ICE error 1004 (audio) and ICE error 1107 (Video) when firefox about:config media.peerconfiguration.relay_only set to true
820 views
Skip to first unread message
Justin Mann
Jan 10, 2022, 6:29:23 AM1/10/22
to BigBlueButton-Setup
Hi,
I have installed a new BBB and coturnserver in the latest versions,
where the Coturn server is not working, when I force its usage via firefox with
about:config , media.peerconfiguration.relay_only true.
Intenal usage of BBB works and external useage with firefox option "media.peerconfiguration.relay_only" = false
also works
about:webrtc
in firefox shows from the IP from my home provider to the external IP of the BBB server:
with firefox option "media.peerconfiguration.relay_only" = false
ICE State Nominated Selected Local Candidate Remote Candidate Component ID Priority Bytes sent: Bytes received:
succeeded true true 109.40.0.6:30836/udp(prflx) [non-proxied] 192.192.192.141:27540/udp(host) 1 7962083765461713000 37262 3063599
succeeded true true 109.40.0.6:30836/udp(prflx) [non-proxied] 192.192.192.141:27540/udp(host) 1 7962083765461713000 37262 3063599
To test the Coturn server, I do a about:config in firefox and set
media.peerconfiguration.relay_only true
Then the BBB connection fails with errors:
Audio: Failure on call (reson ICE error) (error 1004)
Video: Connection failure (ICE error 1107)
about:webrtc in firefox shows nothing !
ICE Stats
ICE State Nominated Selected Local Candidate Remote Candidate Component ID Priority Bytes sent: Bytes received:
ICE restarts:0
ICE rollbacks:0
when I run the turnserver
command on the turn server, then I see an endless error message
1: Trying to bind fd 42 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
bind: Address already in use
1: Trying to bind fd 13 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
bind: Address already in use
[...]
maybe this is the issue ??
I have just reinstalled the coturn server from scratch and redid the config according to
https://docs.bigbluebutton.org/admin/setup-turn-server.html
which didn't change a thing.
I did not change anything to the network configuration on the coturn server:
>ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:1d:eb:81 brd ff:ff:ff:ff:ff:ff
inet 10.1.2.251/24 brd 10.1.255.255 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1d:eb81/64 scope link
valid_lft forever preferred_lft forever
On the main BBB server I had to add the external IP address to the loopback adapter because BBB would not work without it.
/etc/network/interfaces
--------------------------------------------------------------------
# ifupdown has been replaced by netplan(5) on this system. See
# /etc/netplan for current configuration.
# To re-enable ifupdown on this system, you can run:
# sudo apt install ifupdown
# The loopback network interface
auto lo
iface lo inet loopback
post-up ip addr add 192.192.192.141/32 dev lo
pre-down ip addr del 192.192.192.141/32 dev lo
--------------------------------------------------------------------
I had to add this to /etc/network/interfaces
on the BBB server because this would not work in the /etc/netplan file.
I did not create such an interface on the coturn server (is a fresh reinstall)
I have now come to the point where I do not know what to do next.
The communications from the BBB server to the Turn server works without any issues (no errors, see bbb-conf --check below).
- Internal users can use BBB without any issues and errors.
- Users in a home setup can also use BBB without any issues and errors.
- Only users behind a restrictive firewall have issues.
Here my config files (with modified IPs/hostnames for this article):
--------------------------------------------------------------------------------
BBB server
----------
- Ubuntu 18.04.6 LTS (GNU/Linux 4.15.0-166-generic x86_64)
- External firewall IP 192.192.192.141 (changed for this posting)
- internal 10.1.2.250
- b.testdomain.com (changed for this posting)
- deactivated ufw firewall (for testing)
- otherwise port setup
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
16384:32768/udp ALLOW Anywhere
Nginx Full ALLOW Anywhere
49152:65535/udp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
16384:32768/udp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
49152:65535/udp (v6) ALLOW Anywhere (v6)
> bbb-conf --check
BigBlueButton Server 2.4.0 (2818)
Kernel version: 4.15.0-166-generic
Distribution: Ubuntu 18.04.6 LTS (64-bit)
Memory: 32939 MB
CPU cores: 8
/etc/bigbluebutton/bbb-web.properties (override for bbb-web)
/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (bbb-web)
bigbluebutton.web.serverURL: https://b.testdomain.com
defaultGuestPolicy: ALWAYS_ACCEPT
svgImagesRequired: true
defaultMeetingLayout: SMART_LAYOUT
/etc/nginx/sites-available/bigbluebutton (nginx)
server_name: b.testdomain.com
port: 80, [::]:80
port: 443 ssl
/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH)
local_ip_v4: 10.1.2.250
external_rtp_ip: 192.192.192.141
external_sip_ip: 192.192.192.141
/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH)
ext-rtp-ip: $${external_rtp_ip}
ext-sip-ip: $${external_sip_ip}
ws-binding: 192.192.192.141:5066
wss-binding: 192.192.192.141:7443
/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
playback_host: b.testdomain.com
playback_protocol: https
ffmpeg: 4.2.4-1ubuntu0.1bbb2~18.04
/etc/bigbluebutton/nginx/sip.nginx (sip.nginx)
