unable to connect to Coturn server - webrtc

I am following the official coturn docs and trying to setup a coturn server to handle STUN and TURN requests. I am testing if my server runs correctly by using this little JS script:
function checkTURNServer(turnConfig, timeout){
return new Promise(function(resolve, reject){
setTimeout(function(){
if(promiseResolved) return;
resolve(false);
promiseResolved = true;
}, timeout || 5000);
var promiseResolved = false
, myPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection //compatibility for firefox and chrome
, pc = new myPeerConnection({iceServers:[turnConfig]})
, noop = function(){};
pc.createDataChannel(""); //create a bogus data channel
pc.createOffer(function(sdp){
if(sdp.sdp.indexOf('typ relay') > -1){ // sometimes sdp contains the ice candidates...
promiseResolved = true;
resolve(true);
}
pc.setLocalDescription(sdp, noop, noop);
}, noop); // create offer and set local description
pc.onicecandidate = function(ice){ //listen for candidate events
if(promiseResolved || !ice || !ice.candidate || !ice.candidate.candidate || !(ice.candidate.candidate.indexOf('typ relay')>-1)) return;
promiseResolved = true;
resolve(true);
};
});
}
and running it with my credentials:
checkTURNServer({"url":"turn:IP1:3478",'username': 'bayaz',"credential":"magi"}).then(function(bool){
console.log('is TURN server active? ', bool? 'yes':'no');
}).catch(console.error.bind(console));
Where the user was created with;
turnadmin -A -u bayaz -p magi
This are uncommented lines in configuration file:
listening-port=3478
tls-listening-port=5349
listening-ip=IP1
listening-ip=IP2
verbose
lt-cred-mech
realm=mydomain.com
cert=/etc/letsencrypt/live/mydomain.com/cert.pem
pkey=/etc/letsencrypt/live/mydomain.com/privkey.pem
This is the output of running turnserver -c path/to/file.conf
0: log file opened: /var/tmp/turn_10200_2019-05-17.log
0: Listener address to use: IP1
0: Listener address to use: IP2
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.0.8 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 4096
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 2000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.2k-fips 26 Jan 2017 (0x100020bf)
0:
0: SQLite supported, default database location is /usr/local/var/db/turndb
0: Redis is not supported
0: PostgreSQL is not supported
0: MySQL is not supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Domain name:
0: Default realm: mydomain.com
0: SSL23: Certificate file found: /etc/letsencrypt/live/mydomain.com/cert.pem
0: SSL23: Private key file found: /etc/letsencrypt/live/mydomain.com/privkey.pem
0: TLS1.0: Certificate file found: /etc/letsencrypt/live/mydomain.com/cert.pem
0: TLS1.0: Private key file found: /etc/letsencrypt/live/mydomain.com/privkey.pem
0: TLS1.1: Certificate file found: /etc/letsencrypt/live/mydomain.com/cert.pem
0: TLS1.1: Private key file found: /etc/letsencrypt/live/mydomain.com/privkey.pem
0: TLS1.2: Certificate file found: /etc/letsencrypt/live/mydomain.com/cert.pem
0: TLS1.2: Private key file found: /etc/letsencrypt/live/mydomain.com/privkey.pem
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /etc/letsencrypt/live/mydomain.com/cert.pem
0: DTLS: Private key file found: /etc/letsencrypt/live/mydomain.com/privkey.pem
0: DTLS1.2: Certificate file found: /etc/letsencrypt/live/mydomain.com/cert.pem
0: DTLS1.2: Private key file found: /etc/letsencrypt/live/mydomain.com/privkey.pem
0: DTLS cipher suite: DEFAULT
0: Relay address to use: IP1
0: Relay address to use: IP2
Cannot create pid file: /var/run/turnserver.pid: Permission denied
0: Cannot create pid file: /var/run/turnserver.pid
0: pid file created: /var/tmp/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0: relay IP1 initialization...
0: relay IP1 initialization done
0: relay IP2 initialization...
0: relay IP2 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: IPv4. TLS/SCTP listener opened on : IP1:3478
0: IPv4. TLS/TCP listener opened on : IP1:3478
0: IPv4. TLS/SCTP listener opened on : IP1:3479
0: IPv4. TLS/TCP listener opened on : IP1:3479
0: IPv4. TLS/SCTP listener opened on : IP1:5349
0: IPv4. TLS/TCP listener opened on : IP1:5349
0: IPv4. TLS/SCTP listener opened on : IP1:5350
0: IPv4. TLS/TCP listener opened on : IP1:5350
0: IPv4. TLS/SCTP listener opened on : IP2:3478
0: IPv4. TLS/TCP listener opened on : IP2:3478
0: IPv4. TLS/SCTP listener opened on : IP2:3479
0: IPv4. TLS/TCP listener opened on : IP2:3479
0: IPv4. TLS/SCTP listener opened on : IP2:5349
0: IPv4. TLS/TCP listener opened on : IP2:5349
0: IPv4. TLS/SCTP listener opened on : IP2:5350
0: IPv4. TLS/TCP listener opened on : IP2:5350
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IPv4. TLS/TCP listener opened on : IP1:3478
0: IPv4. TLS/TCP listener opened on : IP1:3479
0: IPv4. TLS/TCP listener opened on : IP1:5349
0: IPv4. TLS/TCP listener opened on : IP1:5350
0: IPv4. TLS/TCP listener opened on : IP2:3478
0: IPv4. TLS/TCP listener opened on : IP2:3479
0: IPv4. TLS/TCP listener opened on : IP2:5349
0: IPv4. TLS/TCP listener opened on : IP2:5350
0: IPv4. DTLS/UDP listener opened on: IP1:3478
0: IPv4. DTLS/UDP listener opened on: IP1:3479
0: IPv4. DTLS/UDP listener opened on: IP1:5349
0: IPv4. DTLS/UDP listener opened on: IP1:5350
0: IPv4. DTLS/UDP listener opened on: IP2:3478
0: IPv4. DTLS/UDP listener opened on: IP2:3479
0: IPv4. DTLS/UDP listener opened on: IP2:5349
0: IPv4. DTLS/UDP listener opened on: IP2:5350
0: Total General servers: 2
0: IO method (admin thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IPv4. CLI listener opened on : 127.0.0.1:5766
0: SQLite DB connection success: /usr/local/var/db/turndb
When I test my turn server, I get my custom error message "is TURN server active? no" in the console, which indicated that I got no response from the server.
I already spent a few days trying to figure this out, but I had no luck. What am I missing here?


