Camera beind a firewall & KMS in amazon
237 views
Skip to first unread message
Sandeep M R
Nov 20, 2015, 6:40:02 AM11/20/15
to kurento
Hi,
I am using kurento & TURN in docker containers. They all work well when the camera is in the same network. However, the ice connection fails if we put the kurento server in a subnet which has a VPN connection to the network containing the camera. To explain my question better, below are two images of what works and what does not.
Works:
Does not work:
What is the error?
Questions:
- Is it required that the client has direct access to camera?
- What ports should the VPN allow?
- Does kurento recommend any specific inbound and out-bound settings for security group in amazon?
- What could be the reason for above failure?
Thank you in advance for your time and help.
Best regards,
Sandeep
Jose Antonio Santos Cadenas
Nov 20, 2015, 10:13:45 AM11/20/15
to kurento
Have you configured a stun server properly? It seems like chrome cannot establish connection with kms. There are quite a lot of post in the list talking about how to configure correctly a stun server in amazon.
Cheers.
--
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kurento+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Sandeep M R
Nov 21, 2015, 5:44:06 AM11/21/15
to kurento
Hi Jose,
I've used coturn(stun\turn) and I believe that it has been configured correctly. I verified that by configuring my working setup (KMS in docker container inside a virtual box) with the STUN\TURN on remote machine(amazon instance). I could also see some logs in the KMS related to the pipeline creation. What ports does KMS use to communicate with the camera?
Does my other 4 questions make any sense?
Kind Regards,
Sandeep
I've used coturn(stun\turn) and I believe that it has been configured correctly. I verified that by configuring my working setup (KMS in docker container inside a virtual box) with the STUN\TURN on remote machine(amazon instance). I could also see some logs in the KMS related to the pipeline creation. What ports does KMS use to communicate with the camera?
Does my other 4 questions make any sense?
Kind Regards,
Sandeep
Sandeep M R
Nov 21, 2015, 7:21:56 AM11/21/15
to kurento
Hi Jose,
I quick update. You are right that the browser is not able to connect to the server. The iceCandidate is referring to the private IP of the amazon instance even though the connection is tried using a public IP. How is it possible? I've provided the IP address and no DNS names in any of the configurations. I've double checked the configurations.
Best Regards,
Sandeep
I quick update. You are right that the browser is not able to connect to the server. The iceCandidate is referring to the private IP of the amazon instance even though the connection is tried using a public IP. How is it possible? I've provided the IP address and no DNS names in any of the configurations. I've double checked the configurations.
Best Regards,
Sandeep
Jose Antonio Santos Cadenas
Nov 23, 2015, 3:34:04 AM11/23/15
to kur...@googlegroups.com
El sáb., 21 nov. 2015 a las 13:21, Sandeep M R (<mail2s...@gmail.com>) escribió:
Hi Jose,
I quick update. You are right that the browser is not able to connect to the server. The iceCandidate is referring to the private IP of the amazon instance even though the connection is tried using a public IP. How is it possible?
The web socket connection has nothing to do with ICE connection. Ice gets local addresses and then uses STUN to figure out its public address and network topology it does not use any other information like websocket connection. If kms is not capable or getting public addresses it seems like a problem with the STUN configuration. Have you tried you stun configration using the url specified in kms configuration file?
I've provided the IP address and no DNS names in any of the configurations. I've double checked the configurations.
I know you have double checked the configuration but would you let us check it also? Maybe what you need is more eyes looking for the problem.
Best Regards,
Sandeep
Sandeep M R
Nov 23, 2015, 4:24:10 AM11/23/15
to kurento
Hi Jose,
Yes, the configuration is done correctly. Below is the screen shot from kurento execution log. I destroyed & created a new container. With that, the client is able to connect to the kms. But still no video data on the UI.
Are there any logs from KMS which can confirm any communication with the camera?
Best Regards,
Sandeep
Yes, the configuration is done correctly. Below is the screen shot from kurento execution log. I destroyed & created a new container. With that, the client is able to connect to the kms. But still no video data on the UI.
Are there any logs from KMS which can confirm any communication with the camera?
