Aug 19 01:50:41 ns429490 turnserver: 59501: IPv4. tcp or tls connected to: 54.90.24.232:44760
Aug 19 01:50:43 ns429490 turnserver: 59502: session 005000000000000018: TCP socket closed remotely 54.90.24.232:44760
Aug 19 01:50:43 ns429490 turnserver: 59502: session 005000000000000018: closed (2nd stage), user <>, local 37.x.74:80, remote 54.90.24.232:44760, reason: TCP connection closed by client (callback)
Aug 19 02:20:38 ns429490 turnserver: 61297: IPv4. tcp or tls connected to: 54.166.137.181:53465
Aug 19 02:20:40 ns429490 turnserver: 61299: session 002000000000000009: TCP socket disconnected: 54.166.137.181:53465
Aug 19 02:20:40 ns429490 turnserver: 61299: session 002000000000000009: closed (2nd stage), user <>, local 37.x.74:443, remote 54.166.137.181:53465, reason: TCP socket buffer operation error (callback)
Aug 19 04:28:08 ns429490 turnserver: 68948: IPv4. tcp or tls connected to: 125.107.157.53:1039
Aug 19 04:28:09 ns429490 turnserver: 68949: session 006000000000000011: TCP socket closed remotely 125.107.157.53:1039
Aug 19 04:28:09 ns429490 turnserver: 68949: session 006000000000000011: closed (2nd stage), user <>, local 37..74:443, remote 125.107.157.53:1039, reason: TCP connection closed by client (callback)
FYI - From the following link how do we determine if it was a TLS connection or not? it says "IPv4. tcp or tls". This connection attempt, failed to do successful connection and successful relay, even the candidates where forced to use relay
Aug 19 11:19:27 ns429490 turnserver: 93626: IPv4. tcp or tls connected to: 103.230.104.26:53626
Aug 19 11:19:27 ns429490 turnserver: 93626: IPv4. Local relay addr: 37.x.74:55706
Aug 19 11:19:27 ns429490 turnserver: 93626: session 000000000000000005: new, username=<root>, lifetime=600
Aug 19 11:19:27 ns429490 turnserver: 93626: session 000000000000000005: user <root>: incoming packet ALLOCATE processed, success
Aug 19 11:19:27 ns429490 turnserver: 93626: session 000000000000000005: user <root>: incoming packet ALLOCATE processed, success
Aug 19 11:19:37 ns429490 turnserver: 93636: session 006000000000000012: TCP socket closed remotely 103.230.104.26:53626
Aug 19 11:19:37 ns429490 turnserver: 93636: session 006000000000000012: closed (2nd stage), user <>, local 37.x.74:80, remote 103.230.104.26:53626, reason: TCP connection closed by client (callback)
Aug 19 11:24:58 ns429490 turnserver: 93957: session 000000000000000005: TCP socket closed remotely 103.230.104.26:20857
Aug 19 11:24:58 ns429490 turnserver: 93957: session 000000000000000005: closed (2nd stage), user <root>, local 37.x:80, remote 103.230.104.26:20857, reason: TCP connection closed by client (callback)
Aug 19 11:24:58 ns429490 turnserver: 93957: session 000000000000000005: delete: username=<root>
--
You received this message because you are subscribed to the Google Groups "TURN Server (Open-Source project)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To post to this group, send email to turn-server-project...@googlegroups.com.
Visit this group at http://groups.google.com/group/turn-server-project-rfc5766-turn-server.
For more options, visit https://groups.google.com/d/optout.
