Trying to make a STUN only server work with WebRTC

[Thanasis Polychronakis]

Hi everyone,

new and noob with turn-server, i am trying to create a working setup on my local machine (osx maverics) with a STUN-only setup.

I have build & installed turnserver as a user, using relative paths, so no superuser (system wide) installation.

I created a plain turnserver.conf file following all the guides and instructions, although not much is said about a STUN-only server, most of the guides are targeted at creating a TURN server... Here's my turnserver.conf:

verbose

fingerprint

stun-only

When i point the Chrome browser to the stun server, i see no ICE candidates produced, and i read those lines in the server's log:

156: handle_turn_command: user <>: request BINDING processed, error 0

159: TURN connection closed (non-mobile pattern), user <>

166: handle_turn_command: user <>: request BINDING processed, error 0

169: TURN connection closed (non-mobile pattern), user <>

176: handle_turn_command: user <>: request BINDING processed, error 0

179: TURN connection closed (non-mobile pattern), user <>

I can see a couple of packets in WireShark: http://than.pol.as/TQCN but that's  all...

So, apparently my setup does not work, that's one issue, and i have a few more noob questions for setting up a STUN-only server:

1. Is any of the auth schemes required for STUN-only to work? (long-term / short-term) i understand that they are required for TURN, but STUN?

1.2 So if an auth scheme is required, what other options do i need to activate? (realm for e.g.?)

2. Is any persistent storage required for STUN-only? I tried setting up redis, it kind worked but i have a few followup questions:

2.2 The default Connection string for redis requires a password and a dbname, if i have no password is it ok to omit the param? Redis has no concept of dbname, what value should be there?

3. Do i need to activate the mobility option for STUN-only? 

Thank you

[Oleg Moskalenko]

I guess your TURN server works fine, and you have no candidates for other reasons. 

See below:

On Jan 17, 2014, at 8:20 AM, Thanasis Polychronakis <than...@gmail.com> wrote:

Hi everyone,

new and noob with turn-server, i am trying to create a working setup on my local machine (osx maverics) with a STUN-only setup.

I have build & installed turnserver as a user, using relative paths, so no superuser (system wide) installation.

I created a plain turnserver.conf file following all the guides and instructions, although not much is said about a STUN-only server, most of the guides are targeted at creating a TURN server... Here's my turnserver.conf:

verbose

fingerprint

stun-only

When i point the Chrome browser to the stun server, i see no ICE candidates produced, and i read those lines in the server's log:

156: handle_turn_command: user <>: request BINDING processed, error 0

159: TURN connection closed (non-mobile pattern), user <>

166: handle_turn_command: user <>: request BINDING processed, error 0

169: TURN connection closed (non-mobile pattern), user <>

176: handle_turn_command: user <>: request BINDING processed, error 0

179: TURN connection closed (non-mobile pattern), user <>

that a good log, no errors

I can see a couple of packets in WireShark: http://than.pol.as/TQCN but that's  all...

So, apparently my setup does not work, that's one issue, and i have a few more noob questions for setting up a STUN-only server:

1. Is any of the auth schemes required for STUN-only to work? (long-term / short-term) i understand that they are required for TURN, but STUN?

no

1.2 So if an auth scheme is required, what other options do i need to activate? (realm for e.g.?)

2. Is any persistent storage required for STUN-only? I tried setting up redis, it kind worked but i have a few followup questions:

no

2.2 The default Connection string for redis requires a password and a dbname, if i have no password is it ok to omit the param? Redis has no concept of dbname, what value should be there?

3. Do i need to activate the mobility option for STUN-only? 

no

Thank you

--
You received this message because you are subscribed to the Google Groups "TURN Server project rfc5766-turn-server" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To post to this group, send email to turn-server-project...@googlegroups.com.
Visit this group at http://groups.google.com/group/turn-server-project-rfc5766-turn-server.
For more options, visit https://groups.google.com/groups/opt_out.

[Thanasis Polychronakis]

thank you Oleg, that cleared things for me a bit...

So my next question is how can i read the outcome for each client that attempts a STUN op?

[Oleg Moskalenko]

Just run the wireshark between the client and the TURN server and decode the messages as "STUN".

On Jan 17, 2014, at 10:17 AM, Thanasis Polychronakis <than...@gmail.com> wrote:

thank you Oleg, that cleared things for me a bit...

So my next question is how can i read the outcome for each client that attempts a STUN op?

[Thanasis Polychronakis]

hmmm that's not practical for piping this information to another app i am working on... 

any other alternatives?

[Oleg Moskalenko]

I am not that I understand your question.

If you are using a STUN client library, you must be able to read the outcome.

On Jan 17, 2014, at 10:19 AM, Thanasis Polychronakis <than...@gmail.com> wrote:

hmmm that's not practical for piping this information to another app i am working on... 

any other alternatives?

[Thanasis Polychronakis]

the STUN client is a browser using RTCPeerConnection, there are not much reported from that end.

I am interested in getting the connectivity outcome, is the client behind a NAT? Which type of NAT. I think it is more reliable to get this information from a STUN server i control.

What would you do?

[Oleg Moskalenko]

No, this is not the right way to do. First, the STUN server does not know whether you are behind a NAT. Second, the STUN operation is sessionless. It serves your request and immediately forgets about you.

TURN is another story.

[Thanasis Polychronakis]

So would my task be served by using a TURN server instead? how would i go about logging / piping the per client information?

---

Thanasis Polychronakis

http://thanpol.as/

[Oleg Moskalenko]

STUN and TURN servers is the same entity but two protocols behave differently.

I'd suggest to read how both protocols work. Then I suppose that you will have answers to your questions.

What you are asking as far as I understand is distributing information from client A to client B. That is not possible. from the server side. That is done by the ICE process.

[Thanasis Polychronakis]

There is only a single client involved. The task is to determine the connectivity status of this client (browser), is it behind a NAT? What type of NAT? Can it accept remote connections? My original impression by reading the wikipedia article on STUN was that was determined during a STUN operation as illustrated in the STUN algorithm figure:

Another route i am exploring is piggybacking on ICE as implemented by WebRTC.  I posed the question from the WebRTC, ICE Candidates perspective at stackoverflow...

I'm looking towards any direction but have yet to come with a reliable solution...

[Oleg Moskalenko]

The client application determines the connectivity status. All the information that you are asking is the client-side information. In STUN, the server responsibility is limited, it does not have much of comprehensive information. It actually does not care about things like NAT.