WebRTC: CoTurn can't relay streams - webrtc

We setup CoTurn on a cloud VM. Then we test it with our WebRTC demo website. We find that it can't relay streams, which means the two sides of the WebRTC demo can't connect to each other when they are in different subnet.
The following things has been done according to the investigation:
We are using CoTurn 4.5.1.1 on Ubuntu 20.04. CoTurn is installed by apt-get.
The realm is set in turnserver.conf and the account which created by turnadmin is bound with the realm.
Inbound UDP ports 1 ~ 65535 are opened in cloud VM. We use netcat to listen to udp:50000 in the VM and send some data on the PC at home, the data can be received.
The WebRTC demo website works when both of the sides reside in the same subnet.
This is the turnserver.conf:
listening-device=eth0
listening-port=3478
tls-listening-port=5349
listening-ip=172.16.9.209
relay-ip=172.16.9.209
external-ip=8.136.83.163
server-name=turn.locationbackbone.top
realm=turn.locationbackbone.top
log-file=/var/log/turn.log
cert=/etc/turn_server_cert.pem
pkey=/etc/turn_server_pkey.pem
fingerprint
lt-cred-mech
user=Jim:Jim
verbose
This is the setup of the WebRTC demo:
const peerConnection = new RTCPeerConnection({
iceServers: [{
urls: 'turn:turn.locationbackbone.top:3478',
username: 'Jim',
credential: 'Jim'
}]
});
This is the log from CoTurn:
18: handle_udp_packet: New UDP endpoint: local addr 172.16.9.209:3478, remote addr 58.39.2.24:22246
18: session 000000000000000001: realm <turn.locationbackbone.top> user <>: incoming packet BINDING processed, success
18: session 000000000000000001: realm <turn.locationbackbone.top> user <>: incoming packet message processed, error 401: Unauthorized
18: handle_udp_packet: New UDP endpoint: local addr 172.16.9.209:3478, remote addr 58.39.2.24:22247
18: session 000000000000000002: realm <turn.locationbackbone.top> user <>: incoming packet BINDING processed, success
18: session 000000000000000002: realm <turn.locationbackbone.top> user <>: incoming packet message processed, error 401: Unauthorized
18: IPv4. Local relay addr: 172.16.9.209:58189
18: session 000000000000000002: new, realm=<turn.locationbackbone.top>, username=<Jim>, lifetime=600
18: session 000000000000000002: realm <turn.locationbackbone.top> user <Jim>: incoming packet ALLOCATE processed, success
18: IPv4. Local relay addr: 172.16.9.209:53152
18: session 000000000000000001: new, realm=<turn.locationbackbone.top>, username=<Jim>, lifetime=600
18: session 000000000000000001: realm <turn.locationbackbone.top> user <Jim>: incoming packet ALLOCATE processed, success
19: session 000000000000000001: refreshed, realm=<turn.locationbackbone.top>, username=<Jim>, lifetime=0
19: session 000000000000000001: realm <turn.locationbackbone.top> user <Jim>: incoming packet REFRESH processed, success
19: handle_udp_packet: New UDP endpoint: local addr 172.16.9.209:3478, remote addr 182.139.173.74:49318
19: session 000000000000000003: realm <turn.locationbackbone.top> user <>: incoming packet BINDING processed, success
19: session 000000000000000003: realm <turn.locationbackbone.top> user <>: incoming packet message processed, error 401: Unauthorized
19: IPv4. Local relay addr: 172.16.9.209:64834
19: session 000000000000000003: new, realm=<turn.locationbackbone.top>, username=<Jim>, lifetime=600
19: session 000000000000000003: realm <turn.locationbackbone.top> user <Jim>: incoming packet ALLOCATE processed, success
19: session 000000000000000002: peer 182.139.173.74 lifetime updated: 300
19: session 000000000000000002: realm <turn.locationbackbone.top> user <Jim>: incoming packet CREATE_PERMISSION processed, success
19: session 000000000000000002: peer 172.16.9.209 lifetime updated: 300
19: session 000000000000000002: realm <turn.locationbackbone.top> user <Jim>: incoming packet CREATE_PERMISSION processed, success
20: session 000000000000000001: usage: realm=<turn.locationbackbone.top>, username=<Jim>, rp=4, rb=272, sp=4, sb=436
20: session 000000000000000001: closed (2nd stage), user <Jim> realm <turn.locationbackbone.top> origin <>, local 172.16.9.209:3478, remote 58.39.2.24:22246, reason: allocation timeout
20: session 000000000000000001: delete: realm=<turn.locationbackbone.top>, username=<Jim>
This is the 'ICE candidate grid' from chrome://webrtc-internals:
RTCIceCandidatePair_pNDACBB9_Rh5SDnOq in-progress wifi udp 0x27c1eff04fe3e00 0 / 0 31 / 0 0 / 0 11:21:10 AM
RTCIceCandidate_pNDACBB9 local-candidate 8.136.83.163 58189 relay(udp) 0x27c1eff
RTCIceCandidate_Rh5SDnOq remote-candidate 8.136.83.163 64834 relay 0x27f1eff
