I've successfully made a TURN request to coturn server (https://github.com/coturn/coturn), but failed when executing a STUN request. If I try to STUN connect to coturn server from the same machine running the server using turnutils_stunclient myIP, the server responds with
RFC 5780 response 1
0: IPv4. Response origin: : IP1:3478
0: IPv4. Other addr: : IP2:3479
0: IPv4. UDP reflexive addr: IP1:36457
========================================
RFC 5780 response 2
0: IPv4. Response origin: : IP2:3479
0: IPv4. Other addr: : IP2:3479
0: IPv4. UDP reflexive addr: IP1:36457
========================================
RFC 5780 response 3
0: IPv4. Response origin: : IP2:3479
0: IPv4. Other addr: : IP2:3479
0: IPv4. UDP reflexive addr: IP1:36458
, which is great! To test STUN requests remotely, I've also installed coturn on my laptop. If I make the same request from my laptop, the stun server responds with only 1 response and hangs after that.
RFC 5780 response 1
0: IPv4. Response origin: : IP1:3478
0: IPv4. Other addr: : IP2:3479
0: IPv4. UDP reflexive addr: IP1:36457
There is no second and third message and the command line is blocked.
The problem is further confirmed when running javascript request:
function checkTURNServer(turnConfig, timeout){
return new Promise(function(resolve, reject){
setTimeout(function(){
if(promiseResolved) return;
resolve(false);
promiseResolved = true;
}, timeout || 5000);
var promiseResolved = false
, myPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection //compatibility for firefox and chrome
, pc = new myPeerConnection({iceServers:[turnConfig]})
, noop = function(){};
pc.createDataChannel(""); //create a bogus data channel
pc.createOffer(function(sdp){
if(sdp.sdp.indexOf('typ relay') > -1){ // sometimes sdp contains the ice candidates...
promiseResolved = true;
resolve(true);
}
pc.setLocalDescription(sdp, noop, noop);
}, noop); // create offer and set local description
pc.onicecandidate = function(ice){ //listen for candidate events
if(promiseResolved || !ice || !ice.candidate || !ice.candidate.candidate || !(ice.candidate.candidate.indexOf('typ relay')>-1)) return;
promiseResolved = true;
resolve(true);
};
});
}
checkTURNServer({"url":"stun:IP1:3478"}).then(function(bool){
console.log('is TURN server active? ', bool? 'yes':'no'); // prints no!!
}).catch(console.error.bind(console));
What should I do to make STUN requests work? Can you point me in the right direction?
-----------------Additional info---------------------
I've tested just TURN functionality, and I was able connect:
checkTURNServer({"url":"turn:IP1:3478",username: 'mainuser',
credential: 'mainpassword' }).then(function(bool){
console.log('is TURN server active? ', bool? 'yes':'no'); // prints yes
}).catch(console.error.bind(console));
I've installed coturn and configured it as a service. This is the contents of my /etc/systemd/system/coturn.service file:
[Unit]
Description=turnserver Service
After=network.target
[Service]
Type=simple
User=root
ExecStart=/usr/local/bin/turnserver -c /usr/local/etc/turnserver.conf
Restart=on-abort
[Install]
WantedBy=multi-user.target
When I run systemctl start coturn, service starts normally.
Contents of /usr/local/etc/turnserver.conf
listening-ip=IP1
listening-ip=IP2
lt-cred-mech
user=mainuser:mainpassword
realm=mydomain.com
max-bps=128000
cert=/etc/letsencrypt/live/mydomain.com/cert.pem
pkey=/etc/letsencrypt/live/mydomain.com/privkey.pem
result of iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_iredmail
-N FWDI_iredmail_allow
-N FWDI_iredmail_deny
-N FWDI_iredmail_log
-N FWDO_iredmail
-N FWDO_iredmail_allow
-N FWDO_iredmail_deny
-N FWDO_iredmail_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_iredmail
-N IN_iredmail_allow
-N IN_iredmail_deny
-N IN_iredmail_log
-N OUTPUT_direct
Related
I've been trying to set up an express server. All my routes seem to work correctly, it's connecting to the database that's giving me issues. I'm not great at backend but I feel like getting the host name shouldn't give me this many problems.