[root@ns429490 ~]# ssldump -i eth0
New TCP connection #1: aircel-gprs-15.32.251.27.aircel.co.in(38566) <-> ns429490.ip-37-187-150.eu(22)
New TCP connection #2: dD5E036FE.access.telenet.be(63473) <-> ns429490.ip-37-187-150.eu(5349)
2 1 0.0273 (0.0273) C>S Handshake
ClientHello
Version 3.3
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Unknown value 0xcc14
Unknown value 0xcc13
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
compression methods
NULL
2 2 0.0297 (0.0023) S>C Handshake
ServerHello
Version 3.3
session_id[0]=
cipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
2 3 0.0297 (0.0000) S>C Handshake
Certificate
2 4 0.0297 (0.0000) S>C Handshake
ServerKeyExchange
Not enough data. Found 327 bytes (expecting 32767)
2 5 0.0297 (0.0000) S>C Handshake
ServerHelloDone
2 6 0.0568 (0.0270) C>S Handshake
ClientKeyExchange
Not enough data. Found 64 bytes (expecting 16384)
2 7 0.0568 (0.0000) C>S ChangeCipherSpec
2 8 0.0568 (0.0000) C>S Handshake
2 9 0.0573 (0.0004) S>C Handshake
2 10 0.0573 (0.0000) S>C ChangeCipherSpec
2 11 0.0573 (0.0000) S>C Handshake
2 0.1302 (0.0729) C>S TCP FIN
2 0.1303 (0.0001) S>C TCP RST
New TCP connection #3: 92.222.235.122(49167) <-> ns429490.ip-37-187-150.eu(5349)
3 1 0.0417 (0.0417) C>S Handshake
ClientHello
Version 3.3
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Unknown value 0xcc14
Unknown value 0xcc13
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
compression methods
NULL
New TCP connection #4: 92.222.235.122(49168) <-> ns429490.ip-37-187-150.eu(5349)
4 1 0.0417 (0.0417) C>S Handshake
ClientHello
Version 3.3
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Unknown value 0xcc14
Unknown value 0xcc13
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
compression methods
NULL
3 2 0.0440 (0.0023) S>C Handshake
ServerHello
Version 3.3
session_id[0]=
cipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
3 3 0.0440 (0.0000) S>C Handshake
Certificate
3 4 0.0440 (0.0000) S>C Handshake
ServerKeyExchange
Not enough data. Found 327 bytes (expecting 32767)
3 5 0.0440 (0.0000) S>C Handshake
ServerHelloDone
4 2 0.0440 (0.0022) S>C Handshake
ServerHello
Version 3.3
session_id[0]=
cipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
4 3 0.0440 (0.0000) S>C Handshake
Certificate
4 4 0.0440 (0.0000) S>C Handshake
ServerKeyExchange
Not enough data. Found 327 bytes (expecting 32767)
4 5 0.0440 (0.0000) S>C Handshake
ServerHelloDone
3 6 0.0796 (0.0355) C>S Handshake
ClientKeyExchange
Not enough data. Found 64 bytes (expecting 16384)
3 7 0.0796 (0.0000) C>S ChangeCipherSpec
3 8 0.0796 (0.0000) C>S Handshake
4 6 0.0796 (0.0355) C>S Handshake
ClientKeyExchange
Not enough data. Found 64 bytes (expecting 16384)
4 7 0.0796 (0.0000) C>S ChangeCipherSpec
4 8 0.0796 (0.0000) C>S Handshake
4 9 0.0801 (0.0004) S>C Handshake
4 10 0.0801 (0.0000) S>C ChangeCipherSpec
4 11 0.0801 (0.0000) S>C Handshake
3 9 0.0801 (0.0004) S>C Handshake
3 10 0.0801 (0.0000) S>C ChangeCipherSpec
3 11 0.0801 (0.0000) S>C Handshake
4 0.1509 (0.0708) C>S TCP FIN
4 0.1510 (0.0000) S>C TCP RST
3 0.1679 (0.0878) C>S TCP FIN
3 0.1680 (0.0000) S>C TCP RST
1 3.7430 (3.7430) C>S TCP FIN
1 3.7435 (0.0004) S>C TCP FIN
For the same call TURNSERVER says:
Aug 20 10:31:54 ns429490 turnserver: 177173: IPv4. tcp or tls connected to: 92.222.235.122:49167
Aug 20 10:31:54 ns429490 turnserver: 177173: IPv4. tcp or tls connected to: 92.222.235.122:49168
Aug 20 10:31:54 ns429490 turnserver: 177174: session 006000000000000030: TCP socket disconnected: 92.222.235.122:49168
Aug 20 10:31:54 ns429490 turnserver: 177174: session 006000000000000030: closed (2nd stage), user <>, local 37.187.150.74:5349, remote 92.222.235.122:49168, reason: TCP socket buffer operation error (callback)
Aug 20 10:31:54 ns429490 turnserver: 177174: session 005000000000000029: TCP socket disconnected: 92.222.235.122:49167
Aug 20 10:31:54 ns429490 turnserver: 177174: session 005000000000000029: closed (2nd stage), user <>, local 37.187.150.74:5349, remote 92.222.235.122:49167, reason: TCP socket buffer operation error (callback)
Aug 20 10:36:12 ns429490 kernel: device eth0 left promiscuous mode$ openssl s_client -connect NOTturnserver.mydomain.com:443
Start Time: 1408533632
Timeout : 300 (sec)
Verify return code: 0 (ok)2 - not properly replied for same certificate
$ openssl s_client -connect TURNSERVER.mydomain.com:443
Start Time: 1408538317
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)139787582711624:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
139787582711624:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
Start Time: 1408555977
Timeout : 300 (sec)
Verify return code: 0 (ok)
And when i do real call its failing to connect, like showing forever: "Connecting..."