proxy_pass: 192.192.192.141
protocol: http
/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (Kurento SFU)
/etc/bigbluebutton/bbb-webrtc-sfu/production.yml (Kurento SFU - override)
kurento.ip: 10.1.2.250
kurento.url: ws://127.0.0.1:8888/kurento
kurento.sip_ip: 192.192.192.141
recordScreenSharing: true
recordWebcams: true
codec_video_main: VP8
codec_video_content: VP8
/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)
/etc/bigbluebutton/bbb-html5.yml (HTML5 client config override)
build: 2440
kurentoUrl: wss://b.testdomain.com/bbb-webrtc-sfu
enableListenOnly: true
sipjsHackViaWs: true
/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml (STUN Server)
stun: b2.testdomain.com
/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini (STUN Server)
stun: 10.1.2.251:3478
# Potential problems described below
=============================================================================
Coturn server
-------------
- Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-92-generic x86_64)
- External firewall IP 192.192.192.142 (changed for this posting)
- internal 10.1.2.251
- b2.testdomain.com (changed for this posting)
- deactivated ufw firewall (for testing)
- otherwise port setup
To Action From
-- ------ ----
80/tcp ALLOW Anywhere
443/udp ALLOW Anywhere
443/tcp ALLOW Anywhere
3478/tcp ALLOW Anywhere
3478/udp ALLOW Anywhere
49152:65535/udp ALLOW Anywhere
OpenSSH ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
443/udp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
3478/tcp (v6) ALLOW Anywhere (v6)
3478/udp (v6) ALLOW Anywhere (v6)
49152:65535/udp (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
/etc/turnserver.conf
--------------------------------------------------------------------------
listening-port=3478
tls-listening-port=443
#
# BBB will not work work when using this
# listening-ip=192.192.192.142
#
relay-ip=192.192.192.142
#
# Have to use this instead
external-ip=192.192.192.142/10.1.2.251
#
verbose
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=test1234567890(we-use-different-pw)
realm=testdomain.com
cert=/etc/turnserver/fullchain.pem
pkey=/etc/turnserver/privkey.pem
cipher-list="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
dh-file=/etc/turnserver/dhp.pem
syslog
keep-address-family
no-cli
no-tlsv1
no-tlsv1_1
no-loopback-peers
no-multicast-peers
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=::ffff:0:0-::ffff:ffff:ffff
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
denied-peer-ip=64:ff9b:1::-64:ff9b:1:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2001:db8::-2001:db8:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
--------------------------------------------------------------------------
> turnserver
0: log file opened: /var/log/turnserver/turn_1797_2022-01-10.log
0: Relay address to use: 192.192.192.142
0: Bad configuration format: no-loopback-peers
0: Black listing: 10.0.0.0-10.255.255.255
0: Black listing: 172.16.0.0-172.31.255.255
0: Black listing: 192.168.0.0-192.168.255.255
0: Black listing: 100.64.0.0-100.127.255.255
0: Black listing: 169.254.0.0-169.254.255.255
0: Black listing: 192.0.0.0-192.0.0.255
0: Black listing: 192.0.2.0-192.0.2.255
0: Black listing: 198.18.0.0-198.19.255.255
0: Black listing: 198.51.100.0-198.51.100.255
0: Black listing: 203.0.113.0-203.0.113.255
0: Black listing: fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
0: Black listing: fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
0: Black listing: ::ffff:0:0-::ffff:ffff:ffff
0: Black listing: 64:ff9b::-64:ff9b::ffff:ffff
0: Black listing: 64:ff9b:1::-64:ff9b:1:ffff:ffff:ffff:ffff:ffff
0: Black listing: 2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
0: Black listing: 2001:db8::-2001:db8:ffff:ffff:ffff:ffff:ffff:ffff
0: Black listing: 2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
0: Config file found: /root/../etc/turnserver.conf
0: Bad configuration format: no-loopback-peers
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 1048576
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.1.1f 31 Mar 2020 (0x1010106f)
0:
0: SQLite supported, default database location is /var/lib/turn/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Domain name:
0: Default realm: testdomain.com
0:
CONFIGURATION ALERT: You specified --lt-cred-mech and --use-auth-secret in the same time.
Be aware that you could not mix the username/password and the shared secret based auth methohds.
Shared secret overrides username/password based auth method. Check your configuration!
0: ERROR:
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
0: SSL23: Certificate file found: /etc/turnserver/fullchain.pem
0: SSL23: Private key file found: /etc/turnserver/privkey.pem
0: TLS1.2: Certificate file found: /etc/turnserver/fullchain.pem
0: TLS1.2: Private key file found: /etc/turnserver/privkey.pem
0: TLS cipher suite: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
0: DTLS: Certificate file found: /etc/turnserver/fullchain.pem
0: DTLS: Private key file found: /etc/turnserver/privkey.pem
0: DTLS1.2: Certificate file found: /etc/turnserver/fullchain.pem
0: DTLS1.2: Private key file found: /etc/turnserver/privkey.pem
0: DTLS cipher suite: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 10.1.2.251
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0: relay 192.192.192.142 initialization...