Here's my error: (batyr.db.elephantsql.com is my DB_HOST name):
Error: getaddrinfo ENOTFOUND 'batyr.db.elephantsql.com';
at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:71:26) {
errno: -3008,
code: 'ENOTFOUND',
syscall: 'getaddrinfo',
hostname: "'batyr.db.elephantsql.com';"
}
Here's my repository
Here's my knexfile.js:
require('dotenv').config();
const path = require("path");
module.exports = {
development: {
client: 'pg',
connection: {
host: process.env.DB_HOST,
user: process.env.DB_USERNAME,
password: process.env.DB_PASSWORD,
database: process.env.DB_NAME,
},
charset: 'utf8',
pool: { min: 1, max: 5 },
migrations: {
directory: path.join(__dirname, "src", "db", "migrations"),
},
},
};
Here's my .env file:
DATABASE_URL = 'postgres://pausapcx:vxSa5l3ZK_F2lrlMGhyt0XBlYbX7hfWY#batyr.db.elephantsql.com/pausapcx';
DB_HOST = 'batyr.db.elephantsql.com';
DB_USERNAME = 'pausapcx';
DB_PASSWORD = '***'; // cut just for this post
DB_NAME = 'pausapcx';
My server.js is running on port 8080, pgAdmin is running on port 5432
Here are the host and server names from elephantsql:
(https://i.stack.imgur.com/CnGQ4.png)
(https://i.stack.imgur.com/EVRkP.png)
I've tried with several differnet host names:
batyr.db.elephantsql.com (pgAdmin accepted this one)
batyr
I've tried the database URL
I've even tried just Elephantsql.com
I've pinged batyr.db.elephantsql.com in the terminal and gotten this response:
Pinging ec2-3-89-203-254.compute-1.amazonaws.com [3.89.203.254] with 32 bytes of data:
Reply from 3.89.203.254: bytes=32 time=41ms TTL=44
Reply from 3.89.203.254: bytes=32 time=76ms TTL=44
Reply from 3.89.203.254: bytes=32 time=38ms TTL=44
Reply from 3.89.203.254: bytes=32 time=37ms TTL=44
Ping statistics for 3.89.203.254:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 76ms, Average = 48ms
I really suck at backend, I'd appreciate any help.
Was able to get data!
terminal screenshot
The solution was to just swap out all the random connection data with a single database URL (I'll secure it in .env once it's all working)
// works:
connection: 'postgres://pausapcx:***#batyr.db.elephantsql.com/pausapcx',
// doesn't work:
connection: {
host: 'batyr.db.elephantsql.com',
user: 'pausapcx',
password: '***',
database: 'pausapcx',
},
Test gstreamer webrtcbin android example, in local network everything is ok.But cross network, webrtc paused. ice send from android is all typ host.
Got ice server: candidate:1 1 UDP 2015363327 127.0.0.1 42258 typ host index: 0
Got ice server: candidate:2 1 TCP 1015021823 127.0.0.1 9 typ host tcptype active index: 0
Got ice server: candidate:3 1 TCP 1010827519 127.0.0.1 36241 typ host tcptype passive index: 0
Got ice server: candidate:4 1 UDP 2015363583 10.0.2.16 40513 typ host index: 0
Got ice server: candidate:5 1 TCP 1015022079 10.0.2.16 9 typ host tcptype active index: 0
Got ice server: candidate:6 1 TCP 1010827775 10.0.2.16 52791 typ host tcptype passive index: 0
Got ice server: candidate:7 1 UDP 2015363839 10.0.2.15 38413 typ host index: 0
Got ice server: candidate:8 1 TCP 1015022335 10.0.2.15 9 typ host tcptype active index: 0
Got ice server: candidate:9 1 TCP 1010828031 10.0.2.15 42225 typ host tcptype passive index: 0
#define STUN_SERVER " stun-server=stun://47.104.15.123:3478 "
#define TURN_SERVER " turn-server=turn://jianxi:jianxi#47.104.15.123:3478 "
webrtc->pipe =
gst_parse_launch ("webrtcbin bundle-policy=max-bundle name=sendrecv "
STUN_SERVER TURN_SERVER
if set GST_WEBRTC_ICE_TRANSPORT_POLICY_RELAY, android will not send any ice candidate.