We use tshark to capture the traffic of the server.
58.39.2.24 172.16.9.209 25230 3478 STUN Binding Request
58.39.2.24 172.16.9.209 25231 3478 STUN Binding Request
172.16.9.209 58.39.2.24 3478 25230 STUN Binding Success Response XOR-MAPPED-ADDRESS: 58.39.2.24:25230 MAPPED-ADDRESS: 58.39.2.24:25230 RESPONSE-ORIGIN: 8.136.83.163:3478
172.16.9.209 58.39.2.24 3478 25231 STUN Binding Success Response XOR-MAPPED-ADDRESS: 58.39.2.24:25231 MAPPED-ADDRESS: 58.39.2.24:25231 RESPONSE-ORIGIN: 8.136.83.163:3478
58.39.2.24 172.16.9.209 25231 3478 STUN Allocate Request UDP
172.16.9.209 58.39.2.24 3478 25231 STUN Allocate Error Response error-code: 401 (Unauthorized) Unauthorized with nonce realm: turn.locationbackbone.top
58.39.2.24 172.16.9.209 25230 3478 STUN Allocate Request UDP
172.16.9.209 58.39.2.24 3478 25230 STUN Allocate Error Response error-code: 401 (Unauthorized) Unauthorized with nonce realm: turn.locationbackbone.top
58.39.2.24 172.16.9.209 25231 3478 STUN Allocate Request UDP user: Jim realm: turn.locationbackbone.top with nonce
172.16.9.209 58.39.2.24 3478 25231 STUN Allocate Success Response XOR-RELAYED-ADDRESS: 8.136.83.163:63533 XOR-MAPPED-ADDRESS: 58.39.2.24:25231 lifetime: 600
58.39.2.24 172.16.9.209 25230 3478 STUN Allocate Request UDP user: Jim realm: turn.locationbackbone.top with nonce
172.16.9.209 58.39.2.24 3478 25230 STUN Allocate Success Response XOR-RELAYED-ADDRESS: 8.136.83.163:55677 XOR-MAPPED-ADDRESS: 58.39.2.24:25230 lifetime: 600
222.211.167.109 172.16.9.209 55666 3478 STUN Binding Request
172.16.9.209 222.211.167.109 3478 55666 STUN Binding Success Response XOR-MAPPED-ADDRESS: 222.211.167.109:55666 MAPPED-ADDRESS: 222.211.167.109:55666 RESPONSE-ORIGIN: 8.136.83.163:3478
58.39.2.24 172.16.9.209 25231 3478 STUN Refresh Request lifetime: 0 user: Jim realm: turn.locationbackbone.top with nonce
172.16.9.209 58.39.2.24 3478 25231 STUN Refresh Success Response lifetime: 0
58.39.2.24 172.16.9.209 25230 3478 STUN CreatePermission Request XOR-PEER-ADDRESS: 192.168.1.128:55666 user: Jim realm: turn.locationbackbone.top with nonce
172.16.9.209 58.39.2.24 3478 25230 STUN CreatePermission Success Response
222.211.167.109 172.16.9.209 55666 3478 STUN Allocate Request UDP
172.16.9.209 222.211.167.109 3478 55666 STUN Allocate Error Response error-code: 401 (Unauthorized) Unauthorized with nonce realm: turn.locationbackbone.top
58.39.2.24 172.16.9.209 25230 3478 STUN CreatePermission Request XOR-PEER-ADDRESS: 222.211.167.109:55666 user: Jim realm: turn.locationbackbone.top with nonce
172.16.9.209 58.39.2.24 3478 25230 STUN CreatePermission Success Response
222.211.167.109 172.16.9.209 55666 3478 STUN Allocate Request UDP user: Jim realm: turn.locationbackbone.top with nonce
172.16.9.209 222.211.167.109 3478 55666 STUN Allocate Success Response XOR-RELAYED-ADDRESS: 8.136.83.163:64761 XOR-MAPPED-ADDRESS: 222.211.167.109:55666 lifetime: 600
58.39.2.24 172.16.9.209 25230 3478 STUN CreatePermission Request XOR-PEER-ADDRESS: 8.136.83.163:64761 user: Jim realm: turn.locationbackbone.top with nonce
172.16.9.209 58.39.2.24 3478 25230 STUN CreatePermission Success Response
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 3478 STUN Binding Request
172.16.9.209 58.39.2.24 3478 25230 STUN Binding Success Response XOR-MAPPED-ADDRESS: 58.39.2.24:25230 MAPPED-ADDRESS: 58.39.2.24:25230 RESPONSE-ORIGIN: 8.136.83.163:3478
58.39.2.24 172.16.9.209 25230 64761 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 192.168.1.128:55666
172.16.9.209 192.168.1.128 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 222.211.167.109:55666
172.16.9.209 222.211.167.109 55677 55666 STUN Binding Request user: l3iy:poWX
58.39.2.24 172.16.9.209 25230 3478 STUN Send Indication XOR-PEER-ADDRESS: 8.136.83.163:64761
58.39.2.24 172.16.9.209 25230 3478 STUN Refresh Request lifetime: 0 user: Jim realm: turn.locationbackbone.top with nonce
172.16.9.209 58.39.2.24 3478 25230 STUN Refresh Success Response lifetime: 0
222.211.167.109 172.16.9.209 55666 3478 STUN Refresh Request lifetime: 0 user: Jim realm: turn.locationbackbone.top with nonce
172.16.9.209 222.211.167.109 3478 55666 STUN Refresh Success Response lifetime: 0
We notice that the callee can only receive the following message: coturn:3478 -> callee STUN, since port 3478 is the only port to which the callee has ever sent packets. The packets sent by the other ports of the coturn server are lost. We suspect the NAT is a type of port restricted cone or even symmetrical.
How can we enable the relay?