0: relay 192.192.192.142 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
1: turn server id=1 created
bind: Address already in use
1: IO method (general relay thread): epoll (with changelist)
1: turn server id=0 created
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3479
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:443
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:444
1: IPv4. DTLS/UDP listener opened on: 10.1.2.251:3478
1: IPv4. DTLS/UDP listener opened on: 10.1.2.251:3479
1: IPv4. DTLS/UDP listener opened on: 10.1.2.251:443
1: IPv4. DTLS/UDP listener opened on: 10.1.2.251:444
1: IPv6. DTLS/UDP listener opened on: ::1:3478
1: IPv6. DTLS/UDP listener opened on: ::1:3479
1: IPv6. DTLS/UDP listener opened on: ::1:443
1: IPv6. DTLS/UDP listener opened on: ::1:444
1: Total General servers: 2
bind: Address already in use
1: Trying to bind fd 13 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
1: Trying to bind fd 42 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
1: IO method (admin thread): epoll (with changelist)
1: IO method (auth thread): epoll (with changelist)
1: IO method (auth thread): epoll (with changelist)
1: SQLite DB connection success: /var/lib/turn/turndb
bind: Address already in use
1: Trying to bind fd 13 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
bind: Address already in use
1: Trying to bind fd 42 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
bind: Address already in use
1: Trying to bind fd 13 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
bind: Address already in use
^C
External firewall setup
--------------------------------------------------------------------------
- for BBB server
Allow TCP 80
Allow TCP-UDP 443
Allow UDP 16384-32768
Any-External -> SNAT 192.192.192.141 -> 10.1.2.250
- for Coturn server
Allow TCP 80
Allow TCP-UDP 443
Allow TCP-UDP 3478
Allow UDP 49152-65535
Any-External -> SNAT 192.192.192.142 -> 10.1.2.251
---------------------------------------------------------------------------
I appreciate if one of you have an idea which will help me fix the issue
thank you,
Best
J.Mann
I have installed a new BBB and coturnserver in the latest versions,
where the Coturn server is not working, when I force its usage via firefox with
about:config , media.peerconfiguration.relay_only true.
Intenal usage of BBB works and external useage with firefox option "media.peerconfiguration.relay_only" = false
also works
about:webrtc
in firefox shows from the IP from my home provider to the external IP of the BBB server:
with firefox option "media.peerconfiguration.relay_only" = false
ICE State Nominated Selected Local Candidate Remote Candidate Component ID Priority Bytes sent: Bytes received:
succeeded true true 109.40.0.6:30836/udp(prflx) [non-proxied] 192.192.192.141:27540/udp(host) 1 7962083765461713000 37262 3063599
succeeded true true 109.40.0.6:30836/udp(prflx) [non-proxied] 192.192.192.141:27540/udp(host) 1 7962083765461713000 37262 3063599
To test the Coturn server, I do a about:config in firefox and set
media.peerconfiguration.relay_only true
Then the BBB connection fails with errors:
Audio: Failure on call (reson ICE error) (error 1004)
Video: Connection failure (ICE error 1107)
about:webrtc in firefox shows nothing !
ICE Stats
ICE State Nominated Selected Local Candidate Remote Candidate Component ID Priority Bytes sent: Bytes received:
ICE restarts:0
ICE rollbacks:0
when I run the turnserver
command on the turn server, then I see an endless error message
1: Trying to bind fd 42 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
bind: Address already in use
1: Trying to bind fd 13 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
bind: Address already in use
[...]
maybe this is the issue ??
I have just reinstalled the coturn server from scratch and redid the config according to
https://docs.bigbluebutton.org/admin/setup-turn-server.html
which didn't change a thing.
I did not change anything to the network configuration on the coturn server:
>ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:1d:eb:81 brd ff:ff:ff:ff:ff:ff
inet 10.1.2.251/24 brd 10.1.255.255 scope global ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe1d:eb81/64 scope link
valid_lft forever preferred_lft forever
On the main BBB server I had to add the external IP address to the loopback adapter because BBB would not work without it.
/etc/network/interfaces
--------------------------------------------------------------------
# ifupdown has been replaced by netplan(5) on this system. See
# /etc/netplan for current configuration.
# To re-enable ifupdown on this system, you can run:
# sudo apt install ifupdown
# The loopback network interface
auto lo
iface lo inet loopback
post-up ip addr add 192.192.192.141/32 dev lo
pre-down ip addr del 192.192.192.141/32 dev lo
--------------------------------------------------------------------
I had to add this to /etc/network/interfaces
on the BBB server because this would not work in the /etc/netplan file.
I did not create such an interface on the coturn server (is a fresh reinstall)
I have now come to the point where I do not know what to do next.
The communications from the BBB server to the Turn server works without any issues (no errors, see bbb-conf --check below).
- Internal users can use BBB without any issues and errors.
- Users in a home setup can also use BBB without any issues and errors.
- Only users behind a restrictive firewall have issues.
