TL;DR I have a local webrtc demo working. I want to permit a relay between two clients that are outside the local network. I'm setting up a turn server. But, I'm unsure if my coturn is incorrectly setup, or if ports are not open, or if my webrtc client is wrong. I'm struggling with understanding where to look (tcpdump or chrome webrtc internals, or otherwise?)
Specific questions
- Should the credentials inside my peer config be username=abc, credential=123 OR username: "abc:123" (and then credential field is something else)? Here (https://www.html5rocks.com/en/tutorials/webrtc/infrastructure/) it says crendentials like this: { 'credential': 'JZEOEt2V3Qb0y27GRntt2u2PAYA=', 'username': '28224511:1379330808' }. I don't get where they get the "JZ...." for credentials string but I see username is username/password separated by a colon. Perhaps this is backend specific?
- Should tls-listening-port inside my coturn configuration file be set to 3478, or 443 (or 8443). What is that port, an admin https port? Which one should I provide to Trickle ICE?
- What should I be looking for inside the webrtc internals of Chrome or Firefox to see if authentication is passing for a webrtc connection (either with Trickle ICE or my own webrtc demo)?
- What can I look for on the server using tcpdump to see if trickle ICE is talking to my server (and see if it is a firewall issue perhaps).
Now the full details:
(I've changed my hostnames and IPs to fake ones here BTW)
I have an example webrtc app working that allows me to send and display video from two clients. It works great within a closed network using just a STUN URL.
var config = {
'iceServers': [ {'urls': 'stun:stun.l.google.com:19302'}]
};
Two different browsers send video back and forth. If I have one browser inside the firewall and then another outside, things don't work. I'm trying to get a TURN server using coturn working to relay for me with this config.
var config = {
'iceServers': [ {'urls': 'stun:stun.l.google.com:19302'}, {
'urls': 'turn:turn.example.com:3478',
username: "abc",
credential: "123",
I have one running on ubuntu with this configuration.
fingerprint
listening-ip=0.0.0.0
external-ip=34.34.34.34
listening-port=3478
tls-listening-port=443
min-port=10000
max-port=20000
log-file=/var/log/turnserver.log
verbose
user=abc:123
lt-cred-mech
I can see it is listening when I run netstat:
# netstat -anp | grep turn
...
...
I add this server:
Then, I see this:
Note: errors from onicecandidateerror above are not neccessarily fatal. For example an IPv6 DNS lookup may fail but relay candidates can still be gathered via IPv4.
That's what happens on Chrome for Linux (80.0.3987.163 (Official Build) (64-bit))
If I use Firefox, it just seems to hang (nothing is output)
Inside the JS on both platforms I see this output:
Creating new PeerConnection with config={"iceServers":[{"urls":["turn:turn.example.com:3478"],"username":"abc","credential":"123"}],"iceTransportPolicy":"relay","iceCandidatePoolSize":"0"} main.js:151:11
I attempt to sniff the packets with tcpdump and am not seeing anything with this command (but I'm no tcpdump expert!). Is this the correct command to use? What can I use to determine whether the client is at least connecting?
# tcpdump 'port 3478'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens4, link-type EN10MB (Ethernet), capture size 262144 bytes
