client data connection (and peer connection) reset by TURN server?

[Oid Tom]

I run coturn server as a tcp relay server (RFC6062) with --server-relay.

A allocate tcp relay endpoint from Server, with lifetime 600 seconds. (RA)

B connect to RA.

A connect to Server with another socket, and send CONNECTIONBIND request to bind this connection to B.

A and B connected correctly. 

A send REFRESH request through control data channel every 170 seconds.

The issue is, If there is some data sent through client_data_connection/peer_connection every 3 mins, then 

the connections will keep working. But if there is no data sent through client_data_connection/peer_connection, 

then after about 5 mins, both client_data_connection and peer_connection will be reset by Server.

(reset means  receive a RST,ACK packet)

Is this by design?  It looks like not required by RFC from my point of view.

(RFC just say, client should keep the allocation by sending REFRESH)

Or the reset is not send by coturn but by Firewall (?)

[Oleg Moskalenko]

No, there is no data connection refresh requirement in the design. I
guess that is a router problem or else. I'll see if KEEPALIVE is set
on that connection, and whether that would help.

Try sending a special "keepalive" packet over that connection.

Oleg

> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> turn-server-project-rfc57...@googlegroups.com.
> To post to this group, send email to
> turn-server-project...@googlegroups.com.
> Visit this group at
> http://groups.google.com/group/turn-server-project-rfc5766-turn-server.
> For more options, visit https://groups.google.com/d/optout.

[Oid Tom]

So coturn will not disconnect client_data_connection or peer_connection even

there is no data transfer between them?  

I checked coturn server log, there are some logs like this:

 closed (2nd stage), user <> realm <FOO.com> origin <>, local A.B.C.D:3478, remote E.F.G.H:50850, reason: allocation watchdog determined stale session state

But the port didn't match client_data_connection or peer_connection. 

So that's why I guess it might be Firewall or router. 

For KEEPALIVE, did you mean TCP keep-alive ? I'm using Ubuntu 14.10, and by default, tcp keep-alive packet will be send after 7200 seconds (2 hours).

> turn-server-project-rfc5766-turn-server+unsubscribe@googlegroups.com.

> To post to this group, send email to

> turn-server-project-rfc5766-turn-...@googlegroups.com.

[Oleg Moskalenko]

On Wed, Apr 1, 2015 at 12:01 PM, Oid Tom <oid...@gmail.com> wrote:
> So coturn will not disconnect client_data_connection or peer_connection even
> there is no data transfer between them?

no, it will not

>
> I checked coturn server log, there are some logs like this:
> closed (2nd stage), user <> realm <FOO.com> origin <>, local A.B.C.D:3478,
> remote E.F.G.H:50850, reason: allocation watchdog determined stale session
> state

Stale session state means that something is not refreshed properly by
the session. The default permission lifetime is 300 seconds; so I
suppose that has something to do with the permission refresh.

>
> But the port didn't match client_data_connection or peer_connection.
> So that's why I guess it might be Firewall or router.
>
> For KEEPALIVE, did you mean TCP keep-alive ? I'm using Ubuntu 14.10, and by
> default, tcp keep-alive packet will be send after 7200 seconds (2 hours).

Let's figure out first the refreshes, whether your session refreshes
everything properly.

>> > turn-server-project-rfc57...@googlegroups.com.

>> > To post to this group, send email to

>> > turn-server-project...@googlegroups.com.

>> > Visit this group at
>> > http://groups.google.com/group/turn-server-project-rfc5766-turn-server.
>> > For more options, visit https://groups.google.com/d/optout.
>

> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to

> turn-server-project-rfc57...@googlegroups.com.

> To post to this group, send email to

> turn-server-project...@googlegroups.com.

[Oid Tom]

Thanks Oleg. 

I verified that connections are reset by firewall (F5, default tcp idle-time is 300 seconds), 

not by coturn. (That's what I want to know).

for "stale session", since I set server-relay parameter, the permission shouldn't be checked.

and I believe without firewall, everything works fine. (Not sure where there are logs like that. )

Thanks for your help!

>> > turn-server-project-rfc5766-turn-server+unsubscribe@googlegroups.com.

>> > To post to this group, send email to

>> > turn-server-project-rfc5766-turn-...@googlegroups.com.

>> > Visit this group at
>> > http://groups.google.com/group/turn-server-project-rfc5766-turn-server.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to

> turn-server-project-rfc5766-turn-server+unsubscribe@googlegroups.com.

> To post to this group, send email to

> turn-server-project-rfc5766-turn-...@googlegroups.com.