Here my config files (with modified IPs/hostnames for this article):
--------------------------------------------------------------------------------
BBB server
----------
- Ubuntu 18.04.6 LTS (GNU/Linux 4.15.0-166-generic x86_64)
- External firewall IP 192.192.192.141 (changed for this posting)
- internal 10.1.2.250
- b.testdomain.com (changed for this posting)
- deactivated ufw firewall (for testing)
- otherwise port setup
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
16384:32768/udp ALLOW Anywhere
Nginx Full ALLOW Anywhere
49152:65535/udp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
16384:32768/udp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
49152:65535/udp (v6) ALLOW Anywhere (v6)
> bbb-conf --check
BigBlueButton Server 2.4.0 (2818)
Kernel version: 4.15.0-166-generic
Distribution: Ubuntu 18.04.6 LTS (64-bit)
Memory: 32939 MB
CPU cores: 8
/etc/bigbluebutton/bbb-web.properties (override for bbb-web)
/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (bbb-web)
bigbluebutton.web.serverURL: https://b.testdomain.com
defaultGuestPolicy: ALWAYS_ACCEPT
svgImagesRequired: true
defaultMeetingLayout: SMART_LAYOUT
/etc/nginx/sites-available/bigbluebutton (nginx)
server_name: b.testdomain.com
port: 80, [::]:80
port: 443 ssl
/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH)
local_ip_v4: 10.1.2.250
external_rtp_ip: 192.192.192.141
external_sip_ip: 192.192.192.141
/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH)
ext-rtp-ip: $${external_rtp_ip}
ext-sip-ip: $${external_sip_ip}
ws-binding: 192.192.192.141:5066
wss-binding: 192.192.192.141:7443
/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
playback_host: b.testdomain.com
playback_protocol: https
ffmpeg: 4.2.4-1ubuntu0.1bbb2~18.04
/etc/bigbluebutton/nginx/sip.nginx (sip.nginx)
proxy_pass: 192.192.192.141
protocol: http
/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (Kurento SFU)
/etc/bigbluebutton/bbb-webrtc-sfu/production.yml (Kurento SFU - override)
kurento.ip: 10.1.2.250
kurento.url: ws://127.0.0.1:8888/kurento
kurento.sip_ip: 192.192.192.141
recordScreenSharing: true
recordWebcams: true
codec_video_main: VP8
codec_video_content: VP8
/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)
/etc/bigbluebutton/bbb-html5.yml (HTML5 client config override)
build: 2440
kurentoUrl: wss://b.testdomain.com/bbb-webrtc-sfu
enableListenOnly: true
sipjsHackViaWs: true
/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml (STUN Server)
stun: b2.testdomain.com
/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini (STUN Server)
stun: 10.1.2.251:3478
# Potential problems described below
=============================================================================
Coturn server
-------------
- Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-92-generic x86_64)
- External firewall IP 192.192.192.142 (changed for this posting)
- internal 10.1.2.251
- b2.testdomain.com (changed for this posting)
- deactivated ufw firewall (for testing)
- otherwise port setup
To Action From
-- ------ ----
80/tcp ALLOW Anywhere
443/udp ALLOW Anywhere
443/tcp ALLOW Anywhere
3478/tcp ALLOW Anywhere
3478/udp ALLOW Anywhere
49152:65535/udp ALLOW Anywhere
OpenSSH ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
443/udp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
3478/tcp (v6) ALLOW Anywhere (v6)
3478/udp (v6) ALLOW Anywhere (v6)
49152:65535/udp (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
/etc/turnserver.conf
--------------------------------------------------------------------------
listening-port=3478
tls-listening-port=443
#
# BBB will not work work when using this
# listening-ip=192.192.192.142
#
relay-ip=192.192.192.142
#
# Have to use this instead
external-ip=192.192.192.142/10.1.2.251
#
verbose
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=test1234567890(we-use-different-pw)
realm=testdomain.com
cert=/etc/turnserver/fullchain.pem
pkey=/etc/turnserver/privkey.pem
cipher-list="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
dh-file=/etc/turnserver/dhp.pem
syslog
keep-address-family
no-cli
no-tlsv1
no-tlsv1_1
no-loopback-peers
no-multicast-peers
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=::ffff:0:0-::ffff:ffff:ffff
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
denied-peer-ip=64:ff9b:1::-64:ff9b:1:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2001:db8::-2001:db8:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
--------------------------------------------------------------------------
> turnserver
0: log file opened: /var/log/turnserver/turn_1797_2022-01-10.log
0: Relay address to use: 192.192.192.142
0: Bad configuration format: no-loopback-peers
0: Black listing: 10.0.0.0-10.255.255.255
0: Black listing: 172.16.0.0-172.31.255.255
0: Black listing: 192.168.0.0-192.168.255.255
0: Black listing: 100.64.0.0-100.127.255.255
0: Black listing: 169.254.0.0-169.254.255.255
0: Black listing: 192.0.0.0-192.0.0.255
0: Black listing: 192.0.2.0-192.0.2.255
0: Black listing: 198.18.0.0-198.19.255.255
0: Black listing: 198.51.100.0-198.51.100.255
0: Black listing: 203.0.113.0-203.0.113.255
0: Black listing: fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
0: Black listing: fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
0: Black listing: ::ffff:0:0-::ffff:ffff:ffff
0: Black listing: 64:ff9b::-64:ff9b::ffff:ffff
0: Black listing: 64:ff9b:1::-64:ff9b:1:ffff:ffff:ffff:ffff:ffff
0: Black listing: 2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
0: Black listing: 2001:db8::-2001:db8:ffff:ffff:ffff:ffff:ffff:ffff
0: Black listing: 2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
0: Config file found: /root/../etc/turnserver.conf
0: Bad configuration format: no-loopback-peers
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 1048576
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.1.1f 31 Mar 2020 (0x1010106f)
0:
0: SQLite supported, default database location is /var/lib/turn/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Domain name:
0: Default realm: testdomain.com
0:
CONFIGURATION ALERT: You specified --lt-cred-mech and --use-auth-secret in the same time.