sturn turn server is okay. Can not catch stun packet with wireshark.
g_signal_connect (webrtc->webrtcbin, "on-ice-candidate",
G_CALLBACK (send_ice_candidate_message), webrtc);
g_signal_connect (webrtc->webrtcbin, "notify::ice-gathering-state",
G_CALLBACK (on_ice_gathering_state_notify), NULL);
g_signal_connect (webrtc->webrtcbin, "notify::ice-connection-state",
G_CALLBACK (on_ice_gathering_state_notify), NULL);
gstreamer get signal notify:
static void
on_ice_gathering_state_notify (GstElement * webrtcbin, GParamSpec * pspec,
gpointer user_data)
{
GstWebRTCICEConnectionState ice_connect_state;
GstWebRTCICEGatheringState ice_gather_state;
gchar *stunser = NULL, *turnser = NULL;
const gchar *new_state = "unknown";
g_object_get (webrtcbin, "stun-server", &stunser, NULL);
if(stunser) {
gst_print("stun-server: %s\n", stunser);
g_free(stunser);
}
g_object_get (webrtcbin, "turn-server", &turnser, NULL);
if(turnser) {
gst_print("turn-server: %s\n", turnser);
g_free(turnser);
}
g_object_get (webrtcbin, "ice-gathering-state", &ice_gather_state, NULL);
g_object_get (webrtcbin, "ice-connection-state", &ice_connect_state, NULL);
switch (ice_gather_state) {
case GST_WEBRTC_ICE_GATHERING_STATE_NEW:
new_state = "new";
break;
case GST_WEBRTC_ICE_GATHERING_STATE_GATHERING:
new_state = "gathering";
break;
case GST_WEBRTC_ICE_GATHERING_STATE_COMPLETE:
new_state = "complete";
break;
}
gst_print ("ICE gathering state changed to %s, %d\n", new_state, ice_connect_state);
}
2022-11-23 11:35:50.239 1638-5461 GLib+stdout org.freedesktop.gstreamer.webrtc I stun-server: stun://47.104.15.123:3478
2022-11-23 11:35:50.239 1638-5461 GLib+stdout org.freedesktop.gstreamer.webrtc I turn-server: turn://jianxi:jianxi#47.104.15.123:3478
2022-11-23 11:35:50.239 1638-5461 GLib+stdout org.freedesktop.gstreamer.webrtc I ICE gathering state changed to complete, 4
ice end is 4 GST_WEBRTC_ICE_CONNECTION_STATE_FAILED.
In most cases, it means there are some issues with connecting to stun/turn server from your device. Either the host is unreachable via udp or there are issues with authentication.
The easiest way to test it is with trickle-ice page from your device's browser. Set address and creds of your stun/turn and check if there are some relay/srflx/prflx candidates.
If so, then it's a configuration issue on gstreamer-side.
If not, then try using tcpdump and inspect stun requests/responses. Maybe you're not getting the responses, or there are some error responses which might give you an idea of what's wrong.