There are 2 clients (A from 58.39.2.24:25230 and B from 222.211.167.109:55666). Both successfully get an allocation (8.136.83.163:55677 & 8.136.83.163:64761, respectively).
Client A then creates 3 permissions, one for 192.168.1.128:55666 (private, probably unusable), one for 222.211.167.109:55666 (direct), and one for 8.136.83.163:64761 (relay)).
Then client A starts sending STUN binding requests towards the 3 targets. The ones destined to 222.211.167.109:55666 never get an answer, so it must be unreachable from coturn.
Client B should create a Permission for 8.136.83.163:55677, so that coturn will allow the STUN Binding Requests from A to be delivered, achieving a relay-to-relay connection: A <--> coturn <--> coturn <--> B.

Related

Failed to send Message to remote node in ignite

I am running my service in local environment and trying to connect to remote node but it showing error failed to send message to remote node.
I want to run my service in local environment and connect it to remote ignite node on different server.
my configuration is:
IgniteConfiguration igniteConfig = new IgniteConfiguration();
igniteConfig.setIgniteInstanceName("MasterCacheCluster");
igniteConfig.setPeerClassLoadingEnabled(true);
igniteConfig.setClientMode(true);
TcpDiscoverySpi discoverySpi = new TcpDiscoverySpi();
TcpDiscoveryVmIpFinder ipFinder = new
TcpDiscoveryVmIpFinder();
TcpCommunicationSpi communicationSpi = new
TcpCommunicationSpi();
ipFinder.setAddresses(Arrays.asList("server_address":47500..47509"));
discoverySpi.setIpFinder(ipFinder);
igniteConfig.setDiscoverySpi(discoverySpi);
DataStorageConfiguration dataCfg = new
DataStorageConfiguration();
DataRegionConfiguration rgnCfg = new
DataRegionConfiguration();
rgnCfg.setName("Sample_Cluster_Region");
rgnCfg.setPageEvictionMode(DataPageEvictionMode.RANDOM_2_LRU);
rgnCfg.setPersistenceEnabled(true);
rgnCfg.setMetricsEnabled(true);
dataCfg.setDataRegionConfigurations(rgnCfg);
Ignite ignite = Ignition.start(igniteConfig);
ignite.cluster().active(true);
System.out.println("Cluster Size: " +
ignite.cluster().nodes().size());
return ignite;
** server address is hidden due to privacy reason
[13:12:18,839][SEVERE][exchange-worker-#62%MasterCacheCluster%][TcpCommunicationSpi] Failed to send message to remote node [node=TcpDiscoveryNode [id=724fff2c-76c2-44e7-921f-b7c37dac7d15, consistentId=7c4ed309-0b9b-40ba-84a1-90384e0940ea, addrs=ArrayList [0:0:0:0:0:0:0:1%lo, 10.3.0.8, 127.0.0.1], sockAddrs=null, discPort=47500, order=1, intOrder=1, lastExchangeTime=1676878928401, loc=false, ver=2.14.0#20220929-sha1:951e8deb, isClient=false], msg=GridIoMessage [plc=2, topic=TOPIC_CACHE, topicOrd=8, ordered=false, timeout=0, skipOnTimeout=false, msg=GridDhtPartitionsSingleMessage [parts=null, partCntrs=null, partsSizes=null, partHistCntrs=null, err=null, client=true, exchangeStartTime=1676878928573, finishMsg=null, super=GridDhtPartitionsAbstractMessage [exchId=GridDhtPartitionExchangeId [topVer=AffinityTopologyVersion [topVer=2, minorTopVer=0], discoEvt=DiscoveryEvent [evtNode=TcpDiscoveryNode [id=96f70bd7-cbfb-4a3e-900d-00a93b10d892, consistentId=96f70bd7-cbfb-4a3e-900d-00a93b10d892, addrs=ArrayList [0:0:0:0:0:0:0:1, 127.0.0.1, 172.16.16.50], sockAddrs=HashSet [/[0:0:0:0:0:0:0:1]:0, /127.0.0.1:0, LAPTOP-6AUCFF2I/172.16.16.50:0], discPort=0, order=2, intOrder=0, lastExchangeTime=1676878923997, loc=true, ver=2.14.0#20220929-sha1:951e8deb, isClient=true], topVer=2, msgTemplate=null, span=org.apache.ignite.internal.processors.tracing.NoopSpan#baed14f, nodeId8=96f70bd7, msg=null, type=NODE_JOINED, tstamp=1676878928556], nodeId=96f70bd7, evt=NODE_JOINED], lastVer=GridCacheVersion [topVer=0, order=1676878923547, nodeOrder=0, dataCenterId=0], super=GridCacheMessage [msgId=1, depInfo=null, lastAffChangedTopVer=AffinityTopologyVersion [topVer=-1, minorTopVer=0], err=null, skipPrepare=false]]]]]
class org.apache.ignite.IgniteCheckedException: Failed to connect to node (is node still alive?). Make sure that each ComputeTask and cache Transaction has a timeout set in order to prevent parties from waiting forever in case of network issues [nodeId=724fff2c-76c2-44e7-921f-b7c37dac7d15, addrs=[/10.3.0.8:47100, /[0:0:0:0:0:0:0:1%lo]:47100, /127.0.0.1:47100]]

Your client tries to establish communication link to the server node with id=724fff2c-76c2-44e7-921f-b7c37dac7d15 after receiving it's address through discovery protocol. This exception basically implies that there's no connectivity between your local host and "server_address":47100. Every single node (including clients) should be visible to the rest of a cluster. My guess is you have some firewall rules or something like that.
Try running some tools to troubleshoot, you could start with.
nc -vz "server_address" 47100
It should be run from your laptop.
It's also worth mentioning that your server expose ipv6 addresses. It's recommended to use ipv4 at the moment. Add -Djava.net.preferIPv4Stack=true JVM param to the both client and server JVM start scripts.

