Re: [RFC5766-TURN-SERVER 2291] coturn tls listener not starting

383 views
Skip to first unread message

Oleg Moskalenko

unread,
Sep 24, 2016, 11:21:34 PM9/24/16
to Paul Davies, TURN Server (Open-Source project)
I tried a similar config and it works fine.

Try to turn on stdout logs (remove no-stdout-log) and see what the
output messages are saying.


On Wed, Sep 21, 2016 at 4:54 AM, Paul Davies <paul....@uxpro.be> wrote:
> I cannot get coturn to tls listen and there is nothing in the log saying why
> it doesn't start - any ideas would be very much appreciated!!!
>
> server is debian vm on google cloud
>
> here is the config:
>
> verbose
> listening-port=80
> tls-listening-port=443
> listening-ip=10.0.0.3
> relay-ip=10.0.0.3
> external-ip=[my external ip]/10.0.0.3
> realm=[my domain]
> server-name=[dns name]
> fingerprint
> lt-cred-mech
> userdb=/etc/turnuserdb.conf
> cert=/etc/turn_server_cert.pem
> pkey=/etc/turn_server_pkey.pem
> no-stdout-log
>
> the cert and pkey are rapidssl ssl cert
>
> the log:
>
> 0: log file opened: /var/log/turn_494_2016-09-21.log
> 0: pid file created: /var/run/turnserver.pid
> 0: IO method (main listener thread): epoll (with changelist)
> 0: WARNING: I cannot support STUN CHANGE_REQUEST functionality because only
> one IP address is provided
> 0: Wait for relay ports initialization...
> 0: relay 10.0.0.3 initialization...
> 0: relay 10.0.0.3 initialization done
> 0: Relay ports initialization done
> 0: IO method (general relay thread): epoll (with changelist)
> 0: turn server id=0 created
> 0: IPv4. UDP listener opened on: 10.0.0.3:80
> 0: IPv4. TCP listener opened on : 10.0.0.3:80
> 0: Total UDP servers: 1
> 0: Total General servers: 1
> 0: IO method (cli thread): epoll (with changelist)
> 0: IPv4. CLI listener opened on : 127.0.0.1:5766
> 0: IO method (auth thread): epoll (with changelist)
>
> the server is working fine on port 80 but does not listen on 443 (tested
> here :
> https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/)
>
> thanks!!!
>
> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> turn-server-project-rfc57...@googlegroups.com.
> To post to this group, send email to
> turn-server-project...@googlegroups.com.
> Visit this group at
> https://groups.google.com/group/turn-server-project-rfc5766-turn-server.
> For more options, visit https://groups.google.com/d/optout.

Paul Davies

unread,
Sep 25, 2016, 2:36:33 AM9/25/16
to TURN Server (Open-Source project)
I solved my problem - I changed the name of the cert and key files to be the host name

Not working:

cert=/etc/turn_server_cert.pem
pkey=/etc/turn_server_pkey.pem

working

cert=/etc/my.server.com.crt
pkey=/etc/my.server.com.key


Note - I have copies on disk with both file names but only the second config worked. There was nothing in the logs saying that the crt / key could not be found even with Verbose
> To post to this group, send email to

Oleg Moskalenko

unread,
Sep 25, 2016, 3:10:05 AM9/25/16
to Paul Davies, TURN Server (Open-Source project)
may be wrong versions of the files were found. Check your disk for those files.

Oleg
>> > turn-server-project-rfc57...@googlegroups.com.
>> > To post to this group, send email to
>> > turn-server-project...@googlegroups.com.
> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> turn-server-project-rfc57...@googlegroups.com.
> To post to this group, send email to
> turn-server-project...@googlegroups.com.

Paul Davies

unread,
Sep 25, 2016, 3:13:37 AM9/25/16
to Oleg Moskalenko, TURN Server (Open-Source project)
Its the same files - I just changed the names - by changing the file names it worked


>> > To post to this group, send email to

>> > Visit this group at
>> > https://groups.google.com/group/turn-server-project-rfc5766-turn-server.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to

> To post to this group, send email to



--
animatiePaul Davies
Co-founder
+32 478 963917 - uxpro.be 

Super powered web usability tests!
   
Check out our blog at blog.uxpro.be

BE97 3631 1639 1249 - VAT 0521.925.326

Oleg Moskalenko

unread,
Sep 25, 2016, 3:15:37 AM9/25/16
to Paul Davies, TURN Server (Open-Source project)
Look in your installation directory:

examples/etc/turn_server_cert.pem




>> > Visit this group at
>> > https://groups.google.com/group/turn-server-project-rfc5766-turn-server.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> turn-server-project-rfc5766-turn-server+unsubscribe@googlegroups.com.
> To post to this group, send email to

Paul Davies

unread,
Sep 25, 2016, 3:27:31 AM9/25/16
to Oleg Moskalenko, TURN Server (Open-Source project)
yes - that file is there - I know because I did this

cd /etc
cp turn_server_cert.pem my.server.com.crt

Change this
cert=/etc/turn_server_cert.pem

to 

cert=/etc/my.server.com.crt

then it worked

Paul
Reply all
Reply to author
Forward
0 new messages