Be aware that you could not mix the username/password and the shared secret based auth methohds.
Shared secret overrides username/password based auth method. Check your configuration!
0: ERROR:
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
0: SSL23: Certificate file found: /etc/turnserver/fullchain.pem
0: SSL23: Private key file found: /etc/turnserver/privkey.pem
0: TLS1.2: Certificate file found: /etc/turnserver/fullchain.pem
0: TLS1.2: Private key file found: /etc/turnserver/privkey.pem
0: TLS cipher suite: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
0: DTLS: Certificate file found: /etc/turnserver/fullchain.pem
0: DTLS: Private key file found: /etc/turnserver/privkey.pem
0: DTLS1.2: Certificate file found: /etc/turnserver/fullchain.pem
0: DTLS1.2: Private key file found: /etc/turnserver/privkey.pem
0: DTLS cipher suite: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 10.1.2.251
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0: relay 192.192.192.142 initialization...
0: relay 192.192.192.142 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
1: turn server id=1 created
bind: Address already in use
1: IO method (general relay thread): epoll (with changelist)
1: turn server id=0 created
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3479
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:443
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:444
1: IPv4. DTLS/UDP listener opened on: 10.1.2.251:3478
1: IPv4. DTLS/UDP listener opened on: 10.1.2.251:3479
1: IPv4. DTLS/UDP listener opened on: 10.1.2.251:443
1: IPv4. DTLS/UDP listener opened on: 10.1.2.251:444
1: IPv6. DTLS/UDP listener opened on: ::1:3478
1: IPv6. DTLS/UDP listener opened on: ::1:3479
1: IPv6. DTLS/UDP listener opened on: ::1:443
1: IPv6. DTLS/UDP listener opened on: ::1:444
1: Total General servers: 2
bind: Address already in use
1: Trying to bind fd 13 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
1: Trying to bind fd 42 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
1: IO method (admin thread): epoll (with changelist)
1: IO method (auth thread): epoll (with changelist)
1: IO method (auth thread): epoll (with changelist)
1: SQLite DB connection success: /var/lib/turn/turndb
bind: Address already in use
1: Trying to bind fd 13 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
bind: Address already in use
1: Trying to bind fd 42 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
bind: Address already in use
1: Trying to bind fd 13 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
bind: Address already in use
^C
External firewall setup
--------------------------------------------------------------------------
- for BBB server
Allow TCP 80
Allow TCP-UDP 443
Allow UDP 16384-32768
Any-External -> SNAT 192.192.192.141 -> 10.1.2.250
- for Coturn server
Allow TCP 80
Allow TCP-UDP 443
Allow TCP-UDP 3478
Allow UDP 49152-65535
Any-External -> SNAT 192.192.192.142 -> 10.1.2.251
---------------------------------------------------------------------------
I appreciate if one of you have an idea which will help me fix the issue
thank you,
Best
J.Mann
sd...@distancelearning.cloud
Jan 10, 2022, 7:07:50 AM1/10/22
to bigbluebu...@googlegroups.com
1: Trying to bind fd 13 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
1: Trying to bind fd 42 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
1: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
1: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
If you ps aux | grep turn is there another turn process running.
If you reboot server, does the turn server startup automatically? Do you get the bind error on restart?
stephen
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-s...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-setup/bab6c884-502e-48d2-abe1-9313e2ff2d3fn%40googlegroups.com.
Justin Mann
Jan 10, 2022, 7:22:38 AM1/10/22
to BigBlueButton-Setup
Hi Stephan,
just rebooted,
then I get the same messages at the end:
0: Trying to bind fd 13 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
0: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
0: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
[..]
> ps aux | grep turn
turnser+ 941 0.0 0.3 481536 6688 ? Ssl 12:11 0:00 /usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid --no-stdout-log --simple-log --log-file /var/log/turnserver/turnserver.log
root 2530 0.0 0.0 6300 736 pts/0 S+ 12:15 0:00 grep --color=auto turn
just rebooted,
when I type
>turnserverthen I get the same messages at the end:
0: Trying to bind fd 13 to <127.0.0.1:3478>: errno=98
Cannot bind local socket to addr: Address already in use
0: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
[..]
> ps aux | grep turn
turnser+ 941 0.0 0.3 481536 6688 ? Ssl 12:11 0:00 /usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid --no-stdout-log --simple-log --log-file /var/log/turnserver/turnserver.log
root 2530 0.0 0.0 6300 736 pts/0 S+ 12:15 0:00 grep --color=auto turn
I'm hopefully not starting the turnserver a 2nd time by just typing the command turnserver ?
(this would be causing a different issue, defelcting from the original issue, that users cannot connect when in firefox media.peerconnection.ice.relay_only = true)
If this is not the case,
then I'm not aware from where the 2nd process is coming from (hopfully the beeing the issue?).
