TURN not working, blank screen for easyRTC.

[Ristar .]

Hello,

The following is my network configuration:

Network 1

========

PC (Peer) + VM Ubuntu on Bridged Connection (easyRTC server)

Network 2

========

PC (Peer)

The ports 8080, 8443, 3478, 3479 and 3480 are forwarded to the VM Ubuntu, and Networks 1 and 2 can only communicate through the internet, and the iptable has been set on the VM Ubuntu.

I am trying to set up a WebRTC connection between the 2 peers in the different networks using easyRTC.

The TURN is not working for me, because all it shows is a blank screen for the video/webcam function. I use the following command to start the TURN server:

./turnserver -p 3480 -z -X a.b.c.d -E a.b.c.d

... where a.b.c.d is the public IP address of Network 1.

What would be the correct command for the following easyRTC TURN declaration:

{url: "turn:@a.b.c.d"}

Please help.

Thank you.

[Oleg Moskalenko]

I'd like to warn you that you will have to go through the wireshark traces yourself and figure out which packet goes where and why it is not working. You will have to understand the whole topology and how it works.

We can only provide some hints to you:

1) WebRTC requires long-term credentials security. I do not see in your command line anything about that. You have to set user accounts in one of different ways allowed by the TURN server.

2) Why you are using public IP with -E option if your server is behind a NAT ? It has to be something like ... -X <public-ip> -E <real-internal-ip> .

3) Using a PC peer on the same system as the TURN server, as far as I understand, is not supported by WebRTC and has also problems in regard to network topology. You will have a separate VM with PC peer, I guess.

4) Why you are using -p 3480 ? The default TURN port is 3478, and WebRTC uses it by default. Why make things more complicated ? They are already complicated.

Regards,
Oleg

[Ristar .]

Hello,

My aim is to get the TURN working first, credentials can come later.

1. What input is acceptable by the TURN server?

2. Thank you for your correction.

3. I have just run it from a separate peer from Network 1. The problem still persists.

4. I did that initially to provide for easyRTC's own STUN.js server. I have just removed "-p 3480" but the black screen problem still persists.

The network is now:

Network 1

========

PC(Peer)

VM Ubuntu (easyRTC server)

Network 2

========

PC(Peer)

easyRTC's configuration remains the same, while the command line to start the TURN server is

./turnserver -z -X a.b.c.d -E 192.168.1.225

The blank screen problem still persists. What command must I use to start the TURN server to configure it properly?

Thank you.

[Oleg Moskalenko]

Ristar, one more time: you have to set the long-term credentials. Without them, the WebRTC will not recognize and will not use your TURN server. WebRTC browser ignores the TURN server if it does not challenge the browser with long-term credentials. The user accounts come first, everything else is next.

[Oleg Moskalenko]

3. I have just run it from a separate peer from Network 1. The problem still persists.

As I said before, you have to have three separate different networks - for Peer 1, Peer 2 and TURN server. Otherwise, it can be rather tricky.

[Ristar .]

Hello,

Unfortunately, I only have 2 networks to use, so please bear with me.

I have just set up a user account using:

./turnadmin -k -u webRTCUser -r easyRTC -p password

I have also included turn_server_cert.pem and turn_server_pkey.pem in the /etc/ folder.

However, when I start the TURN server using the following:

./turnserver -X a.b.c.d -E 192.168.1.225

The TURN server tells me that it's the wrong user account, and the TLS and DTLS cipher suite are ALL:eNULL:aNULL:NULL.

When I use Network 2's PC to try to use easyRTC, I see handle_relay_message printed. That's definitely something new.

However, the screen for easyRTC is still blank.

What am I doing wrong?

Thank you for your patience.

[Oleg Moskalenko]

Ristar, please see below:

On Wednesday, August 28, 2013 12:41:32 AM UTC-7, Ristar . wrote:

Hello,

Unfortunately, I only have 2 networks to use, so please bear with me.

if it is known that it will not work anyway with co-located peer and TURN server (in webrtc case), then what is the point ?
 

I have just set up a user account using:

./turnadmin -k -u webRTCUser -r easyRTC -p password

this command just generates the key and sends it to the standard output. You have to use a different command to actually generate a user (in the flat file, or in database).
 

I have also included turn_server_cert.pem and turn_server_pkey.pem in the /etc/ folder.

You do not need it because you are not using TLS or DTLS.
 

However, when I start the TURN server using the following:

./turnserver -X a.b.c.d -E 192.168.1.225

You have to add -a option for long-term credentials and to add the users to your database or a flat file. There are examples of the command line for WebRTC usage in the wiki and in the WebRTC links on the first page of the project.
 

The TURN server tells me that it's the wrong user account, and the TLS and DTLS cipher suite are ALL:eNULL:aNULL:NULL.

The suites are OK, but you are not using it anyway, right ?
 

When I use Network 2's PC to try to use easyRTC, I see handle_relay_message printed. That's definitely something new.

However, the screen for easyRTC is still blank.

That only wireshark will tell you why.
 

What am I doing wrong?

Thank you for your patience.

Ristar, this forum is for general questions  and for problems. In your case, there is no problem; you just have to read the supplied documentation and the wiki pages where WebRTC configuration is described. Also, there are links on the first page of the project with information about TURN server configuration with WebRTC. You cannot avoid reading the docs - this is a simple tool but the configuration may not be trivial.

Best regards,
OIeg