Stun Server in BBB V2.6.11

[Wolfgang Pein]

Hi all,

I freshly installed BBB V2.6.11 on 2 different virtual servers (2 different network providers) and both work great (both behind router from AVM - FritzBox). However 1 installation always use Turn.

Using Wireshark I think the problem is with a STUN request which is rejected by the provider (communication administratively rejected). I have no idea why BBB is using this specific IP Adress which belongs to the provider.

So my question is: where do I specify the STUN-server to be used?

This is a standard install without changes. In previous versions I had to modify some files but according to documentation ( https://docs.bigbluebutton.org/administration/turn-server  ) I should modify file /etc/bigbluebutton/turn-stun-servers.xml but in this file there are no pre-defined entries for stun.

So what am I missing?

The other installation works as expected - without Turn!

Any comments are welcomed!

Wolfgang

[Wolfgang Pein]

I just checked both implementations with Wireshark and filter=stun.

The outcome is strange resp. I do not undertstand what is going on. The working BBB (with UDP) does use AVMs MyFritz for DNS resolution whereas the other implementation use other mechanism.

To decide whether Turn is used or not I checked the connection button in BBB which tells me whether Turn is used or not.

All tests are done on the same client PC/same network. I also tested demo.bigbluebutton.org which works with UDP as well.

In the wireshark trace I can see some strange user in the stun-request but obviously there is a binding request success packet from the BBB/Turn system - so far so good.

But immediately following is a stun packet with:  "allocate error response error-code 401 (unauthenticated) - unauthorized with nonce realm <DNS name of BBB/Turn-server>".

There are also stun request to other servers which obviously belong to the service provider (Deutsche Telekom) - very strange!!!

Following in the Wireshark trace are tons of stun packets - some packets with "binding request user ........." and many packets with "ChannelData TURN message".

So I think that BBB passes the correct Stun address to the client (which basically is the integrated Turn server which also acts as STUN) but for some reason this does not work.

As a consequence the client does use Turn.

Is there any log information within BBB which may help? So far I only used Wireshark!

Any other source of information to identify the problem?

Thanks! Wolfgang