How to use a turn server behind a NAT ?

[Abhisek Panda]

hi , can any body help on this ?

As per RFC 5766 the flow & placement of turn server should be like below ,

Client A          -----------------------> NAT / Fire Wall A------------------------> Turn server ----------------------------> NAT/Fire Wall B--------------------> Client B 
(Turn Client )                                                                                                                                                                                      (Peer)

Client B or peer may be or may not be behind NAT / Fire Wall

But i can't keep my Turn server after Fire Wall or inside pubilc internet. I've to keep my Turn server in a local server & the call flow should be below,

Client A          -----------------------> Turn server  ------------------------> NAT / Fire Wall A----------------------------> NAT/Fire Wall B --------------------> Client B 

(Turn Client )                                                                                                                                                                                        (Peer)

Client B or peer may be or may not be behind NAT / Fire Wall

I've downloaded turn server code from 

https://code.google.com/p/rfc5766-turn-server/ & able to compile & start the turn server using below command,

turnserver -X <Public.Ip> -a -b turnuserdb.conf -f -r null

What else i need to do ?? Any other configuration or command ? 

Like below i've installed my turn server 

 1. Downloaded Code from 

      https://github.com/coturn/rfc5766-turn-server/

 2.  Deployed in a local server inside root path

      

 3.  While running  ./configure found an issue as ,

      ERROR: Libevent2 development libraries are not installed properly in required location

      I've checked for the issue, which said Libevent2 by default present in Fedora OS but not in Cent OS , which I am using.

      For Cent OS Libevent2  need to be installed manually.

 4.  Manual Installation i did by downloading libevent-2.0.22-stable.tar.gz  from http://libevent.org/

       and installing in the path /usr/ports/devel/libevent2/

       I've run ./configure -- > Make --> Make Install .

       libevent2 installed properly without any error.

 5. Again tried to run ./configure of Turnserver, Which was error free but 1 warning was there

      HIREDIS DEVELOPMENT LIBRARY (libhiredis.*) AND/OR HEADERS (hiredis/*.h)

      ARE NOT INSTALLED PROPERLY ON THIS SYSTEM.

      THAT'S OK BUT THE TURN SERVER IS BUILDING WITHOUT REDIS SUPPORT.

 

      This message i have ignored as i'm not sure if it will be an issue & installed Turn Server by Make & Make Install Command.

      Turn Server Got Installed .

 6.  Created a configuration file ,

       /etc/turnserver.conf & added the below , with a random port 5555. (not sure if this way it will work)

       

 #setting static accounts

# Remember, "static" accounts are not dynamically checked by the turn server process.

user=username:password

# listen ports

listening-port=3478

listening-ip=loacl private ip of server where turn is running

       

 7.  I've tried to Run The TURN Server with the below command 

      turnserver -X <Public.Ip of server> -a -b turnuserdb.conf -f -r null

             

8. I've modified the script  (call.htm) of my SIPML5 ( like http://sipml5.org/call.htm?svn=230 this page i've my own designed page) client page in this way

    // **** Begin Abhisek Modified for using own TURN Server ****

         //window.localStorage.setItem('org.doubango.expert.ice_servers', "[{ url: 'stun:stun.l.google.com:19302'}]");

           window.localStorage.setItem('org.doubango.expert.ice_servers', "[{ url: 'turn:<private ip>:<3478>'}]");

         // **** End Abhisek Modified for using own TURN Server ****

Can you guys give some more suggestion if this all way is proper ??? Or do i need to have some more different setup for having my own TURn server ??  

[Christoffer Jansson]

Hi,

I'm not sure I understand (sorry, the format of your post is really hard to read) but are you having issues starting the turn server or configuring your firewall?  What is the actual problem?

Without knowing exactly what's wrong, I would first make sure it works locally within your network. Then configure your firewall (port forwarding, DMZ and/or whatever else is required in your router/gateway/firewall to expose a server to the internet) to expose the TURN server to the internet, then test again using the -X <your public ip> flag as you mentioned.

/Chris

--

---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/6dd0fa60-5470-4bf6-a888-8e5aca11c9a5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Abhisek Panda]

Hi Jansson,

                  I did a set up of turn server in a local linux server machine. With using turn server my audio call is working with in 2 clients if they are under same wifi . It is also working with one client is in a wifi and other client is connected using data card. But it is failing in case where clients are connected under different wifi. I've tried using viagene / numb turn server by using which i was able to do audio call with between clents in different wifi as well but now i want to have my own turn server which can work for clients under different wifi which is failing for me .

Thanks   

[Christoffer Jansson]

Are these wifi's on different subnets? I.e. routing is required between them?

To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/5f764c5b-8d62-4164-b285-a167d48207b7%40googlegroups.com.

[Christoffer Jansson]

Just to add some info here which I also mentioned previously, you have to make your turn server accessible from wherever you want to access it from, e.g. if you want your clients to reach the turn server via public internet, you need to make sure to setup the appropriate firewall rules to allow your clients to reach the TURN server.

[Abhisek Panda]

Are these wifi's on different subnets? I.e. routing is required between them? --- YES , wifi's  are under different subnets most probably as i'm calling from one client under one wifi of a country to other client under other wifi of another country.

 if you want your clients to reach the turn server via public internet -- I'm starting my turn server services using -X <public ip of turn server> option 

The only thing is my turn server is behind NAT instead of in public internet.

[Christoffer Jansson]

On Wed, Aug 26, 2015 at 2:17 PM Abhisek Panda <abhise...@gmail.com> wrote:

Are these wifi's on different subnets? I.e. routing is required between them? --- YES , wifi's  are under different subnets most probably as i'm calling from one client under one wifi of a country to other client under other wifi of another country.

It's better if you reference to this as different locations/network rather than Wifi to make it clear that they cannot directly talk to each other.

 if you want your clients to reach the turn server via public internet -- I'm starting my turn server services using -X <public ip of turn server> option 

The only thing is my turn server is behind NAT instead of in public internet.

Most things are connecting to the internet via NAT today. So once again, you need to configure our external entity whatever it might be (router, gateway, firewall) to route traffic from your public IP to your TURN server's internal IP. 

To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/5a70093b-6c54-458d-90f4-8c0a74f67b37%40googlegroups.com.