Error 496 when client requests service-worker.js (only) on nginx with M-TLS

I deployed a PWA app with my nginx server and I have no problems connecting with my laptop using chrome or safari. I only get an issue when I re-connect with my iPhone and with a particular file only: sw.js (service worker).
Since it is fundamental for a PWA to get this file downloaded in order to decide whether a new version of the app is available or not, having to clear the cache from safari iOS in order to get it done is really annoying.
ok so, let me explain:
The app is hosted on a nginx server with TLS + Mutual TSL.
Each client I'm connecting from has been configured with both the certs and works fine, so I guess this is not a cert problem (neither from the TLS nor from the M-TLS).
If I connect from my laptop with chrome or safari, I have no problems at all.
2023/01/16 08:54:18 [debug] 19158#19158: *4 http process request line
2023/01/16 08:54:18 [debug] 19158#19158: *4 http request line: "GET /sw.js HTTP/1.1"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http uri: "/sw.js"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http args: ""
2023/01/16 08:54:18 [debug] 19158#19158: *4 http exten: "js"
2023/01/16 08:54:18 [debug] 19158#19158: *4 posix_memalign: 00005566D933EEA0:4096 #16
2023/01/16 08:54:18 [debug] 19158#19158: *4 http process request header line
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "Host: xx.xx.net:4765"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "Connection: keep-alive"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "Cache-Control: max-age=0"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "Accept: */*"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "Service-Worker: script"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "Sec-Fetch-Site: same-origin"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "Sec-Fetch-Mode: same-origin"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "Sec-Fetch-Dest: serviceworker"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "Referer: https://xx.xx.net:4765/sw.js"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "Accept-Encoding: gzip, deflate, br"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "Accept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "If-None-Match: "63c47f4b-2945""
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header: "If-Modified-Since: Sun, 15 Jan 2023 22:33:47 GMT"
2023/01/16 08:54:18 [debug] 19158#19158: *4 http header done
if I connect from my iPhone with safari mobile:
1) where connecting the first time with cleared cache: no issues
23/01/16 09:31:55 [debug] 19156#19156: *42 http process request line
2023/01/16 09:31:55 [debug] 19156#19156: *42 http request line: "GET /sw.js HTTP/1.1"
2023/01/16 09:31:55 [debug] 19156#19156: *42 http uri: "/sw.js"
2023/01/16 09:31:55 [debug] 19156#19156: *42 http args: ""
2023/01/16 09:31:55 [debug] 19156#19156: *42 http exten: "js"
2023/01/16 09:31:55 [debug] 19156#19156: *42 posix_memalign: 00005566D93FF330:4096 #16
2023/01/16 09:31:55 [debug] 19156#19156: *42 http process request header line
2023/01/16 09:31:55 [debug] 19156#19156: *42 http header: "Host: xx.xx.net:4765"
2023/01/16 09:31:55 [debug] 19156#19156: *42 http header: "Cache-Control: max-age=0"
2023/01/16 09:31:55 [debug] 19156#19156: *42 http header: "Accept-Encoding: gzip, deflate, br"
2023/01/16 09:31:55 [debug] 19156#19156: *42 http header: "Connection: keep-alive"
2023/01/16 09:31:55 [debug] 19156#19156: *42 http header: "Accept: */*"
2023/01/16 09:31:55 [debug] 19156#19156: *42 http header: "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Mobile/15E148 Safari/604.1"
2023/01/16 09:31:55 [debug] 19156#19156: *42 http header: "Accept-Language: it-IT,it;q=0.9"
2023/01/16 09:31:55 [debug] 19156#19156: *42 http header: "Referer: https://xx.xx.net:4765/index.html"
2023/01/16 09:31:55 [debug] 19156#19156: *42 http header: "Service-Worker: script"
2023/01/16 09:31:55 [debug] 19156#19156: *42 http header done
2023/01/16 09:31:55 [debug] 19156#19156: *42 http filename: "/var/www/html/sw.js"
2023/01/16 09:31:55 [debug] 19156#19156: *42 add cleanup: 00005566D93FF728
2023/01/16 09:31:55 [debug] 19156#19156: *42 http static fd: 23
2023/01/16 09:31:55 [debug] 19156#19156: *42 http set discard body
2023/01/16 09:31:55 [debug] 19156#19156: *42 xslt filter header
2023/01/16 09:31:55 [debug] 19156#19156: *42 **HTTP/1.1 200 OK**
2) where closing the app and then resuming it: I get a 496 on a specific file only: the sw.js (service worker) --> client sent no required SSL certificate while reading client request headers
I can't understand why but it definitely prevents my PWA from being updated.
2023/01/16 09:15:39 [debug] 19156#19156: *38 http request line: "GET /sw.js HTTP/1.1"
2023/01/16 09:15:39 [debug] 19156#19156: *38 http uri: "/sw.js"
2023/01/16 09:15:39 [debug] 19156#19156: *38 http args: ""
2023/01/16 09:15:39 [debug] 19156#19156: *38 http exten: "js"
2023/01/16 09:15:39 [debug] 19156#19156: *38 posix_memalign: 00005566D94111B0:4096 #16
2023/01/16 09:15:39 [debug] 19156#19156: *38 http process request header line
2023/01/16 09:15:39 [debug] 19156#19156: *38 http header: "Host: xx.xx.net:4765"
2023/01/16 09:15:39 [debug] 19156#19156: *38 http header: "Origin: https://xx.xx.net:4765"
2023/01/16 09:15:39 [debug] 19156#19156: *38 http header: "Accept-Encoding: gzip, deflate, br"
2023/01/16 09:15:39 [debug] 19156#19156: *38 http header: "Connection: keep-alive"
2023/01/16 09:15:39 [debug] 19156#19156: *38 http header: "Accept: */*"
2023/01/16 09:15:39 [debug] 19156#19156: *38 http header: "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Mobile/15E148 Safari/604.1"
2023/01/16 09:15:39 [debug] 19156#19156: *38 http header: "Accept-Language: it-IT,it;q=0.9"
2023/01/16 09:15:39 [debug] 19156#19156: *38 http header: "Referer: "
2023/01/16 09:15:39 [debug] 19156#19156: *38 http header: "Service-Worker: script"
2023/01/16 09:15:39 [debug] 19156#19156: *38 http header done
2023/01/16 09:15:39 [info] 19156#19156: *38 **client sent no required SSL certificate while reading client request headers, client: 76.87.343.434, server: xx.xx.net, request: "GET /sw.js HTTP/1.1", host: "xx.xx.net:4765", referrer: ""**
2023/01/16 09:15:39 [debug] 19156#19156: *38 http finalize request: 496, "/sw.js?" a:1, c:1
2023/01/16 09:15:39 [debug] 19156#19156: *38 event timer del: 20: 202080132
2023/01/16 09:15:39 [debug] 19156#19156: *38 http special response: 496, "/sw.js?"
2023/01/16 09:15:39 [debug] 19156#19156: *38 internal redirect: "/custom_404.html?"
Here are my config files:
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens off;
client_body_buffer_size 1k;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 2 1k;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log debug;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
site-available file:
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server {
listen 80;
return 301 https://xx.xx.net:port$request_uri;
}
server {
listen 4765 ssl;
server_name xx.xx.net;
# SSL
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# TLS
ssl_certificate /etc/ssh/TLS/cert.crt;
ssl_certificate_key /etc/ssh/TLS/key.key;
# M-TLS
ssl_client_certificate /etc/ssh/mutual-tls.crt;
ssl_verify_client on;
ssl_verify_depth 2;
# ERRORS
error_page 400 404 495 496 497 /custom_404.html;
location = /custom_404.html {
root /usr/share/nginx/html;
internal;
}
location / {
# Simple requests
if ($request_method ~* "(GET|POST)") {
add_header "Access-Control-Allow-Origin" '*';
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
}
# Preflighted requests
if ($request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" '*';
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
}
}
location ~* \.(html|css|js)$ {
expires -1;
}
}
Strange thing: if I request the sw.js from my browser (typing https://xx.xx.net:sslport/sw.js), I get the file with no errors.
Do you have an idea on what's going on here? maybe is a header /response-header issue?
Update:
I've successfully tried to send the request via Postman: here is the result.
Again: it only happens with iOs, I really don't know how to solve it.

