Coturn simple installation on Ubuntu does not work
1,025 views
Skip to first unread message
Kfir Arbel
Jul 19, 2022, 5:30:00 AM7/19/22
to TURN Server (Open-Source project)
I am new to Ubuntu but not to programming.
I have followed the Coturn installation instructions:
What am I missing something? because even the trickle-ICE return 701,
Did not helped : disabling the VFW and use ip instead of domain name.
The coturn.service is active(running)
What are my guesses:
Do I need to create "user"&password somewhere in the system or "proc-user"?
I have inserted
TURNSERVER_ENABLED=1 to /etc/default/coturn
This is my /etc/turnserver.conf:
# /etc/turnserver.conf
# STUN server port is 3478 for UDP and TCP, and 5349 for TLS.
# Allow connection on the UDP port 3478
listening-port=3478
# and 5349 for TLS (secure)
tls-listening-port=5349
# Require authentication
fingerprint
lt-cred-mech
# We will use the longterm authentication mechanism, but if
# you want to use the auth-secret mechanism, comment lt-cred-mech and
# uncomment use-auth-secret
# Check: https://github.com/coturn/coturn/issues/180#issuecomment-364363272
#The static auth secret needs to be changed, in this tutorial
# we'll generate a token using OpenSSL
# use-auth-secret
# static-auth-secret=replace-this-secret
# ----
# If you decide to use use-auth-secret, After saving the changes, change the auth-secret using the following command:
# sed -i "s/replace-this-secret/$(openssl rand -hex 32)/" /etc/turnserver.conf
# This will replace the replace-this-secret text on the file with the generated token using openssl.
# Specify the server name and the realm that will be used
# if is your first time configuring, just use the domain as name
server-name=mydomain.com
realm=mydomain.com
# Important:
# Create a test user if you want
# You can remove this user after testing
user=guest:somepassword
total-quota=100
stale-nonce=600
# Path to the SSL certificate and private key. In this example we will use
# the letsencrypt generated certificate files.
cert=/etc/letsencrypt/live/mydomain.com/cert.pem
pkey=/etc/letsencrypt/live/mydomain.com/privkey.pem
# Specify the allowed OpenSSL cipher list for TLS/DTLS connections
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
# Specify the process user and group
proc-user=turnserver
proc-group=turnserver
# STUN server port is 3478 for UDP and TCP, and 5349 for TLS.
# Allow connection on the UDP port 3478
listening-port=3478
# and 5349 for TLS (secure)
tls-listening-port=5349
# Require authentication
fingerprint
lt-cred-mech
# We will use the longterm authentication mechanism, but if
# you want to use the auth-secret mechanism, comment lt-cred-mech and
# uncomment use-auth-secret
# Check: https://github.com/coturn/coturn/issues/180#issuecomment-364363272
#The static auth secret needs to be changed, in this tutorial
# we'll generate a token using OpenSSL
# use-auth-secret
# static-auth-secret=replace-this-secret
# ----
# If you decide to use use-auth-secret, After saving the changes, change the auth-secret using the following command:
# sed -i "s/replace-this-secret/$(openssl rand -hex 32)/" /etc/turnserver.conf
# This will replace the replace-this-secret text on the file with the generated token using openssl.
# Specify the server name and the realm that will be used
# if is your first time configuring, just use the domain as name
server-name=mydomain.com
realm=mydomain.com
# Important:
# Create a test user if you want
# You can remove this user after testing
user=guest:somepassword
total-quota=100
stale-nonce=600
# Path to the SSL certificate and private key. In this example we will use
# the letsencrypt generated certificate files.
cert=/etc/letsencrypt/live/mydomain.com/cert.pem
pkey=/etc/letsencrypt/live/mydomain.com/privkey.pem
# Specify the allowed OpenSSL cipher list for TLS/DTLS connections
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
# Specify the process user and group
proc-user=turnserver
proc-group=turnserver
Pavel Punsky
Jul 21, 2022, 3:55:10 PM7/21/22
to TURN Server (Open-Source project)
Can you post an exact error and logs from coturn side?
Please check that the ports are open in FW (3478 UDP and 5349 TCP - like in your configuration) and also the ephemeral range
You might also want to configure min-port/max-port according to the allowed ephemeral range of Ubuntu
You may also need to set --external-ip in some scenarios (when running in the cloud)
Kfir Arbel
Jul 22, 2022, 3:40:53 AM7/22/22
to TURN Server (Open-Source project)
Why this is marked as abuse? It has been marked as abuse.
Report not abuse
Hi,
0: Domain name:
0: Default realm: xxxxx.com
0: ERROR:
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
0: SSL23: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: SSL23: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.0: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: TLS1.0: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.1: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: TLS1.1: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.2: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: TLS1.2: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS cipher suite: ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384
0: DTLS: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: DTLS: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: DTLS1.2: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: DTLS1.2: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: DTLS cipher suite: ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 8xxx..xxxx.xxx
0: Listener address to use: ::1
0: =====================================================
0: Total: 2 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 127.0.0.1
0: Relay address to use: 8xxx..xxxx.xxx
0: Relay address to use: ::1
0: =====================================================
0: Total: 3 relay addresses discovered
0: =====================================================
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0: relay 127.0.0.1 initialization...