Thanks,
J.Mann
(this would be causing a different issue, defelcting from the original issue, that users cannot connect when in firefox media.peerconnection.ice.relay_only = true)
If this is not the case,
then I'm not aware from where the 2nd process is coming from (hopfully the beeing the issue?).
Thanks,
J.Mann
Stephen Rigney
Jan 10, 2022, 11:02:49 AM1/10/22
to BigBlueButton-Setup
Can I ask where you're hosting your turn server? I tried setting up a server following the same instructions on an Oracle Cloud VM and had the exact same binding issues. I gave up and tried using the exact same setup on a Digital Ocean droplet and it worked perfectly. I still don't know what the problem was - if Oracle use a custom OS image or something connected to their VMs but maybe you're having a similar experience?
Justin Mann
Jan 10, 2022, 3:55:26 PM1/10/22
to BigBlueButton-Setup
I'm running the two servers, each in it's own VM on the same exsi server on a dmz on a watchguard firewall.
As test, just started the old Ubuntu 16.04.7 LTS server with BBB 2.2.36, greenlight 2.9.3-beta.3
and Coturn-4.5.0.3,
all are running on " one" VM (instead of two) with two network cards and IP, it still works flawless!
When I run the turnserver command on that old VM, then that old VM does not throw these errors like on the new installation, so I wonder what is wrong/different ??
I tried to configure the new installation in the same way I did on the old VM, (a. with the same IP/config settings and b. on one VM like I did with the old VM) both failed. So there some big difference (or bug) in the new setup. I hope someone here can provide an idea.
all are running on " one" VM (instead of two) with two network cards and IP, it still works flawless!
When I run the turnserver command on that old VM, then that old VM does not throw these errors like on the new installation, so I wonder what is wrong/different ??
I tried to configure the new installation in the same way I did on the old VM, (a. with the same IP/config settings and b. on one VM like I did with the old VM) both failed. So there some big difference (or bug) in the new setup. I hope someone here can provide an idea.
Justin Mann
Jan 10, 2022, 5:38:13 PM1/10/22
to BigBlueButton-Setup
I just found an article:
https://github.com/coturn/coturn/issues/421
When I rename the file
/lib/systemd/system/coturn.service
as discribed in the last entry of the article, and restart the server, then the endless error
0: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
[..]
https://github.com/coturn/coturn/issues/421
When I rename the file
/lib/systemd/system/coturn.service
as discribed in the last entry of the article, and restart the server, then the endless error
Cannot bind local socket to addr: Address already in use
0: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:34780: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
[..]
is gone ( after starting turnserver)
The two ICE errors are still there when I test BBB.
When I execute
The two ICE errors are still there when I test BBB.
When I execute
> turnserver
and connect to the microphone (and video),
then turnserver throws an endless list of errors (simelar to see above).
and connect to the microphone (and video),
then turnserver throws an endless list of errors (simelar to see above).
I uncommented the entries in the file
/etc/turnserver.conf
# relay-ip=192.192.192.142
( # listening-ip=192.192.192.142 is already uncommented)
and only keep
external-ip=192.192.192.142/10.1.2.251
The ICE errors are still the same, but turnserver stopped throwing the endless error list like seen above,
Got to see further tomorrow ...
# relay-ip=192.192.192.142
( # listening-ip=192.192.192.142 is already uncommented)
and only keep
external-ip=192.192.192.142/10.1.2.251
The ICE errors are still the same, but turnserver stopped throwing the endless error list like seen above,
Got to see further tomorrow ...
Best
Justin Mann
Jan 14, 2022, 4:42:33 AM1/14/22
to BigBlueButton-Setup
I have now configured the new BBB server in the same way (1:1) as I did with my old BBB server (which works flawless, old Ubuntu 16.04.7 LTS server with BBB 2.2.36, greenlight 2.9.3-beta.3 and Coturn-4.5.0.3, all are running on " one" VM (instead of two) with two network cards and IP).
Audio: Failure on call (reson ICE error) (error 1004)
Video: Connection failure (ICE error 1107)
I just do not know what to do/troubleshoot further,
other to give up and use Jitsi instead (which is much easier to set up),
I tested https://test.bigbluebutton.org which works flawless,
we have 1:1 the same external firewall settings for the new and old BBB server.
I had to also set "sipjsHackViaWs: false" (same setting on old server) in order to get the new server to work.
On the new BBB server, everything works, until I sumulate the forced use of Turn/Stun
about:webrtc
"media.peerconfiguration.relay_only" = false
Then:
about:webrtc
"media.peerconfiguration.relay_only" = false
Then:
Audio: Failure on call (reson ICE error) (error 1004)
Video: Connection failure (ICE error 1107)
The ICE Stats in about:webrtc is empty.
We only use IPv4 on our servers (no IP v6)
We only use IPv4 on our servers (no IP v6)
I just do not know what to do/troubleshoot further,
other to give up and use Jitsi instead (which is much easier to set up),
I tested https://test.bigbluebutton.org which works flawless,
we have 1:1 the same external firewall settings for the new and old BBB server.
I had to also set "sipjsHackViaWs: false" (same setting on old server) in order to get the new server to work.
Justin Mann
Jan 14, 2022, 5:40:16 AM1/14/22
to BigBlueButton-Setup
BBB and coturn run on one box in this config.