Coturn fails on TURN (allocation timeout)

My coturn server always fails on turn. I've tried much variants of config, but nothing works(
Server is not NATted, and have only public IP.
Using next config:
domain=sip.domain.ru
realm=sip.domain.ru
server-name=sip.domain.ru
#listening-ip=0.0.0.0
#external-ip=0.0.0.0
external-ip=213.232.207.000
external-ip=sip.domain.ru
listening-port=3478
min-port=10000
max-port=20000
fingerprint
log-file=/var/log/coturn/turnserver.log
verbose
user=DavidMaze:Password
lt-cred-mech
#allow-loopback-peers
web-admin
web-admin-ip=213.232.207.000
web-admin-port=8090
cert=/usr/share/coturn/server.crt
pkey=/usr/share/coturn/server.key
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
While calling, there is waiting for 60s, then in logs:
0: log file opened: /var/log/coturn/turnserver_2023-01-13.log
0: pid file created: /run/turnserver/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
0: Wait for relay ports initialization...
0: relay 213.232.207.000 initialization...
0: relay 213.232.207.000 initialization done
0: relay ::1 initialization...
0: relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: turn server id=3 created
0: turn server id=2 created
0: IPv4. TLS/SCTP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/SCTP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: turn server id=5 created
0: turn server id=4 created
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/SCTP listener opened on : 213.232.207.000:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/SCTP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/SCTP listener opened on : ::1:3478
0: turn server id=6 created
0: turn server id=7 created
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv6. TLS/SCTP listener opened on : ::1:5349
0: IO method (general relay thread): epoll (with changelist)
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IO method (general relay thread): epoll (with changelist)
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: turn server id=9 created
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: turn server id=11 created
0: IO method (general relay thread): epoll (with changelist)
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: turn server id=14 created
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: turn server id=13 created
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IO method (general relay thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: turn server id=10 created
0: turn server id=15 created
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: turn server id=8 created
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: turn server id=12 created
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:3478
0: IPv4. DTLS/UDP listener opened on: 213.232.207.000:3478
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. DTLS/UDP listener opened on: 213.232.207.000:5349
0: IPv6. DTLS/UDP listener opened on: ::1:3478
0: IPv6. DTLS/UDP listener opened on: ::1:5349
0: Total General servers: 16
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (admin thread): epoll (with changelist)
0: IPv4. TLS/SCTP listener opened on : 213.232.207.000:8090
0: IPv4. TLS/TCP listener opened on : 213.232.207.000:8090
0: IPv4. web-admin listener opened on : 213.232.207.000:8090
0: SQLite DB connection success: /var/lib/turn/turndb
5: handle_udp_packet: New UDP endpoint: local addr 213.232.207.000:3478, remote addr 188.162.5.118:34297
5: session 010000000000000001: realm <sip.domain.ru> user <>: incoming packet BINDING processed, success
5: session 010000000000000001: realm <sip.domain.ru> user <>: incoming packet message processed, error 401: Unauthorized
5: IPv4. Local relay addr: 213.232.207.000:11050
5: session 010000000000000001: new, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=600
5: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet ALLOCATE processed, success
6: session 010000000000000001: peer 213.232.207.000 lifetime updated: 300
6: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet CREATE_PERMISSION processed, success
7: handle_udp_packet: New UDP endpoint: local addr 213.232.207.000:3478, remote addr 87.103.193.000:56186
7: session 006000000000000001: realm <sip.domain.ru> user <>: incoming packet BINDING processed, success
7: session 006000000000000001: realm <sip.domain.ru> user <>: incoming packet message processed, error 401: Unauthorized
7: IPv4. Local relay addr: 213.232.207.000:16236
7: session 006000000000000001: new, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=600
7: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet ALLOCATE processed, success
7: session 006000000000000001: peer 213.232.207.000 lifetime updated: 300
7: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet CREATE_PERMISSION processed, success
15: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
17: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
26: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
27: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
36: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
38: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
46: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
47: handle_udp_packet: New UDP endpoint: local addr 213.232.207.000:3478, remote addr 188.162.5.118:23038
47: session 008000000000000001: realm <sip.domain.ru> user <>: incoming packet BINDING processed, success
48: session 008000000000000001: realm <sip.domain.ru> user <>: incoming packet message processed, error 401: Unauthorized
48: IPv4. Local relay addr: 213.232.207.000:16208
48: session 008000000000000001: new, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=600
48: session 008000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet ALLOCATE processed, success
48: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet BINDING processed, success
48: session 008000000000000001: peer 213.232.207.000 lifetime updated: 300
48: session 008000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet CREATE_PERMISSION processed, success
50: session 010000000000000001: refreshed, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=0
50: session 010000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet REFRESH processed, success
50: session 008000000000000001: refreshed, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=0
50: session 008000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet REFRESH processed, success
50: session 006000000000000001: refreshed, realm=<sip.domain.ru>, username=<DavidMaze>, lifetime=0
50: session 006000000000000001: realm <sip.domain.ru> user <DavidMaze>: incoming packet REFRESH processed, success
51: session 008000000000000001: usage: realm=<sip.domain.ru>, username=<DavidMaze>, rp=5, rb=364, sp=5, sb=508
51: session 008000000000000001: closed (2nd stage), user <DavidMaze> realm <sip.domain.ru> origin <>, local 213.232.207.000:3478, remote 188.162.5.118:23038, reason: allocation timeout
51: session 008000000000000001: delete: realm=<sip.domain.ru>, username=<DavidMaze>
51: session 008000000000000001: peer 213.232.207.000 deleted
51: session 010000000000000001: usage: realm=<sip.domain.ru>, username=<DavidMaze>, rp=10, rb=592, sp=10, sb=1032
51: session 010000000000000001: closed (2nd stage), user <DavidMaze> realm <sip.domain.ru> origin <>, local 213.232.207.000:3478, remote 188.162.5.118:34297, reason: allocation timeout
51: session 010000000000000001: delete: realm=<sip.domain.ru>, username=<DavidMaze>
51: session 010000000000000001: peer 213.232.207.000 deleted
51: session 006000000000000001: usage: realm=<sip.domain.ru>, username=<DavidMaze>, rp=58, rb=7500, sp=9, sb=892
51: session 006000000000000001: closed (2nd stage), user <DavidMaze> realm <sip.domain.ru> origin <>, local 213.232.207.000:3478, remote 87.103.193.000:56186, reason: allocation timeout
51: session 006000000000000001: delete: realm=<sip.domain.ru>, username=<DavidMaze>
51: session 006000000000000001: peer 213.232.207.000 deleted
Also, 2 days ago i was having 403: forbidden IP. But it was fixed by commenting listening-ip