sudo systemctl start coturn
is the EASY way to do the things ... for sure you can use turnserver command, but the right command for yous situaton is not so easy to do.
With that command you can start the turn.conf server, witouth other problem .... these is my config webrtc app show my Turn server broken, but it works ... I use it with dns in local server apache2 with redirect and proxy, all traffic UDP all on 443 port (not for turnsturn obviusly). Coturn is 4.5. Note no-cli and all cli option ... if I use only no-cli option, server not run. Read my reply too.

Related

Ui Automation - java.net.SocketTimeoutException: Read timed out for "driver url"

My web page is very slow and taking approx 1 minute to load page. Hence causing below line to fail.
* configure driver = { type: 'chromedriver', executable: '/Users/vikas/Apps/chromedriver', showDriverLog: true }
* driver 'http://XXXX.XXX'
I configured readTimeout in karate-config.js but no help:
karate.configure('readTimeout', 60000);
Error Message:
ERROR com.intuit.karate - java.net.SocketTimeoutException: Read timed out, http call failed after 30003 milliseconds for URL: http://localhost:9515/session/c7c09b611f294b8d13ef7d63668b2677/url
ERROR com.intuit.karate - http request failed:
java.net.SocketTimeoutException: Read timed out
For Selenium WebDriver there is infinite timeout for driver.get(url) which can be changed by pageLoadTimeout() .
Is there anything with Karate Core to handle such long page loading.

Yes, the config for the HTTP client used for the UI driver is separate. So you do something like this:
* configure driver = { httpConfig: { readTimeout: 120000 } }
Just add httpConfig to your existing driver configuration.
Refer: https://github.com/intuit/karate/tree/master/karate-core#configure-driver