0: relay 127.0.0.1 initialization done
0: relay 8xxx..xxxx.xxx initialization...
0: relay 8xxx..xxxx.xxx initialization done
0: relay ::1 initialization...
0: relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5349
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5350
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=2 created
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5349
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5350
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5349
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5350
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=3 created
socket: Protocol not supported
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
socket: Protocol not supported
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3479
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
socket: Protocol not supported
0: Cannot create TLS listener
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5349
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5350
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5350
socket: Protocol not supported
0: IPv4. DTLS/UDP listener opened on: 8xxx..xxxx.xxx:3478
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. DTLS/UDP listener opened on: 8xxx..xxxx.xxx:3479
0: IPv6. TLS/TCP listener opened on : ::1:5349
socket: Protocol not supported
0: IPv4. DTLS/UDP listener opened on: 8xxx..xxxx.xxx:5349
0: IPv6. TLS/TCP listener opened on : ::1:5350
0: IPv4. DTLS/UDP listener opened on: 8xxx..xxxx.xxx:5350
0: IPv6. DTLS/UDP listener opened on: ::1:3478
0: IPv6. DTLS/UDP listener opened on: ::1:3479
0: IPv6. DTLS/UDP listener opened on: ::1:5349
0: IPv6. DTLS/UDP listener opened on: ::1:5350
0: Total General servers: 4
0: IO method (admin thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/lib/turn/turndb
0: New GID: turnserver(115)
0: New UID: turnserver(110)
thanks for your time.
I am not running on the cloud - I have a virtual Ubuntu server.
I found somewhere this error log:
0: Domain name:
0: Default realm: xxxxx.com
0: ERROR:
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
0: SSL23: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: SSL23: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.0: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: TLS1.0: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.1: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: TLS1.1: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS1.2: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: TLS1.2: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: TLS cipher suite: ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384
0: DTLS: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: DTLS: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: DTLS1.2: Certificate file found: /etc/letsencrypt/live/xxxxx.com/cert.pem
0: DTLS1.2: Private key file found: /etc/letsencrypt/live/xxxxx.com/privkey.pem
0: ERROR: set_ctx: ERROR: cannot set DH
0: DTLS cipher suite: ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 8xxx..xxxx.xxx
0: Listener address to use: ::1
0: =====================================================
0: Total: 2 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 127.0.0.1
0: Relay address to use: 8xxx..xxxx.xxx
0: Relay address to use: ::1
0: =====================================================
0: Total: 3 relay addresses discovered
0: =====================================================
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0: relay 127.0.0.1 initialization...
0: relay 127.0.0.1 initialization done
0: relay 8xxx..xxxx.xxx initialization...
0: relay 8xxx..xxxx.xxx initialization done
0: relay ::1 initialization...
0: relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5349
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5350
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=2 created
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5349
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5350
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5349
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5350
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5349
socket: Protocol not supported
0: IPv6. TLS/TCP listener opened on : ::1:5350
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=3 created
socket: Protocol not supported
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
socket: Protocol not supported
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3479
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
socket: Protocol not supported
0: Cannot create TLS listener
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5349
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5350
socket: Protocol not supported
0: IPv4. TLS/TCP listener opened on : 8xxx..xxxx.xxx:5350
socket: Protocol not supported
0: IPv4. DTLS/UDP listener opened on: 8xxx..xxxx.xxx:3478
0: Cannot create TLS listener
socket: Protocol not supported
0: Cannot create TLS listener
socket: Protocol not supported
0: IPv4. DTLS/UDP listener opened on: 8xxx..xxxx.xxx:3479
0: IPv6. TLS/TCP listener opened on : ::1:5349
socket: Protocol not supported
0: IPv4. DTLS/UDP listener opened on: 8xxx..xxxx.xxx:5349
0: IPv6. TLS/TCP listener opened on : ::1:5350
0: IPv4. DTLS/UDP listener opened on: 8xxx..xxxx.xxx:5350
0: IPv6. DTLS/UDP listener opened on: ::1:3478
0: IPv6. DTLS/UDP listener opened on: ::1:3479
0: IPv6. DTLS/UDP listener opened on: ::1:5349
0: IPv6. DTLS/UDP listener opened on: ::1:5350
0: Total General servers: 4
0: IO method (admin thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/lib/turn/turndb
0: New GID: turnserver(115)
0: New UID: turnserver(110)
Pavel Punsky
Jul 23, 2022, 11:55:03 PM7/23/22
to TURN Server (Open-Source project)
Why this is marked as abuse? It has been marked as abuse.
Report not abuse
I see 2 things in the log:
1. DH parameters missing (see https://github.com/coturn/coturn/issues/629 - try generating dh_params file and add it to configuration)
2. Listener addresses are: ::1, 127.0.0.1, 8xxx..xxxx.xxx - which means only 8xxx..xxxx.xxx can be used (potentially). Since it is a VM, depending on configuration, it might be only internal IP that is not accessible externally. Make sure this is the address but also that you can reach the VM using this IP (can you ssh into it?)
Reply all
Reply to author
Forward
0 new messages