Re: [RFC5766-TURN-SERVER 2291] coturn tls listener not starting

[Oleg Moskalenko]

I tried a similar config and it works fine.

Try to turn on stdout logs (remove no-stdout-log) and see what the
output messages are saying.


On Wed, Sep 21, 2016 at 4:54 AM, Paul Davies <paul....@uxpro.be> wrote:
> I cannot get coturn to tls listen and there is nothing in the log saying why
> it doesn't start - any ideas would be very much appreciated!!!
>
> server is debian vm on google cloud
>
> here is the config:
>
> verbose
> listening-port=80
> tls-listening-port=443
> listening-ip=10.0.0.3
> relay-ip=10.0.0.3
> external-ip=[my external ip]/10.0.0.3
> realm=[my domain]
> server-name=[dns name]
> fingerprint
> lt-cred-mech
> userdb=/etc/turnuserdb.conf
> cert=/etc/turn_server_cert.pem
> pkey=/etc/turn_server_pkey.pem
> no-stdout-log
>
> the cert and pkey are rapidssl ssl cert
>
> the log:
>
> 0: log file opened: /var/log/turn_494_2016-09-21.log
> 0: pid file created: /var/run/turnserver.pid
> 0: IO method (main listener thread): epoll (with changelist)
> 0: WARNING: I cannot support STUN CHANGE_REQUEST functionality because only
> one IP address is provided
> 0: Wait for relay ports initialization...
> 0: relay 10.0.0.3 initialization...
> 0: relay 10.0.0.3 initialization done
> 0: Relay ports initialization done
> 0: IO method (general relay thread): epoll (with changelist)
> 0: turn server id=0 created
> 0: IPv4. UDP listener opened on: 10.0.0.3:80
> 0: IPv4. TCP listener opened on : 10.0.0.3:80
> 0: Total UDP servers: 1
> 0: Total General servers: 1
> 0: IO method (cli thread): epoll (with changelist)
> 0: IPv4. CLI listener opened on : 127.0.0.1:5766
> 0: IO method (auth thread): epoll (with changelist)
>
> the server is working fine on port 80 but does not listen on 443 (tested
> here :
> https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/)
>
> thanks!!!
>
> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> turn-server-project-rfc57...@googlegroups.com.
> To post to this group, send email to
> turn-server-project...@googlegroups.com.
> Visit this group at
> https://groups.google.com/group/turn-server-project-rfc5766-turn-server.
> For more options, visit https://groups.google.com/d/optout.

[Paul Davies]

I solved my problem - I changed the name of the cert and key files to be the host name

Not working:

cert=/etc/turn_server_cert.pem

pkey=/etc/turn_server_pkey.pem

working

cert=/etc/my.server.com.crt

pkey=/etc/my.server.com.key

Note - I have copies on disk with both file names but only the second config worked. There was nothing in the logs saying that the crt / key could not be found even with Verbose

> turn-server-project-rfc5766-turn-server+unsubscribe@googlegroups.com.

> To post to this group, send email to

> turn-server-project-rfc5766-turn-...@googlegroups.com.

[Oleg Moskalenko]

may be wrong versions of the files were found. Check your disk for those files.

Oleg

>> > turn-server-project-rfc57...@googlegroups.com.

>> > To post to this group, send email to

>> > turn-server-project...@googlegroups.com.

>> > Visit this group at
>> > https://groups.google.com/group/turn-server-project-rfc5766-turn-server.
>> > For more options, visit https://groups.google.com/d/optout.
>

> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to

> turn-server-project-rfc57...@googlegroups.com.

> To post to this group, send email to

> turn-server-project...@googlegroups.com.

[Paul Davies]

Its the same files - I just changed the names - by changing the file names it worked

>> > turn-server-project-rfc5766-turn-server+unsubscribe@googlegroups.com.

>> > To post to this group, send email to

>> > turn-server-project-rfc5766-turn-...@googlegroups.com.

>> > Visit this group at
>> > https://groups.google.com/group/turn-server-project-rfc5766-turn-server.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to

> turn-server-project-rfc5766-turn-server+unsubscribe@googlegroups.com.

> To post to this group, send email to

> turn-server-project-rfc5766-turn-...@googlegroups.com.

> Visit this group at
> https://groups.google.com/group/turn-server-project-rfc5766-turn-server.
> For more options, visit https://groups.google.com/d/optout.

--

Paul Davies Co-founder +32 478 963917 - uxpro.be  Super powered web usability tests!

Check out our blog at blog.uxpro.be

BE97 3631 1639 1249 - VAT 0521.925.326

[Oleg Moskalenko]

Look in your installation directory:

examples/etc/turn_server_cert.pem

>> > turn-server-project-rfc5766-turn-s...@googlegroups.com.

>> > Visit this group at
>> > https://groups.google.com/group/turn-server-project-rfc5766-turn-server.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> turn-server-project-rfc5766-turn-server+unsubscribe@googlegroups.com.
> To post to this group, send email to

> turn-server-project-rfc5766-turn-s...@googlegroups.com.

> Visit this group at
> https://groups.google.com/group/turn-server-project-rfc5766-turn-server.
> For more options, visit https://groups.google.com/d/optout.

[Paul Davies]

yes - that file is there - I know because I did this

cd /etc

cp turn_server_cert.pem my.server.com.crt

Change this

cert=/etc/turn_server_cert.pem

to 

cert=/etc/my.server.com.crt

then it worked

Paul