Kurento Media Server working outside LAN

[ricardo.t...@gmail.com]

Hi there,

I'm having trouble trying to use Kurento outside my private LAN. I'm testing the One2One Call example and within my LAN no problem at all.
If I use the public IP for the KMS I get no video feed.
I get the Received message: {"id":"callResponse","response":"accepted","sdpAnswer" ....
and then "SDP answer received, setting remote description", but after that nothing happens

I did the announcedAdress, installed the coturn and it's not working...
Already installed KMS on a Amazon EC2 and followed all the steps and I get the same problem.

On the callResponse message I always get the server internal IP and not the public one, is this the problem?

I appreciate any help!

[Ivan Gracia]

Did you change the configuration in the kurento.conf.json file? Have a look at this answer.

By the way, you won't need coturn in AWS: it's enough with a public STUN server.

Cheers,

Ivan Gracia

--
You received this message because you are subscribed to the Google Groups "kurento" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kurento+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ricardo.t...@gmail.com]

I've change the file, and used all possible combinations. Only turnURL, only stun, both and always with the same results.

[Ivan Gracia]

Did you change the security group to enable UDP traffic?

[Ricardo Magalhães]

Yes, I opened all UDP and TCP ports just in case, but it didn't work.

--
Ricardo Magalhães

--
You received this message because you are subscribed to a topic in the Google Groups "kurento" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/kurento/t6g6G9kyeyw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to kurento+u...@googlegroups.com.

[Ivan Gracia]

I'm assuming here that the demo is deployed in the same machine as the KMS instance, is that correct? Could you give us the url where the demo is deployed?

There must be a configuration error that we are missing somewhere, or one of the firewalls is blocking UDP traffic.

Ivan Gracia

[ricardo.t...@gmail.com]

Yes, the demos are deployed on the same machine as the KMS.
The URL is http://79.168.55.55:8083/
This is my server with the demos and KMS deployments

Thank you for your help!

Ivan Gracia

--
Ricardo Magalhães

To unsubscribe from this group and stop receiving emails from it, send an email to kurento+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "kurento" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/kurento/t6g6G9kyeyw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to kurento+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jose Antonio Santos Cadenas]

It seems that your mediaserver does not have a stun configured, 

{"id":"startCommunication","sdpAnswer":"v=0\r\no=- 7590509659519720839 0 IN IP4 0.0.0.0\r\ns=TestSession\r\nc=IN IP4 0.0.0.0\r\nt=0 0\r\na=group:BUNDLE audio video\r\nm=audio 35234 RTP/SAVPF 0\r\nc=IN IP4 192.168.0.10\r\na=rtpmap:0 PCMU/8000\r\na=sendrecv\r\na=rtcp:35234 IN IP4 192.168.0.10\r\na=ice-ufrag:Su3+\r\na=ice-pwd:IzrJoDcjmcX724cYLUUU/0\r\na=fingerprint:sha-256 55:B1:68:22:3B:CF:BF:BF:5F:E0:1C:1B:B1:AB:30:97:4B:1B:C8:F7:27:A8:00:52:4F:DA:91:B7:E4:37:8A:04\r\na=rtcp-mux\r\na=candidate:1 1 UDP 2013266431 192.168.0.10 35234 typ host\r\na=ssrc:1213307920 cname:user1438525053@host-a6c8791\r\nm=video 35234 RTP/SAVPF 100\r\nc=IN IP4 192.168.0.10\r\na=rtpmap:100 VP8/90000\r\na=sendrecv\r\na=rtcp-fb:100 ccm fir\r\na=rtcp-fb:100 nack\r\na=rtcp-fb:100 nack pli\r\na=rtcp:35234 IN IP4 192.168.0.10\r\na=ice-ufrag:Su3+\r\na=ice-pwd:IzrJoDcjmcX724cYLUUU/0\r\na=fingerprint:sha-256 55:B1:68:22:3B:CF:BF:BF:5F:E0:1C:1B:B1:AB:30:97:4B:1B:C8:F7:27:A8:00:52:4F:DA:91:B7:E4:37:8A:04\r\na=rtcp-mux\r\na=candidate:1 1 UDP 2013266431 192.168.0.10 35234 typ host\r\na=ssrc:605326937 cname:user1438525053@host-a6c8791\r\n"} 

As you can see only ip 192.168.0.10 is received as candidate.