My quession is like the follow
SSH session - fixed port on the client side
Is there any solution to use like tcp-client:1234 ------> tcp-server-ssh:22
I have fix it to compile openssh,I use version openssh-portable-V_8_3_P1
add int options.bind_port
fix main()
char myaddress[100]={};
.....
case 'b':
sscanf(optarg,"%[^:]:%d",myaddress,&options.bind_port);
options.bind_address = myaddress;
break;
fix sshconnect.c at line430
((struct sockaddr_in*)&bindaddr)->sin_port= htons(options.bind_port);
if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
error("bind %s: %s", ntop, strerror(errno));
goto fail;
}
./configure && make
ln -s .ssh .myssh
try
./myssh -b 192.168.1.153:5566 root#xxx.xyz
then you can see
vmuser#ubuntu:~$ lsof | grep "myssh.*TCP"
myssh 110179 vmuser 3u IPv4 4018314 0t0 TCP ubuntu:5566->myother_ubuntu:ssh (ESTABLISHED)
myssh 110187 vmuser 3u IPv4 4017137 0t0 TCP ubuntu:5588->myother_ubuntu:ssh (ESTABLISHED)
I have been struggling to implement an RDP probe to check multiple ports in Windows machines using Prometheus Blackbox.
So far I manage to check DNS, ping, ports 80,8080 but I cannot manage to test 3389!
As a rule of thumb I would like to be able to ping/probe any ports that have services running on this hosts
My blackbox.yml is:
modules:
http_2xx:
prober: http
http:
http_get_2xx:
prober: http
http:
method: GET
http_post_2xx:
prober: http
timeout: 5s
http:
method: POST
headers:
Content-Type: application/json
body: '{}'
tcp_connect:
prober: tcp
pop3s_banner:
prober: tcp
tcp:
query_response:
- expect: "^+OK"
tls: true
tls_config:
insecure_skip_verify: false
ssh_banner:
prober: tcp
tcp:
query_response:
- expect: "^SSH-2.0-"
irc_banner:
prober: tcp
tcp:
query_response:
- send: "NICK prober"
- send: "USER prober prober prober :prober"
- expect: "PING :([^ ]+)"
send: "PONG ${1}"
- expect: "^:[^ ]+ 001"
icmp:
prober: icmp
dns_test:
prober: dns
timeout: 5s
dns:
query_name: google.com
preferred_ip_protocol: ip4
And my prometheus.yml 3389 port probe entry is:
- job_name: "rdp-dev-status"
metrics_path: /probe
params:
module: [dns_test]
static_configs:
- targets:
- nostradata-dvmh-prodweb-01
# file_sd_configs:
# - files:
# - /opt/prometheus/tools/targets/rdp-dev-targets.yml
relabel_configs:
# Ensure port is 22, pass as URL parameter
- source_labels: [__address__]
regex: (.*)(:.*)?
replacement: ${1}:3389
target_label: __param_target
# Make instance label the target
- source_labels: [__param_target]
target_label: instance
# Actually talk to the blackbox exporter though
- target_label: __address__
replacement: PROD-NIFI:9115
module: [dns_test]
Using a DNS probe is probably not going to work with RDP. Try the tcp_connect module.
I created a simple .net core console application with docker support. Following
Masstransit code fails to connect to RabbitMQ instance on host machine. But similar implementation using RabitMq.Client is able to connect to host machine RabbitMQ instance.
Masstransit throws
MassTransit.RabbitMqTransport.RabbitMqConnectionException: Connect
failed: ctas#192.168.0.9:5672/ --->
RabbitMQ.Client.Exceptions.BrokerUnreachableException:
host machine ip : 192.168.0.9
using Masstransit
string rabbitMqUri = "rabbitmq://192.168.0.9/";
string userName = "ctas";
string password = "ctas#123";
string assetServiceQueue = "hello";
var bus = Bus.Factory.CreateUsingRabbitMq(cfg =>
{
var host = cfg.Host(new Uri(rabbitMqUri), hst =>
{
hst.Username(userName);
hst.Password(password);
});
cfg.ReceiveEndpoint(host,
assetServiceQueue, e =>
{
e.Consumer<AddNewAssetReceivedConsumer>();
});
});
bus.Start();
Console.WriteLine("Service Running.... Press enter to exit");
Console.ReadLine();
bus.Stop();
Using RabbitMQ Client
public static void Main()
{
var factory = new ConnectionFactory();
factory.UserName = "ctas";
factory.Password = "ctas#123";
factory.VirtualHost = "watcherindustry";
factory.HostName = "192.168.0.9";
using (var connection = factory.CreateConnection())
using (var channel = connection.CreateModel())
{
channel.QueueDeclare(queue: "hello",
durable: false,
exclusive: false,
autoDelete: false,
arguments: null);
var consumer = new EventingBasicConsumer(channel);
consumer.Received += (model, ea) =>
{
var body = ea.Body;
var message = Encoding.UTF8.GetString(body);
Console.WriteLine(" [x] Received {0}", message);
};
channel.BasicConsume(queue: "hello",
autoAck: true,
consumer: consumer);
Console.WriteLine(" Press [enter] to exit.");
Console.ReadLine();
}
}
Docker file
FROM microsoft/dotnet:1.1-runtime
ARG source
WORKDIR /app
COPY ${source:-obj/Docker/publish} .