Fixed issue. For others:
At first, check issue on different browsers. I've detected, that call works on Mozilla Firefox, while don't work on Chromium-based browsers;
You can enable extra-verbose mode by -V flag (uppercase) or --Verbose. This can help, but logs are very annoying and no need to see them in 95% times;
While testing TURN-server via very popular tool WebRTC sample - Trickle ICE, you can see authentication failed? with relay in next line. This might not be problem, check this with other working TURN-server (example)
Check client's firewall for blocking ports of STUN/TURN servers, for port ranges of TURN. That was my case, client's firewall was blocking 24000-64000 ports.

Can't do a proxy for an npm repository in Cloudsmith with Nexus 3

I want to configure a proxy with Nexus for a private repository in cloudsmith.io.
When I configure the proxy with the public npm registry everything works good, but when I configure the proxy with the Cloudsmith repository the command npm install fails.
To authenticate with Cloudsmith (without proxy), the .npmrc file must contains this:
registry=https://npm.cloudsmith.io/<my org>/<my repo>/
//npm.cloudsmith.io/<my org>/<my repo>/:username=<my user>
//npm.cloudsmith.io/<my org>/<my repo>/:_password=<my password in base64>
So I on the proxy configuration I enabled the http authentication, but a 404 is being returned.
have you idea if I missed somenthing on the proxy configuration?
Maybe Nexus can't deal with the Cloudsmith authentication.
Update:
Nexus logs:
2019-06-21 14:10:58,736+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: ignoreCookies
2019-06-21 14:10:58,736+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
2019-06-21 14:10:58,737+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://npm.cloudsmith.io:443
2019-06-21 14:10:58,840+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to npm.cloudsmith.io/13.249.122.86:443
2019-06-21 14:10:58,840+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to npm.cloudsmith.io/13.249.122.86:443 with timeout 20000
2019-06-21 14:10:58,841+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
2019-06-21 14:10:58,841+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
2019-06-21 14:10:58,841+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
2019-06-21 14:10:59,270+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
2019-06-21 14:10:59,270+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.conn.ssl.SSLConnectionSocketFactory - negotiated protocol: TLSv1.2
2019-06-21 14:10:59,270+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.conn.ssl.SSLConnectionSocketFactory - negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2019-06-21 14:10:59,270+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.conn.ssl.SSLConnectionSocketFactory - peer principal: CN=*.cloudsmith.io
2019-06-21 14:10:59,271+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.conn.ssl.SSLConnectionSocketFactory - peer alternative names: [*.cloudsmith.io, cloudsmith.io]
2019-06-21 14:10:59,271+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.conn.ssl.SSLConnectionSocketFactory - issuer principal: CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
2019-06-21 14:10:59,271+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 172.19.0.2:48268<->13.249.122.86:443
2019-06-21 14:10:59,271+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-52: set socket timeout to 20000
2019-06-21 14:10:59,271+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.impl.execchain.MainClientExec - Executing request GET /myorganization/javascript/cordova HTTP/1.1
2019-06-21 14:10:59,271+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
2019-06-21 14:10:59,271+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
2019-06-21 14:10:59,271+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 >> GET /myorganization/javascript/cordova HTTP/1.1
2019-06-21 14:10:59,272+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 >> Host: npm.cloudsmith.io
2019-06-21 14:10:59,272+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 >> Connection: Keep-Alive
2019-06-21 14:10:59,272+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 >> User-Agent: Nexus/3.16.2-01 (OSS; Linux; 4.4.0-139-generic; amd64; 1.8.0_212)
2019-06-21 14:10:59,272+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 >> Accept-Encoding: gzip,deflate
2019-06-21 14:10:59,804+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << HTTP/1.1 404 Not Found
2019-06-21 14:10:59,804+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Content-Type: application/json
2019-06-21 14:10:59,805+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Content-Length: 71
2019-06-21 14:10:59,805+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Connection: keep-alive
2019-06-21 14:10:59,805+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Date: Fri, 21 Jun 2019 14:10:59 GMT
2019-06-21 14:10:59,805+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Allow: GET, PUT, HEAD, OPTIONS
2019-06-21 14:10:59,805+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << ETag: "2d642f304a79cbf4e5fe6270af0846ca"