Loopback of both external IPs
192.192.192.141
192.192.192.142
on the server (was not able to get to work in /etc/netplan/00-installer-config.yaml)
/etc/network/interfaces
-------------------------------------------------
auto lo lo:0
iface lo inet loopback
post-up ip addr add 192.192.192.141/32 dev lo
pre-down ip addr del 192.192.192.141/32 dev lo
iface lo:0 inet static
address 192.192.192.142/32
-------------------------------------------------
and local ips's on one network card
10.1.2.250
10.1.2.251
/etc/netplan/00-installer-config.yaml
----------------------------------------------
network:
ethernets:
ens160:
addresses: [10.1.2.250/24]
addresses: [10.1.2.251/24]
gateway4: 10.1.2.200
nameservers:
addresses: [8.8.8.8]
search:
- testdomain.com
version: 2
-----------------------------------------------
External firewall setup
--------------------------------------------------------------------------
- for BBB server
Allow TCP 80
Allow TCP-UDP 443
Allow UDP 16384-32768
Any-External -> SNAT 192.192.192.141 -> 10.1.2.250
- for Coturn server
Allow TCP 80
Any-External -> SNAT 192.192.192.142 -> 10.1.2.251 portmap 443 to 5349
> ufw status
----------------------------------------------------------------------------
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
16384:32768/udp ALLOW Anywhere
Nginx Full ALLOW Anywhere
49152:65535/udp ALLOW Anywhere
5349/udp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
16384:32768/udp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
49152:65535/udp (v6) ALLOW Anywhere (v6)
5349/udp (v6) ALLOW Anywhere (v6)
> bbb-conf --check
-----------------------------------------------------------------------------
BigBlueButton Server 2.4.0 (2818)
Kernel version: 4.15.0-166-generic
Distribution: Ubuntu 18.04.6 LTS (64-bit)
Memory: 32939 MB
CPU cores: 8
/etc/bigbluebutton/bbb-web.properties (override for bbb-web)
/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (bbb-web)
bigbluebutton.web.serverURL: https://b.testdomain.com
defaultGuestPolicy: ALWAYS_ACCEPT
svgImagesRequired: true
defaultMeetingLayout: SMART_LAYOUT
/etc/nginx/sites-available/bigbluebutton (nginx)
server_name: b.testdomain.com
port: 80, [::]:80
port: 443 ssl
/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH)
local_ip_v4: 10.1.2.250
external_rtp_ip: stun:b2.testdomain.com
external_sip_ip: stun:b2.testdomain.com
/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH)
ext-rtp-ip: $${external_rtp_ip}
ext-sip-ip: $${external_sip_ip}
ws-binding: :5066
wss-binding: 192.192.192.141:7443
/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
playback_host: b.testdomain.com
playback_protocol: https
ffmpeg: 4.2.4-1ubuntu0.1bbb2~18.04
/etc/bigbluebutton/nginx/sip.nginx (sip.nginx)
proxy_pass: 192.192.192.141
protocol: https
/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (Kurento SFU)
/etc/bigbluebutton/bbb-webrtc-sfu/production.yml (Kurento SFU - override)
kurento.ip: 10.1.2.250
kurento.url: ws://127.0.0.1:8888/kurento
kurento.sip_ip: 10.1.2.250
recordScreenSharing: true
recordWebcams: true
codec_video_main: VP8
codec_video_content: VP8
/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)
/etc/bigbluebutton/bbb-html5.yml (HTML5 client config override)
build: 2440
kurentoUrl: wss://b.testdomain.com/bbb-webrtc-sfu
enableListenOnly: true
sipjsHackViaWs: false
/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml (STUN Server)
stun: b2.testdomain.com
/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini (STUN Server)