ENTRYPOINT ["dotnet", "TestClient.dll"]
I created an example, and was able to connect my host, using the preview package from masstransit.
Start rabbitmq in docker and expose ports on the host
docker run -d -p 5672:5672 -p 15672:15672 --hostname my-rabbit --name some-rabbit rabbitmq:3-management
Build and run console app.
docker build -t dotnetapp .
docker run -d -e RABBITMQ_URI=rabbitmq://guest:guest#172.17.0.2:5672 --name some-dotnetapp dotnetapp
To verify your receiving messages run
docker logs some-dotnetapp --follow
you should see the following output
Application is starting...
Connecting to rabbitmq://guest:guest#172.17.0.2:5672
Received: Hello, World [08/12/2017 04:35:53]
Received: Hello, World [08/12/2017 04:35:58]
Received: Hello, World [08/12/2017 04:36:03]
Received: Hello, World [08/12/2017 04:36:08]
Received: Hello, World [08/12/2017 04:36:13]
...
Notes:
172.17.0.2 was my-rabbit container ip address but you can replace it with your machine ip address
http://localhost:15672 is the rabbitmq management console log in with guest as username and password.
Lastly portainer.io is a very useful application to visually view you local docker environment.
Thanks for the response. I managed to resolve this issue. My findings are as follows.
to connect to a rabbitmq instance on another docker container, they have to be moved/connected to the same network. To do this
create a newtork
docker network create -d bridge my_bridge
connect both app and rabbitmq containers to same network
docker network connect my_bridge <container name>
For masstransit uri use rabbitmq container IP on that network or container name
To connect rabbitmq instance of host machine from a app on docker container.
masstransit uri should include machine name( I tried IP, that did not work)
Try using virtual host in MassTransit configuration too, not sure why you decided to omit it.
var host = cfg.Host("192.168.0.9", "watcherindustry", hst =>
{
hst.Username(userName);
hst.Password(password);
});
Look at Alexey Zimarev comment to your question, if your rabbit runs on a container then it should be on your docker-compese file and then use that entry in your endpoint definition to connect to rabbit because docker creates an internal network on which you are agnostic from source code...
rabbitmq:
container_name: "rabbitmq-yournode01"
hostname: rabbit
image: rabbitmq:3.6.6-management
environment:
- RABBITMQ_DEFAULT_USER=yourusergoeshere
- RABBITMQ_DEFAULT_PASS=yourpasswordgoeshere
- RABBITMQ_DEFAULT_VHOST=vhost
volumes:
- rabbit-volume:/var/lib/rabbitmq
ports:
- "5672:5672"
- "15672:15672"
In your app settings you should have something lie:
"ConnectionString": "host=rabbitmq:5672;virtualHost=vhost;username=yourusergoeshere;password=yourpasswordgoeshere;timeout=0;prefetchcount=1",
And if you'd use EasyNEtQ you could do:
_bus = RabbitHutch.CreateBus(_connectionString); // The one above
I hope it helps,
Juan