2019-06-21 14:10:59,805+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Vary: Cookie
2019-06-21 14:10:59,805+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Server: Cloudsmith MCP
2019-06-21 14:10:59,805+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Content-Security-Policy: default-src 'self'; child-src 'self' https://fast.wistia.net https://giphy.com https://intercom-sheets.com https://js.stripe.com https://player.vimeo.com https://share.intercom.io https://www.google.com/recaptcha/ https://www.intercom-reporting.com https://www.youtube.com; connect-src 'self' https://api-iam.intercom.io https://api.intercom.io https://api-ping.intercom.io https://api.stripe.com https://app.getsentry.com https://bam.nr-data.net https://www.google-analytics.com https://js.intercomcdn.com https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://rs.fullstory.com https://sentry.io/api/ https://stats.g.doubleclick.net https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://widget.intercom.io https://yt0blqw1vlv7.statuspage.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://api.cloudsmith.io https://api-prd.cloudsmith.io https://cloudsmith-package-uploads-prd.s3.amazonaws.com https://cloudsmith-package-uploads-prd.s3-accelerate.amazonaws.com; font-src 'self' data: https://js.intercomcdn.com https://fonts.gstatic.com https://assets.cloudsmith.media; frame-src 'self' https://fast.wistia.net https://giphy.com https://intercom-sheets.com https://js.stripe.com https://player.vimeo.com https://share.intercom.io https://www.google.com/recaptcha/ https://www.intercom-reporting.com https://www.youtube.com; img-src 'self' data: https: https://downloads.intercomcdn.com https://gifs.intercomcdn.com https://gravatar.com https://img.shields.io https://js.intercomcdn.com https://static.intercomassets.com https://uploads.intercomusercontent.com https://assets.cloudsmith.media https://prd.cloudsmith.media https://users.cloudsmith.media; media-src 'self' https://giphy.com https://js.intercomcdn.com https://assets.cloudsmith.media https://prd.cloudsmith.media https://users.cloudsmith.media; object-src 'self'; script-src 'self' 'unsafe-inline' data: https://api.stripe.com https://app.intercom.io https://bam.nr-data.net https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/ https://cdn.ravenjs.com https://connect.facebook.net https://fullstory.com https://js.intercomcdn.com https://js.stripe.com https://maps.googleapis.com https://maps.gstatic.com https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io https://rum-static.pingdom.net https://sentry.io/api/ https://sjs.bizographics.com https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.google.com https://widget.intercom.io https://www.googleadservices.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://assets.cloudsmith.media; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://assets.cloudsmith.media; worker-src 'self' blob: https://assets.cloudsmith.media; form-action 'self' https://api-iam.intercom.io https://messenger-apps.intercom.io https://intercom.help https://cloudsmith.io https://www.cloudsmith.io https://prd.cloudsmith.io https://web-prd.cloudsmith.io; report-uri https://sentry.io/api/195170/csp-report/?sentry_key=85cf84319e204994878d7afb03753450
2019-06-21 14:10:59,805+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Public-Key-Pins: pin-sha256="++MBgDH5WGvL9Bcn5Be30cRcL0f5O+NyoXuWtQdX1aI="; pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; pin-sha256="tFOU95aPSUFNfZLpf6OdBnVvAFKxd8zxp4jCbaL3MJ0="; max-age=86400; report-uri="https://cloudsmith.report-uri.io/r/default/hpkp/enforce"
2019-06-21 14:10:59,806+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Strict-Transport-Security: max-age=5184000
2019-06-21 14:10:59,806+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Referrer-Policy: no-referrer-when-downgrade
2019-06-21 14:10:59,806+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Expect-CT: enforce, max-age=86400, report-uri="https://cloudsmith.report-uri.io/r/default/ct/enforce"
2019-06-21 14:10:59,806+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << X-Cache: Error from cloudfront
2019-06-21 14:10:59,806+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << Via: 1.1 24990d51e53375dffbe8411f5e14f579.cloudfront.net (CloudFront)
2019-06-21 14:10:59,806+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << X-Amz-Cf-Pop: ATL51-C1
2019-06-21 14:10:59,806+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.headers - http-outgoing-52 << X-Amz-Cf-Id: _igVXHch2JQA54gLS1Btz7iTlbtc1W4PQ7S_Jrc4sKYvFwvMsJ5VBg==
2019-06-21 14:10:59,807+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive for 30000 MILLISECONDS
2019-06-21 14:10:59,807+0000 INFO [qtp2116157452-1644] admin org.sonatype.nexus.repository.httpclient.internal.HttpClientFacetImpl - Repository status for myorganization-javascript-proxy changed from READY to AVAILABLE - reason n/a for n/a
2019-06-21 14:10:59,807+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-52: set socket timeout to 0