stun: 10.1.2.251:3478
# Potential problems described below
# Warning: The setting of 192.192.192.141 for proxy_pass in
#
# /etc/bigbluebutton/nginx/sip.nginx
#
# does not match the local IP address (10.1.2.250).
# (This is OK if you've manually changed the values)
-----------------------------------------------------------------------------
/etc/turnserver.conf
-----------------------------------------------------------------------------
listening-port=3478
#
# we port map 443 to 5349 from external firewall
tls-listening-port=5349
#
relay-ip=192.192.192.142
external-ip=192.192.192.142/10.1.2.251
verbose
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=test1234567890(we-use-different-pw)
realm=testdomain.com
cert=/etc/letsencrypt/live/v.testdomain.com/fullchain.pem
pkey=/etc/letsencrypt/live/v.testdomain.com/privkey.pem
cipher-list="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
Loopback of both external IPs
192.192.192.141
192.192.192.142
on the server (was not able to get to work in /etc/netplan/00-installer-config.yaml)
/etc/network/interfaces
-------------------------------------------------
auto lo lo:0
iface lo inet loopback
post-up ip addr add 192.192.192.141/32 dev lo
pre-down ip addr del 192.192.192.141/32 dev lo
address 192.192.192.142/32
-------------------------------------------------
and local ips's on one network card
10.1.2.250
10.1.2.251
/etc/netplan/00-installer-config.yaml
----------------------------------------------
network:
ethernets:
ens160:
addresses: [10.1.2.250/24]
addresses: [10.1.2.251/24]
gateway4: 10.1.2.200
nameservers:
addresses: [8.8.8.8]
search:
- testdomain.com
version: 2
-----------------------------------------------
External firewall setup
--------------------------------------------------------------------------
- for BBB server
Allow TCP 80
Allow TCP-UDP 443
Allow UDP 16384-32768
Any-External -> SNAT 192.192.192.141 -> 10.1.2.250
- for Coturn server
Allow TCP 80
Allow TCP-UDP 3478
Allow UDP 49152-65535
Any-External -> SNAT 192.192.192.142 -> 10.1.2.251
Allow TCP-UDP 443Allow UDP 49152-65535
Any-External -> SNAT 192.192.192.142 -> 10.1.2.251
Any-External -> SNAT 192.192.192.142 -> 10.1.2.251 portmap 443 to 5349
> ufw status
----------------------------------------------------------------------------
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
16384:32768/udp ALLOW Anywhere
Nginx Full ALLOW Anywhere
49152:65535/udp ALLOW Anywhere
3478/tcp ALLOW Anywhere
3478/udp ALLOW Anywhere
5349/tcp ALLOW Anywhere3478/udp ALLOW Anywhere
5349/udp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
16384:32768/udp (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
49152:65535/udp (v6) ALLOW Anywhere (v6)
3478/tcp (v6) ALLOW Anywhere (v6)
3478/udp (v6) ALLOW Anywhere (v6)
5349/tcp (v6) ALLOW Anywhere (v6)3478/udp (v6) ALLOW Anywhere (v6)
5349/udp (v6) ALLOW Anywhere (v6)
> bbb-conf --check
-----------------------------------------------------------------------------
BigBlueButton Server 2.4.0 (2818)
Kernel version: 4.15.0-166-generic
Distribution: Ubuntu 18.04.6 LTS (64-bit)
Memory: 32939 MB
CPU cores: 8
/etc/bigbluebutton/bbb-web.properties (override for bbb-web)
/usr/share/bbb-web/WEB-INF/classes/bigbluebutton.properties (bbb-web)
bigbluebutton.web.serverURL: https://b.testdomain.com
defaultGuestPolicy: ALWAYS_ACCEPT
svgImagesRequired: true
defaultMeetingLayout: SMART_LAYOUT
/etc/nginx/sites-available/bigbluebutton (nginx)
server_name: b.testdomain.com
port: 80, [::]:80
port: 443 ssl
/opt/freeswitch/etc/freeswitch/vars.xml (FreeSWITCH)
local_ip_v4: 10.1.2.250
external_sip_ip: stun:b2.testdomain.com
/opt/freeswitch/etc/freeswitch/sip_profiles/external.xml (FreeSWITCH)
ext-rtp-ip: $${external_rtp_ip}
ext-sip-ip: $${external_sip_ip}
wss-binding: 192.192.192.141:7443
/usr/local/bigbluebutton/core/scripts/bigbluebutton.yml (record and playback)
playback_host: b.testdomain.com
playback_protocol: https
ffmpeg: 4.2.4-1ubuntu0.1bbb2~18.04
/etc/bigbluebutton/nginx/sip.nginx (sip.nginx)
proxy_pass: 192.192.192.141
/usr/local/bigbluebutton/bbb-webrtc-sfu/config/default.yml (Kurento SFU)
/etc/bigbluebutton/bbb-webrtc-sfu/production.yml (Kurento SFU - override)
kurento.ip: 10.1.2.250
kurento.url: ws://127.0.0.1:8888/kurento
recordScreenSharing: true
recordWebcams: true
codec_video_main: VP8
codec_video_content: VP8
/usr/share/meteor/bundle/programs/server/assets/app/config/settings.yml (HTML5 client)
/etc/bigbluebutton/bbb-html5.yml (HTML5 client config override)
build: 2440
kurentoUrl: wss://b.testdomain.com/bbb-webrtc-sfu
enableListenOnly: true
/usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml (STUN Server)
stun: b2.testdomain.com
/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini (STUN Server)
stun: 10.1.2.251:3478
# Potential problems described below
#
# /etc/bigbluebutton/nginx/sip.nginx
#
# does not match the local IP address (10.1.2.250).
# (This is OK if you've manually changed the values)
-----------------------------------------------------------------------------
/etc/turnserver.conf
-----------------------------------------------------------------------------
listening-port=3478
#
# we port map 443 to 5349 from external firewall
tls-listening-port=5349
#
relay-ip=192.192.192.142
external-ip=192.192.192.142/10.1.2.251
verbose
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=test1234567890(we-use-different-pw)
realm=testdomain.com
pkey=/etc/letsencrypt/live/v.testdomain.com/privkey.pem
cipher-list="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
Justin Mann
Jan 14, 2022, 6:11:19 AM1/14/22
to BigBlueButton-Setup
Whats very strange, is that I just got an ICE 1007 error when trying to connect via audio (video works)
with
firefox about:config media.peerconfiguration.relay_only set to false
When I added the BBB to /etc/turnserver.conf
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
#added line (bbb server)
# existing line (turn server)
external-ip=192.192.192.142/10.1.2.251
and restarted the service, then the error is gone, audio works ??
Reply all
Reply to author
Forward
0 new messages