Aug 20 19:43:17 ns429490 turnserver: 571: IPv4. tcp or tls connected to: 213.224.54.254:50593
Aug 20 19:43:17 ns429490 turnserver: 571: session 003000000000000004: TCP socket disconnected: 213.224.54.254:50593
Aug 20 19:43:17 ns429490 turnserver: 571: session 003000000000000004: closed (2nd stage), user <>, local 37.187.150.74:443, remote 213.224.54.254:50593, reason: TCP socket buffer operation error (callback)
Aug 20 19:43:18 ns429490 turnserver: 572: IPv4. tcp or tls connected to: 213.224.54.254:63923
Aug 20 19:43:18 ns429490 turnserver: 572: session 004000000000000001: TCP socket disconnected: 213.224.54.254:63923
Aug 20 19:43:18 ns429490 turnserver: 572: session 004000000000000001: closed (2nd stage), user <>, local 37.187.150.74:443, remote 213.224.54.254:63923, reason: TCP socket buffer operation error (callback)
$ turnserver --syslog -a --max-bps=3000000 -f -m 10 --user=root:root -r turn.xx.com --cert=ssl.crt --pkey=ssl.key --CA-file=ssl.ca -v --cipher-list="ALL:SSLv2:!eNULL:!aNULL:!NULL"2 - Then checking with the certificate:
$ openssl s_client -connect turn.xxxx.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert Secure Server CA
verify return:1
depth=0 C = BE, ST = Oost-Vlaanderen, L = Buggenhout, O = xxxx, CN = *.xxx.com
verify return:1
140290482374472:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
140290482374472:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
Certificate chain
0 s:/C=BE/ST=Oost-Vlaanderen/L=Buggenhout/O=xxx/CN=*.xxx.com
i:/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA
1 s:/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGrDCCBZSgAwIBAgIQCYoD9ORWB3XN8v8s3sfQRDANBgkqhkiG9w0BAQUFADBI
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSIwIAYDVQQDExlE
aWdpQ2VydCBTZWN1cmUgU2VydmVyIENBMB4XDTE0MDIxNjAwMDAwMFoXDTE1MDIy
NTEyMDAwMFoweTELMAkGA1UEBhMCQkUxGDAWBgNVBAgTD09vc3QtVmxhYW5kZXJl
bjETMBEGA1UEBxMKQnVnZ2VuaG91dDEaMBgGA1UEChMRVGVsZXBvcnRlbCBFdXJv
-----END CERTIFICATE-----
subject=/C=BE/ST=Oost-Vlaanderen/L=Buggenhout/O=xxx/CN=*.xxx.com
issuer=/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA
---
Acceptable client certificate CA names
/C=US/O=DigiCert Inc/CN=DigiCert Secure Server CA
---
SSL handshake has read 3446 bytes and written 138 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
Session-ID-ctx:
Master-Key: 9E1CD696455E4002546D8D657AE1456583A661735E97013531F315F1A2A0EB4247F8F998E0EC4785A916023E2CE0287A
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1408567360
Timeout : 300 (sec)
Verify return code: 0 (ok)
---3 - Then from Google Chrome/Canary connecting to do TLS:
65: IPv4. tcp or tls connected to: 82.143.92.19:60333
65: session 003000000000000002: TCP socket disconnected: 82.143.92.19:60333
65: session 003000000000000002: closed (2nd stage), user <>, local 37.187.150.74:443, remote 82.143.92.19:60333, reason: TCP socket buffer operation error (callback)
65: IPv4. tcp or tls connected to: 213.224.54.254:54748
65: session 006000000000000001: TCP socket disconnected: 213.224.54.254:54748
65: session 006000000000000001: closed (2nd stage), user <>, local 37.187.150.74:443, remote 213.224.54.254:54748, reason: TCP socket buffer operation error (callback)
^C
[root@ns429490 conf.d]# ^C
Aug 21 07:34:58 ns429490 turnserver: 26238: IPv4. tcp or tls connected to: 103.230.107.7:59950
Aug 21 07:34:58 ns429490 turnserver: 26238: session 007000000000000012: TCP socket closed remotely 103.230.107.7:59950
Aug 21 07:34:58 ns429490 turnserver: 26238: session 007000000000000012: closed (2nd stage), user <>, local 37.187.150.74:443, remote 103.230.107.7:59950, reason: TCP connection closed by client (callback)
Aug 21 07:36:16 ns429490 turnserver: 26317: session 007000000000000011: closed (2nd stage), user <root>, local 37.187.150.74:443, remote 103.230.105.28:65355, reason: allocation timeout
Aug 21 07:36:16 ns429490 turnserver: 26317: session 007000000000000011: SSL shutdown received, socket to be closed (local 37.187.150.74:443, remote 103.230.105.28:65355)
Aug 21 07:36:16 ns429490 turnserver: 26317: session 007000000000000011: delete: username=<root>Why is this happening please? (this same failed user can browse https://<same turnserver>:443 with same browser versions/network environment)
--