If you think that your configuration is correct you may need to restart your mediaserver.

[Ivan Gracia]

The SDP that you KMS is sending you is not showing any STUN candidate. Are you sure that you have a STUN server configured, and that the STUN port is open in your security group?

Ivan Gracia

[ricardo.t...@gmail.com]

On the /etc/init.d/coturn

DAEMON_ARGS="-c /etc/turnserver.conf -f -o -a -v -r kurento.org -u kurento:kurento --no-stdout-log -o --external-ip $EXTERNAL_IP/$LOCAL_IP"
PIDFILE_DIR=/var/run
PIDFILE=/var/run/$PROCNAME.pid
SCRIPTNAME=/etc/init.d/$NAME
USER=turnserver
GROUP=turnserver
EXTERNAL_IP=79.168.55.55
LOCAL_IP=$(hostname -i)

On the /etc/kurento/kurento.conf.json

    "WebRtcEndpoint" : {
         "stunServerAddress" : "79.168.55.55", // Only IP address are supported
         "stunServerPort" : 3478,
        // turnURL gives the necessary info to configure TURN for WebRTC.
        //    'address' must be an IP (not a domain).
        //    'transport' is optional (UDP by default).
         "turnURL" : "kurento:kur...@79.168.55.55:3478"
        // "pemCertificate" : "file"
      },

Ports 3478 TCP & UDP and 49152 - 65535 UDP are open

[Ivan Gracia]

I think that you coturn server might be down, since telnet 79.168.55.55 3478 doesn't yield anything, so either there was nothing there listening, or the port was closed.

Did you enable coturn to run as a service? You need to edit /etc/defaults/coturn and set the value TURNSERVER_ENABLED=1, otherwise sudo service start coturn does nothing.

Another thing you could do, is to change the STUN server to a different one, stun.l.google.com for instance (173.194.78.127:19302  and remember to open the port). You really don't need that STUN server in your AWS instance.

Ivan Gracia

[ricardo.t...@gmail.com]

I'm sorry, with all the restarts and config changes I forgot to start the coturn server.
It is started now, but still not working. I think the SDP should have more info now.

By the way, this server (79.168.55.55) is not the AWS server.

[Ivan Gracia]

In your configuration files for coturn and the webrtcendpoint block from Kurento.conf.json, you have to set the public IP of the server where your coturn is running.

I'd suggest you try to use the configuration I posted earlier, using a public STU

[ricardo.t...@gmail.com]

The coturn is running on the same server as the demo and the KMS which is 79.168.55.55

[Ivan Gracia]

Sorry, clipped the message...

Try to use a public STUN server just to take your coturn instance out of the equation.

[ricardo.t...@gmail.com]

So in the /etc/kurento/kurento.conf.json use this settings and no turnURL:

  "WebRtcEndpoint" : {
         "stunServerAddress" : "173.194.78.127", // Only IP address are supported
         "stunServerPort" : 19302

        // turnURL gives the necessary info to configure TURN for WebRTC.
        //    'address' must be an IP (not a domain).
        //    'transport' is optional (UDP by default).

        // "turnURL" : "kurento:kur...@79.168.55.55:3478"
        // "pemCertificate" : "file"
      },

Correct?

[Ivan Gracia]

Yeah, check that. I still get no answer when I telnet that IP and port, which is weird if coturn is indeed running, and the ports are open.

[Ricardo Magalhães]

I'm sorry once again, but I already stopped the coturn server to test the public STUN server.

And it's working!

I will now test with my Java application, so keep your fingers crossed.

--
Ricardo Magalhães

[develop...@gmail.com]

Any updates? 
I've been stuck with the same problem. 

[Ivan Gracia]

Ricardo was able to get the video after fixing the configuration. Where are you stuck? 

--

Ivan Gracia

[mohit....@gmail.com]

in your co turn configuration you need to add
EXTERNAL_IP=79.168.55.55
LOCAL_IP=$(hostname -i)

before the Daemon_args variable not after.

