Why is a Turn Server Necessary?
1,506 views
Skip to first unread message
Geige
Nov 3, 2017, 8:56:43 PM11/3/17
to meetecho-janus
Hi!
When Stun/Turn servers are mentioned in the docs, and in this group, the consensus seems to be that Janus only needs them if it is behind a Firewall/NAT -- O.K, makes sense. However, this statement is often followed by some version of "clients connecting to Janus still may need to use a Stun or Turn server themselves". I understand that a Stun is important for clients behind NATs, but I cannot understand why they would ever need a Turn server if Janus is publicly available. Isn't Janus essentially acting as a kind of Turn server itself? Why would a client ever be unable to connect to Janus, but able to connect to a Turn, if the Janus Gateway is publicly accessible?
Cheers,
Geige
Lorenzo Miniero
Nov 4, 2017, 3:48:51 AM11/4/17
to meetecho-janus
Janus is not a TURN server, nor does it act like one. It's true that if Janus is truly publicly reachable, some scenarios where users might need a TURN server (e.g., symmetric NAT) may not need one thanks to prflx candidates. Anyway, that's not enough when the user is in some kind of filtered network, e.g., one that only allows some ports or protocols to go through (e.g., UDP forbidden, or only 443 traffic). A TURN server exposes a single port to users, which means it's much easier for them to connect and talk to the TURN server, rather than negotiating a media session with Janus directly where Janus allocates different ports dynamically for each session.
L.
Geige
Nov 4, 2017, 1:26:30 PM11/4/17
to meetecho-janus
Ah I see, makes sense. Thank you!
sisnia...@gmail.com
Nov 20, 2017, 10:01:29 AM11/20/17
to meetecho-janus
In this case, could a TURN server be installed on the same machine as Janus and open the TURN port? Is it advisable not to use the same server?
Even if it has nothing to do with Janus, does anyone know of an open source solution for deploying a TURN server? Thank you in advance.
Mirko Brankovic
Nov 20, 2017, 10:26:31 AM11/20/17
to meetecho-janus
Yes, you can use for example:
I used it on same server where Janus is, which should lower the BTW usage between Turn and Janus since it is routed over local interface.
and you can open only 443 tcp towards clents if the block 99% of the udp traffic
--
You received this message because you are subscribed to the Google Groups "meetecho-janus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to meetecho-janus+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Regards,
Mirko
sisnia...@gmail.com
Nov 20, 2017, 10:45:19 AM11/20/17
to meetecho-janus
Thanks Mirko, but I don't understand about opening only port 443.
My instance currently opens the following ports (public):
- 8089 and 8989 TCP - Janus API
- 443 TCP - Janus Web Demos
- RTP Range UDP
If I install a TURN server on the same machine, for example on the port 13478 TCP
I need to open this port too, so that all customers can operate properly.
Is this all right?
One more question, coturn allows you to create a generic user that I can set in the IceServers array (servers.js) and everyone could connect correctly?
Thank you very much
To unsubscribe from this group and stop receiving emails from it, send an email to meetecho-janu...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--Regards,Mirko
Mirko Brankovic
Nov 20, 2017, 11:15:11 AM11/20/17
to meetecho-janus
Well you will face 'Corporate firewalls' that will drop all UDP traffic or face symmetrical NAT problems for which you will have to push all RTP through some common TCP port that is always opened (like I had to), so then all the client needs is turn server in iceServers .
To unsubscribe from this group and stop receiving emails from it, send an email to meetecho-janus+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Regards,
Mirko
sisnia...@gmail.com
Nov 20, 2017, 12:01:10 PM11/20/17
to meetecho-janus
Are there corporate networks that only allow traffic 443?
In that case, I'll need two servers, one for Janus and one for CoTurn.
Is that correct?
Thanks!
Mirko Brankovic
Nov 20, 2017, 2:17:04 PM11/20/17
to meetecho-janus
Well doesn't mean you will have clients in such restrictive networks, maybe they can open 4333 for example and the you can use one server ;)
To unsubscribe from this group and stop receiving emails from it, send an email to meetecho-janus+unsubscribe@googlegroups.com.
Mirko Brankovic
Nov 20, 2017, 2:19:56 PM11/20/17
to meetecho-janus
I probably can't explain exactly since I don't fully understand it, but mayne you can look for some posts about it like this:
Reply all
Reply to author
Forward
0 new messages