► [✔ - active]
bbb-html5-frontend@1 ——► [✔ - active]
bbb-html5-frontend@2 ——► [✔ - active]
etherpad ——————————————► [✔ - active]
bbb-web ———————————————► [✔ - active]
bbb-pads ——————————————► [✔ - active]
bbb-rap-caption-inbox —► [✔ - active]
bbb-rap-resque-worker —► [✔ - active]
bbb-rap-starter ———————► [✔ - active]
$ bbb-conf --check
BigBlueButton Server 2.5.16 (3227)
Kernel version: 5.4.0-146-generic
Distribution: Ubuntu 20.04.6 LTS (64-bit)
Memory: 16392 MB
CPU cores: 8
/etc/bigbluebutton/bbb-web.properties (override for bbb-web)
/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (bbb-web)
bigbluebutton.web.serverURL: https://bbb.demo.domain
defaultGuestPolicy: ALWAYS_ACCEPT
svgImagesRequired: true
defaultMeetingLayout: CUSTOM_LAYOUT
/etc/nginx/sites-available/bigbluebutton (nginx)
server_name: bbb.demo.domain
port: 80, [::]:80
port: 443 ssl
/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH)
local_ip_v4: B.B.B.12
external_rtp_ip: A.A.A.10
external_sip_ip: A.A.A.10
/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH)
ext-rtp-ip: $${external_rtp_ip}
ext-sip-ip: $${external_sip_ip}
ws-binding: A.A.A.10:5066
wss-binding: A.A.A.10:7443
/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
playback_host: bbb.demo.domain
playback_protocol: https
ffmpeg: 4.2.7-0ubuntu0.1
/usr/share/bigbluebutton/nginx/sip.nginx (sip.nginx)
proxy_pass: A.A.A.10
protocol: http
/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (Kurento SFU)
/etc/bigbluebutton/bbb-webrtc-sfu/production.yml (Kurento SFU - override)
kurento.ip: A.A.A.10
kurento.url: ws://127.0.0.1:8888/kurento
kurento.sip_ip: A.A.A.10
recordScreenSharing: true
recordWebcams: true
codec_video_main: VP8
codec_video_content: VP8
/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)
/etc/bigbluebutton/bbb-html5.yml (HTML5 client config override)
build: 2906
kurentoUrl: wss://turn.demo.domain/bbb-webrtc-sfu
enableListenOnly: true
sipjsHackViaWs: true
/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml (STUN Server)
stun: turn.demo.domain
# Potential problems described below
$ stun turn.demo.domain
STUN client version 0.97
Primary: Open
Return value is 0x000001
$ stun A.A.A.15
STUN client version 0.97
Primary: Open
Return value is 0x000001
$ stun B.B.B.17
STUN client version 0.97
Primary: Open
Return value is 0x000001
$ ssh turn.demo.domain
Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 5.4.0-146-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Mon 10 Apr 2023 12:47:39 PM UTC
System load: 0.0 Processes: 156
Usage of /: 42.1% of 14.66GB Users logged in: 1
Memory usage: 26% IPv4 address for ens160: B.B.B.17
........
it works
From TURN machine
$ cat /etc/turnserver.conf
listening-port=3478
tls-listening-port=443
external-ip=A.A.A.15/B.B.B.17
min-port=32769
max-port=65535
verbose
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=941454e93afa24af5194eb38a2f9534c
realm=demo.domain
cert=/etc/turnserver/fullchain.pem
pkey=/etc/turnserver/privkey.pem
cipher-list="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
dh-file=/etc/turnserver/dhp.pem
keep-address-family
no-cli
no-tlsv1
no-tlsv1_1
$ ssh bbb.demo.domain
Welcome to Ubuntu 20.04.6 LTS (GNU/Linux 5.4.0-146-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Mon 10 Apr 2023 12:47:42 PM UTC
System load: 0.0 Processes: 156
Usage of /: 42.1% of 30.66GB Users logged in: 1
Memory usage: 26% IPv4 address for ens160: B.B.B.12
........