[mohit....@gmail.com]

i am stuck on the same issue when i add the below line my kms doesn't start

"stunServerAddress" : "173.194.78.127", // Only IP address are supported
"stunServerPort" : 19302

i am working on grouo call, the other participant's video is coming as blank screen.

[mac...@gmail.com]

Same here! 

I am pretty sure everything is configured correctly, as I have tried the UDP SNAT Forwards using netcat and if I connect to the TURN/KMS Server via a 3G (Mobile) connection, I  can see the viewer video nicely, but

not over my NATed home router...

What is confusing to me: where do we need to install the coturn server? I have tried both, with and without NATing and it changed nothing. (The tutorial includes external and local IP, so that would hint to a NAT. 

[mohit vijayvargia]

I followed this post to configure coturn server, i am not able to see other participant's video feed. i am not sure what i am doing wrong here. below is the sdp response and my public ip is 54.68.200.228

Received message: {"id":"startCommunication","sdpAnswer":"v=0\r\no=- 5236511141477532327 0 IN IP4 0.0.0.0\r\ns=TestSession\r\nc=IN IP4 0.0.0.0\r\nt=0 0\r\na=group:BUNDLE audio video\r\nm=audio 41201 RTP/SAVPF 0\r\nc=IN IP4 172.31.4.116\r\na=rtpmap:0 PCMU/8000\r\na=sendrecv\r\na=rtcp:41201 IN IP4 172.31.4.116\r\na=ice-ufrag:TWC8\r\na=ice-pwd:2eWzHE1gKWxupi7G40zNn+\r\na=fingerprint:sha-256 B1:F1:0C:41:7C:6E:A5:81:D0:3B:CB:DD:64:05:A2:D7:98:BB:F1:AB:F7:5E:46:28:4D:0E:67:94:64:77:43:0A\r\na=rtcp-mux\r\na=candidate:1 1 UDP 2013266431 172.31.4.116 41201 typ host\r\na=ssrc:863004924 cname:user1855450298@host-6e865631\r\nm=video 41201 RTP/SAVPF 100\r\nc=IN IP4 172.31.4.116\r\na=rtpmap:100 VP8/90000\r\na=sendrecv\r\na=rtcp-fb:100 ccm fir\r\na=rtcp-fb:100 nack\r\na=rtcp-fb:100 nack pli\r\na=rtcp:41201 IN IP4 172.31.4.116\r\na=ice-ufrag:TWC8\r\na=ice-pwd:2eWzHE1gKWxupi7G40zNn+\r\na=fingerprint:sha-256 B1:F1:0C:41:7C:6E:A5:81:D0:3B:CB:DD:64:05:A2:D7:98:BB:F1:AB:F7:5E:46:28:4D:0E:67:94:64:77:43:0A\r\na=rtcp-mux\r\na=candidate:1 1 UDP 2013266431 172.31.4.116 41201 typ host\r\na=ssrc:1068638041 cname:user1855450298@host-6e865631\r\n"}

[mac...@gmail.com]

You seem to be missing the public IP candidate, just like I do :(

[mac...@gmail.com]

For me it is running now, I used a public (google) STUN server and KMS behind a NAT (shorewall+proxmox). 

[Ivan Gracia]

Be aware that $(hostname -i) has to resolve to the private IP, not localhost. Maybe you need to modify your /etc/hosts, or just fix the private IP there. If you are deploying in AWS, or a similar cloud infrastructure, you can use the metadata distribution web-server in 169.254.169.254

EXTERNAL_IP=$(curl http://169.254.169.254/latest/meta-data/public-ipv4)
LOCAL_IP=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)

This will always return public and local IPs for your machine.

Ivan Gracia

--

[David Gonzalez Cagigas]

I'm stucked with a similar problem.