Best Regards,
Sandeep
Sandeep M R
Nov 25, 2015, 5:42:30 AM11/25/15
to kurento
Hi Jose,
based on this suggestion, I added below changes in my js code. But I still cannot see any video.
Below is my current configuration and setup.
I really appreciate your time and support.
Best Regards,
Sandeep
based on this suggestion, I added below changes in my js code. But I still cannot see any video.
Below is my current configuration and setup.
- Installed coturn in amazon. Configured external Ip, internal ip and credentials in /etc/init.d/coturn. Tested this with a KMS running on a docker container in local machine. It works fine.
- Installed KMS in amazon. Provided the stun and turn configurations in /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini. (Just replicated the working setup)
- Based on this suggestion, modified the web application’s java script.
I really appreciate your time and support.
Best Regards,
Sandeep
Ivan Gracia
Nov 25, 2015, 9:19:44 AM11/25/15
to Kurento Public
Did you open the UDP ports in your KMS instance?
Ivan Gracia
Sandeep M R
Nov 25, 2015, 9:38:11 AM11/25/15
to kurento
Hi Ivan Gracia,
Yes. I have opened up all ports(for http,udp, tcp etc) in inbound and outbound settings. No restrictions for any port.
Best Regards,
Sandeep
Yes. I have opened up all ports(for http,udp, tcp etc) in inbound and outbound settings. No restrictions for any port.
Best Regards,
Sandeep
Ivan Gracia
Nov 25, 2015, 10:23:35 AM11/25/15
to Kurento Public
Could you try removing references to your coturn instance? Use any other publicly available STUN server, but make sure it works first using this test page. Don't forget to remove the one configured already.
Ivan Gracia
Jose Antonio Santos Cadenas
Nov 25, 2015, 11:44:41 AM11/25/15
to Kurento Public
From your previous post, I understand that the webrtc connction is working, but not the connection to the camera that is in a vpn.
You can try easily if the webrtc connection is working changing the player url by a different video url (accessible publicly) if that works, then you have to solve the problem of accessing to your camera. Trying to solve both problems at once will be very hard.
Ivan Gracia
Nov 25, 2015, 12:06:49 PM11/25/15
to Kurento Public
Oh, I got lost in the chain of mails, and didn't remember we were looking for a non-working VPN camera 😂 What Jose says makes more sense, if the WebRTC connection is working.
Ivan Gracia
Sandeep M R
Nov 27, 2015, 8:36:42 AM11/27/15
to kurento
Is there any logs from kurento client (both java and js) which confirms the connection with KMS and further.
I would like to show the below 2 screen shots. For the working solution, I see additional candidates compared with the "not working" solution.
And here is the logs when hosted in AWS:
What does it mean?
Best Regards,
Sandeep
I would like to show the below 2 screen shots. For the working solution, I see additional candidates compared with the "not working" solution.
And here is the logs when hosted in AWS:
What does it mean?
Best Regards,
Sandeep
Ivan Gracia
Nov 27, 2015, 5:05:12 PM11/27/15
to Kurento Public
As Jose says, I'd suggest you take the camera out of the equation. For that, you can take the hello-world demo, and test it in both instances of KMS. Once you check that, I think we can move on to something else, but we need to make sure that the basics are working.
Ivan Gracia
Sandeep M R
Dec 7, 2015, 9:51:25 AM12/7/15
to kurento
Hey Jose and Ivan. It finally works. Thank you for the time and support you both have provided.
There were some restrictions configured in the firewall which was stopping the camera to be accessible over rtsp. That resolved the issue. Also, I modified my docker run from "-p 8888:8888" to '--net=host". Just exposing port 8888 did not work.
Best Regards,
Sandeep
There were some restrictions configured in the firewall which was stopping the camera to be accessible over rtsp. That resolved the issue. Also, I modified my docker run from "-p 8888:8888" to '--net=host". Just exposing port 8888 did not work.
Best Regards,
Sandeep
Ivan Gracia
Dec 7, 2015, 9:53:54 AM12/7/15
to Kurento Public
Thanks for the feedback!
There were some restrictions configured in the firewall which was stopping the camera to be accessible over rtsp
That's normally the case ;-)
Cheers,
Ivan Gracia
Reply all
Reply to author
Forward
0 new messages