The answer is that Sonatype Nexus expects the upstream request to be challenged with a "401 Unauthorized" response + a valid WWW-Authenticate header, rather than a "404 Not Found" response.
The indication that this is the issue is in the log output at:
2019-06-21 14:10:59,271+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
2019-06-21 14:10:59,271+0000 DEBUG [qtp2116157452-1644] admin org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
Here, UNCHALLENGED states that Nexus will not be providing credentials, neither pre-emptively nor as a follow-up request. So if the target upstream is private and requires authentication, as in this case, this will cause the proxying to fail.
To fix this, the upstream will need to fix the response to return "401 Unauthorized" for the protected endpoint. This will ensure that the authentication is passed through to the target upstream. Assuming your credentials are correct, you should be authenticated.
It's also worth noting that, as of writing, Nexus does not support Bearer-based (token) authentication [1], so it isn't compatible with the npm login workflow. So make sure authentication is configured directly in .npmrc as username/password. For example:
registry=https://npm.cloudsmith.io/<my org>/<my repo>/
//npm.cloudsmith.io/<my org>/<my repo>/:username=<my user>
//npm.cloudsmith.io/<my org>/<my repo>/:_password=<my password in base64>
[1] https://issues.sonatype.org/browse/NEXUS-12456

SOAP Onvif no response for WCF Client

I have camera that supports Onvif. Calling OnVif SOAP GetDeviceInformation
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Body
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<GetDeviceInformation
xmlns="http://www.onvif.org/ver10/device/wsdl"/>
</s:Body>
</s:Envelope>
I get an answer when using SoapUI. I created simple WCF console app to call the same method - no answer from camera.
I checked with wireshart the messages sent:
SoapUI:
Frame 8858: 680 bytes on wire (5440 bits), 680 bytes captured (5440 bits) on interface 0
Ethernet II, Src: IntelCor_fc:da:96 (b4:b6:76:fc:da:96), Dst: Shenzhen_a4:9f:e8 (e8:ab:fa:a4:9f:e8)
Internet Protocol Version 4, Src: 10.0.0.8, Dst: 10.0.0.102
Transmission Control Protocol, Src Port: 61385, Dst Port: 888, Seq: 1, Ack: 1, Len: 626
Hypertext Transfer Protocol
POST /onvif/device_service HTTP/1.1\r\n
Accept-Encoding: gzip,deflate\r\n
Content-Type: application/soap+xml;charset=UTF-8;action="http://www.onvif.org/ver10/device/wsdl/GetDeviceInformation"\r\n
Content-Length: 322\r\n
[Content length: 322]
Host: 10.0.0.102:888\r\n
Connection: Keep-Alive\r\n
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)\r\n
\r\n
[Full request URI: http://10.0.0.102:888/onvif/device_service]
[HTTP request 1/1]
[Response in frame: 8891]
File Data: 322 bytes
eXtensible Markup Language
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Body
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<GetDeviceInformation
xmlns="http://www.onvif.org/ver10/device/wsdl"/>
</s:Body>
</s:Envelope>
WCF Client:
Frame 11631: 315 bytes on wire (2520 bits), 315 bytes captured (2520 bits) on interface 0
Ethernet II, Src: IntelCor_fc:da:96 (b4:b6:76:fc:da:96), Dst: Shenzhen_a4:9f:e8 (e8:ab:fa:a4:9f:e8)
Internet Protocol Version 4, Src: 10.0.0.8, Dst: 10.0.0.102
Transmission Control Protocol, Src Port: 61420, Dst Port: 888, Seq: 282, Ack: 1, Len: 261
[2 Reassembled TCP Segments (542 bytes): #11629(281), #11631(261)]
Hypertext Transfer Protocol
POST /onvif/device_service HTTP/1.1\r\n
Content-Type: application/soap+xml; charset=utf-8; action="http://www.onvif.org/ver10/device/wsdl/GetDeviceInformation"\r\n
Host: 10.0.0.102:888\r\n
Content-Length: 261\r\n
[Content length: 261]
Expect: 100-continue\r\n
Accept-Encoding: gzip, deflate\r\n
Connection: Keep-Alive\r\n
\r\n
[Full request URI: http://10.0.0.102:888/onvif/device_service]
[HTTP request 1/1]
File Data: 261 bytes
eXtensible Markup Language
<s:Envelope
xmlns:s="http://www.w3.org/2003/05/soap-envelope">
<s:Body
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<GetDeviceInformation
xmlns="http://www.onvif.org/ver10/device/wsdl"/>
</s:Body>
</s:Envelope>
Bellow WCF code after WSDL Onvif WSDL reference was added to project:
namespace OnVifInfo
{
class Program
{
static void Main(string[] args)
{
GetDeviceInfo(new Uri("http://10.0.0.102:888/onvif/device_service"));
}
private static void GetDeviceInfo(Uri uri)
{
string address = uri.AbsoluteUri.ToString();
var messageElement = new TextMessageEncodingBindingElement()
{
MessageVersion = MessageVersion.CreateVersion(EnvelopeVersion.Soap12, AddressingVersion.None)
};
HttpTransportBindingElement httpBinding = new HttpTransportBindingElement()
{
AuthenticationScheme = System.Net.AuthenticationSchemes.Negotiate
};
CustomBinding binding = new CustomBinding(messageElement, httpBinding);
OnVifWebService.DeviceClient service = new OnVifWebService.DeviceClient(binding, new EndpointAddress(address));
string model;
string firmwareVersion;
string serialNumber;
string hardwareId;
var response = service.GetDeviceInformation(out model, out firmwareVersion, out serialNumber, out hardwareId);
}
}
}
Any ideas why camera is not answering to WCF client?
Why there is reassemble line:
[2 Reassembled TCP Segments (542 bytes): #11629(281), #11631(261)]
in WCF client request, but not in SoapUI call

Problem was the Expect HTML header
Expect: 100-continue\r\n
When I added this to WCF code
System.Net.ServicePoint servicePoint = System.Net.ServicePointManager.FindServicePoint(service.Endpoint.Address.Uri);
servicePoint.Expect100Continue = false;
It removed the Expect header and I got the answer from the camera.