As far as i know I don't have to install a turn server if I use a STUN server, right? I'm using a STUN public server. And my conf files are like:

/etc/kurento/modeules/kurento/WebRtcEndpoint.conf.ini

stunServerAddress=173.194.66.127
stunServerPort=19302

/etc/kurento/kurento.conf.json

{
  "mediaServer" : {
 /*   "resources": {
    //  //Resources usage limit for raising an exception when an object creation is attempted
    //  "exceptionLimit": "0.8",
    //  // Resources usage limit for restarting the server when no objects are alive
    //  "killLimit": "0.7",
        // Garbage collector period in seconds
        "garbageCollectorPeriod": 240
    },*/
    "net" : {
      // Uncomment just one of them
      /*
      "rabbitmq": {
        "address" : "127.0.0.1",
        "port" : 5672,
        "username" : "guest",
        "password" : "guest",
        "vhost" : "/"
      }
      */
      "websocket": {
        "port": 8080,
        "secure": {
          "port": 8433,
          "certificate": "defaultCertificate.pem",
          "password": ""
        },
        "path": "kurento",
        "threads": 10
      }
    }
  },
  "modules": {
    "kurento": {
      "SdpEndpoint" : {
        "sdpPattern" : "sdp_pattern.txt"
      },
      "HttpEndpoint" : {
        // "serverAddress" : "localhost",
        /*
          Announced IP Addess may be helpful under situations such as the server needs
          to provide URLs to clients whose host name is different from the one the
          server is listening in. If this option is not provided, http server will try
          to look for any available address in your system.
        */
  //       "announcedAddress" : "52.50.75.253"
      },
      "WebRtcEndpoint" : {
         "stunServerAddress" : "173.194.66.127",

         "stunServerPort" : 19302
        // turnURL gives the necessary info to configure TURN for WebRTC.
        //    'address' must be an IP (not a domain).
        //    'transport' is optional (UDP by default).

       // "turnURL" : "kurento:kur...@52.50.75.253:3478"
        // "pemCertificate" : "file"
// "announcedAddress" : "52.50.75.253"
      },
      "PlumberEndpoint" : {
        // "bindAddress" : "localhost",
        /*
          Announced IP Address may be helpful under situations such as the endpoint needs
          to provide an IP address to clients whose host name is different from the one
          that the element is listening in. If this option is not provided, the bindAddress
          will be used instead.
        */
    //     "announcedAddress" : "52.50.75.253"
      }
    },
    "WebRtcEndpoint" : {
         "stunServerAddress" : "173.194.66.127",
         "stunServerPort" : 19302
        // "stunServerAddress" : "stun ip address",
        // "stunServerPort" : 3478,

        // turnURL gives the necessary info to configure TURN for WebRTC.
        //    'address' must be an IP (not a domain).
        //    'transport' is optional (UDP by default).

        // "turnURL" : "kurento:kur...@193.147.51.36:3478"
        // "pemCertificate" : "file"
       // "turnURL" : "kurento:kur...@52.50.75.253:3478"
     }




    //"module1": { …. }
    //"module2": { …. }
  }
}

All ports needed are opened, I'm testing with tutorial kurento-one2many-call (node). Everything seems to work but when I try to get the video from the viewer I just get the loading image. 

Any suggestion?

[Ivan Gracia]

This is all over the list, man: test the stun server you are using with this page ;-) Basically, the STUN server you are using is not working. It is also at the top of /etc/kurento/modeules/kurento/WebRtcEndpoint.conf.ini, the first file you pointed to

; Only IP address are supported, not domain names for addresses
; You have to find a valid stun server. You can check if it works
; usin this tool:
;   http://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/

Always check the STUN server, as those IPs might change.

Ivan Gracia

--

You received this message because you are subscribed to the Google Groups "kurento" group.

To unsubscribe from this group and stop receiving emails from it, send an email to kurento+unsubscribe@googlegroups.com.

​

[David Gonzalez Cagigas]

Yes, I've checked and the STUN servers are working. When I check the connection in chrome://webrtc-internals/ the STUN server is different as my configuration. Does it make any sense?

David

To unsubscribe from this group and stop receiving emails from it, send an email to kurento+u...@googlegroups.com.

​

[Ivan Gracia]

David,

That STUN server is not working, or at least it's not working for me. Make sure you remove the existing STUN server before testing, otherwise you will be contaminating your test.

Ivan Gracia

To unsubscribe from this group and stop receiving emails from it, send an email to kurento+unsubscribe@googlegroups.com.