it works
From local machine
$ stun turn.demo.domain
STUN client version 0.97
Primary: Independent Mapping, Port Dependent Filter, preserves ports, no hairpin
Return value is 0x000017
$ stunclient --mode full --localport 30000 turn.demo.domain 3478
Binding test: success
Local address: 192.168.0.2:30000
Mapped address: B.B.B.17:30000
Behavior test: success
Nat behavior: Endpoint Independent Mapping
Filtering test: success
Nat filtering: Address and Port Dependent Filtering
sd...@distancelearning.cloud
I jumped on your greenlight and got 1007 with direct connect, and also with firefox which should force relay thru turn
You can delete the acct, and set greenlight to not accept open registrations.
This is the SDP seen in my browser, freeswitch is trying to send media 194.145.180.141 udp to me…
{"type":"answer","sdp":"v=0\r\no=FreeSWITCH 1681220868 1681220869 IN IP4 194.145.180.141\r\ns=FreeSWITCH\r\nc=IN IP4 194.145.180.141\r\nt=0 0\r\na=msid-semantic: WMS ugxvhFT37y5AmyCuAsddkMc3X3faBQ9V\r\nm=audio 21444 UDP/TLS/RTP/SAVPF 111 110\r\na=rtpmap:111 opus/48000/2\r\na=fmtp:111 useinbandfec=1; maxaveragebitrate=64000; maxplaybackrate=48000; sprop-maxcapturerate=48000; minptime=10\r\na=rtpmap:110 telephone-event/48000\r\na=ptime:20\r\na=fingerprint:sha-256 87:D6:AE:0B:0B:47:51:83:76:4F:10:DB:39:F3:BE:A5:02:D4:08:C4:C6:D9:3A:A5:4A:8F:E4:88:42:5E:6D:69\r\na=setup:active\r\na=rtcp-mux\r\na=rtcp:21444 IN IP4 194.145.180.141\r\na=ice-ufrag:bZMmBPfpIlqa1qWO\r\na=ice-pwd:N3IGTxv7hMypwkYxaAKCfPRO\r\na=candidate:3027043467 1 udp 2130706431 194.145.180.141 21444 typ host generation 0\r\na=candidate:6273997270 1 udp 2130706431 194.145.180.141 21444 typ host generation 0\r\na=end-of-candidates\r\na=ssrc:1815949648 cname:Wxg420YZoUqBiTVI\r\na=ssrc:1815949648 msid:ugxvhFT37y5AmyCuAsddkMc3X3faBQ9V a0\r\na=ssrc:1815949648 mslabel:ugxvhFT37y5AmyCuAsddkMc3X3faBQ9V\r\na=ssrc:1815949648 label:ugxvhFT37y5AmyCuAsddkMc3X3faBQ9Va0\r\n"}
Not sure about the ip addr rules you added.
The bbb-install script configures a server with public/private.
The turn helps endusers get thru their restrictive networks.
Getting a bbb server sitting behind a edge router with only 443 and having all media work?
Regards,
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/79d4edc5-9da2-49e2-aa61-948cc5b28707n%40googlegroups.com.
Jozef Zápotocký
- A dummy NIC with IP A.A.A.10 is created on BBB servers
- A dummy NIC with IP A.A.A.15 is created on TURN servers
- All traffic from BBB server to TURN FW is redirected to TURN server
- All traffic from TURN server to BBB FW is redirected to BBB server
$ stun turn.demo.domain
STUN client version 0.97
Primary: Open
Return value is 0x000001
$ stun A.A.A.15
STUN client version 0.97
Primary: Open
Return value is 0x000001
$ stun B.B.B.17
STUN client version 0.97
Primary: Open
Return value is 0x000001
Jarreb Ahsan
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/18ed601d96c72%24792dda60%246b898f20%24%40distancelearning.cloud.