V 1.08 TURN server configuration

[joonaski]

Hello

Just updated our easyRTC version from 0.9 to 1.08. The server configuration has been changed a bit, but I got everything else running smoothly but the TURN server configuration.

Connection to the server seems to be working fine, but when I tested the simple video/audio demo and tried to connect to another user, it creates this error:

Uncaught buildPeerConnection failed, call not completed

Am I doing something wrong?

Below is my server.js configuration:

// Load required modules

var https   = require("https");     // https server core module

var fs      = require("fs");        // file system core module

var express = require("express");   // web framework external module

var io      = require("socket.io"); // web socket external module

var easyrtc = require("easyrtc");   // EasyRTC external module

// Setup and configure Express http server. Expect a subfolder called "static" to be the web root.

var httpApp = express();

httpApp.configure(function() {

    httpApp.use(express.static(__dirname + "/static/"));

});

// Start Express https server on port 8443

var webServer = https.createServer(

{

    key:  fs.readFileSync('/ssl/***.pem'),

    cert: fs.readFileSync('/ssl/***.pem')

},

httpApp).listen(8443);

// Start Socket.io so it attaches itself to Express server

var socketServer = io.listen(webServer, {"log level":1});

// Start EasyRTC server

var rtc = easyrtc.listen(httpApp, socketServer);

easyrtc.setOption("appIceServers", [

  {url: "turn:[id]@[ip]:[port]", credential:"[credentials]"}

]);

[joonaski]

UPDATE: My TURN server config looks actually more like this

easyrtc.setOption("appIceServers", [

  {url: "turn:my...@turn.example.com:3478", credential:"mycredentials"}

]);

[Fabian Bernhard]

I think you should use the following syntax:

 {
     url: "turn:turn.example.com:3478",
     username: "myid",
     credential: "mycredentials"
}

Thats at least how it works for me

[joonaski]

Ok. I think I got a solution for this. TURN should be configured something like this:

We didn't get it working with port 80, but when using port 53(DNS) it runs smoothly through our and other tested firewalls.

var myIceConfig = [

  {

    url:"turn:turn.example.com:53",

    username:"myid",

    credential:"mycredentials"

  },

 

  {

    url:"turn:turn.example.com:53?transport=tcp",

    username:"myid",

    credential:"mycredentials"

  }

];

easyrtc.setOption("appIceServers", myIceConfig);

[joonaski]

Yes. Thank you very much!

Joonas

[Eric Davies]

In theory, easyrtc was supporting urls of the form turn:name@address, but on careful examination, I realized it was losing the "turn:" part of the url and that was causing your problem. I've just pushed a new version to the beta branch that:

  1) stops trying to handle the turn:name@address form and instead gives you a meaningful error message if you don't supply the username field.

  2) doesn't strip out ice server entries that have the "?transport=" on Firefox (Firefox used to choke on "?transport=").

My thanks to both of you, Joonas and Fabian, for bringing this to my attention. 

[program...@gmail.com]

I have installed coturn and when I access http://serverip:3478 I get response
"TURN Server
use https connection for the admin session"
and when I access https://serverip:5349 I get response
"TURN Server
https admin connection
To use the HTTPS admin connection, you have to set the database table admin_user with the admin user accounts."
Is that ok ?
*Also tell me what to put for realm="" and server-name="" if I have only IP of server. Can I keep IP for both variables ?*

Following is my turnserver.conf

------------------------------------

# you can listen ports 3478 and 5349 instead of 80/443
listening-port=3478
tls-listening-port=5349

listening-ip=165.227.***.***

relay-ip=165.227.***.***

user=admin:admin101
#proc-user=turnserver
#proc-group=turnserver
lt-cred-mech
total-quota=100
stale-nonce
#no-stun
userdb=/usr/local/var/db/turndb

# use real-valid certificate/privatekey files
cert=/usr/local/etc/turn_server_cert.pem
pkey=/usr/local/etc/turn_server_pkey.pem

#no-stdout-log
------------------------------------

Now when I run command sudo turnserver ( on ubuntu 16 box) I get following console messages
----------------------------------------------------------
0: log file opened: /var/log/turn_5897_2018-06-06.log
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.0.7 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 1048576
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0:

==== Show him the instruments, Practical Frost: ====

0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.2g  1 Mar 2016 (0x1000207f)
0:
0: SQLite supported, default database location is /usr/local/var/db/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

0: Config file found: /root/../etc/turnserver.conf
0: Listener address to use: 165.227.***.***
0: Relay address to use: 165.227.***.***
0: Config file found: /root/../etc/turnserver.conf
0: Domain name:
0: Default realm: happi.online
0: SSL23: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: SSL23: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS1.0: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.0: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS1.1: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.1: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: TLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: TLS cipher suite: DEFAULT
0: DTLS1.2: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: DTLS1.2: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: DTLS: Certificate file found: /usr/local/etc/turn_server_cert.pem
0: DTLS: Private key file found: /usr/local/etc/turn_server_pkey.pem
0: DTLS cipher suite: DEFAULT
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
0: Wait for relay ports initialization...
0:   relay 165.227.***.*** initialization...
0:   relay 165.227.***.*** initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: Total General servers: 2
0: IO method (admin thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /usr/local/var/db/turndb

----------------------------------------------------------

I have following in my server.js ( easyRTC)
var myIceServers = [
 
 
 {
    url:"turn:165.227.***.***:3478",
    username:"admin",
    credential:"admin101"
   
  },
  {
    url:"turn:165.227.***.***:3478?transport=tcp",
    username:"admin",
    credential:"admin101"
   
  },
  {"url":"turn:stun.antisip.com:3478"}
];
easyrtc.setOption("appIceServers", myIceServers);
easyrtc.on("getIceConfig", function(connectionObj, callback){
  callback(null, myIceServers);
});

I am running https://165.227.***.***:8443/demos/demo_ice_filter.html in Firefox and in Chrome but when I try to connect for video call I am always getting error
uncaught exception: buildPeerConnection failed, call not completed
What wrong I am doing ? please tell me if I need to set database for turnserver or need to change variables ?