It shows error after using geck V0.16.1

It shows error after using geckodriver V0.16.1 Browser is getting opened and also URL is opened, but shows below error while opening browser:
1496729301597 geckodriver INFO Listening on 127.0.0.1:26189
1496729302267 geckodriver::marionette INFO Starting browser
\?\C:\Program Files\Mozilla Firefox\firefox.exe with args
["-marionette"]
1496729302562 addons.manager ERROR startup failed: [ExceptioJavaScript
error: resource://gre/modules/AddonManager.jsm, line 1657:
NS_ERROR_NOT_INITIALIZED: AddonManager is not initialized
n... "Component returned failure code: 0x80070057
(NS_ERROR_ILLEGAL_VALUE) [nsIFile.create]" nsresult: "0x80070057
(NS_ERROR_ILLEGAL_VALUE)" location: "JS frame ::
resource://gre/modules/FileUtils.jsm :: FileUtils_getDir :: line 70"
data: no] Stack trace:
FileUtils_getDir()#resource://gre/modules/FileUtils.jsm:70 <
FileUtils_getFile()#resource://gre/modules/FileUtils.jsm:42 <
validateBlocklist()#resource://gre/modules/AddonManager.jsm:671 <
startup()#resource://gre/modules/AddonManager.jsm:834 <
startup()#resource://gre/modules/AddonManager.jsm:3129 <
observe()#resource://gre/components/addonManager.js:65
JavaScript error: resource://gre/components/SanityTest.js, line 65:
NS_ERROR_FILE_ACCESS_DENIED: Component returned failure code:
0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIPrefService.savePrefFile]
JavaScript error: resource://gre/modules/AddonManager.jsm, line 2570:
NS_ERROR_NOT_INITIALIZED: AddonManager is not initialized
1496729310139 Marionette INFO Listening on port 50194
Jun 06, 2017 11:38:30 AM org.openqa.selenium.remote.ProtocolHandshake
createSession
INFO: Detected dialect: W3C
My code is as given below:
public static void main(String[] args) throws InterruptedException {
// TODO Auto-generated method stub
WebDriver driver ;
System.setProperty("webdriver.gecko.driver","D:\\geckodriver-v0.16.1-win64\\geckodriver.exe");
driver = new FirefoxDriver();
driver.get("http://google.co.in");
}

May I know which selenium standalone server version you are using? It should work fine with 3.4.0

JSch can't connect via Kerberos keytab file

I built a Java application, which runs a command via ssh. In the first attempt I authenticated via username and password, and everything worked fine.
Now I want to use a Kerberos keytab file to make the authentication, but this makes problems!
Here a few words to my configuration:
KDC server: my-server.de
Realm name: MYREALM.DE
Keytab username: keytabuser
KDC = server: runs on CentOS 7
my client: Windows 8.1 (x64) with all default configurations, Kerberos for Windows installed
my username on client: Daniel
kinit -kt ... seems to work fine, so the keytab file should also be ok
What I have so far is this code snippet:
public static void main(String[] args) {
String host = "my-server.de";
String user = "keytabuser";
String command = "ls -l";
JSch jsch = new JSch();
jsch.setLogger(new MyLogger());
System.setProperty("java.security.krb5.conf", "C:\\ProgramData\\MIT\\Kerberos5\\krb5.ini");
System.setProperty("java.security.auth.login.config", "C:\\ProgramData\\MIT\\Kerberos5\\jaas.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
//to enable kerberos debugging mode
System.setProperty("sun.security.krb5.debug", "true");
try {
Session session = jsch.getSession(user, host, 22);
Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
config.put("PreferredAuthentications", "gssapi-with-mic");
session.setConfig(config);
session.connect(20000);
Channel channel = session.openChannel("exec");
... // Do the commands
channel.disconnect();
session.disconnect();
System.out.println("DONE");
} catch (JSchException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
This is my jaas.conf file:
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
principal="keytabuser#MYREALM.DE"
useKeyTab=true
keyTab="C:\ProgramData\MIT\Kerberos5\keytabuser.keytab"
storeKey=true;
};
And here my krb5.ini file:
[libdefaults]
default_realm = MYREALM.DE
[realms]
MYREALM.DE = {
admin_server = my-server.de
kdc = my-server.de
}
When I run this application I get the following output:
UPDATED: New console output after new jsch dependency 0.1.54
INFO: Connecting to my-server.de port 22
INFO: Connection established
INFO: Remote version string: SSH-2.0-OpenSSH_6.6.1
INFO: Local version string: SSH-2.0-JSCH-0.1.54
INFO: CheckCiphers: aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,arcfour,arcfour128,arcfour256
INFO: aes256-ctr is not available.
INFO: aes192-ctr is not available.
INFO: aes256-cbc is not available.
INFO: aes192-cbc is not available.
INFO: CheckKexes: diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
INFO: CheckSignatures: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: SSH_MSG_KEXINIT sent
INFO: SSH_MSG_KEXINIT received
INFO: kex: server: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
INFO: kex: server: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
INFO: kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
INFO: kex: server: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm#openssh.com,aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se
INFO: kex: server: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
INFO: kex: server: hmac-md5-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-sha1-96-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-sha1,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-sha1-96,hmac-md5-96
INFO: kex: server: none,zlib#openssh.com
INFO: kex: server: none,zlib#openssh.com
INFO: kex: server:
INFO: kex: server:
INFO: kex: client: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
INFO: kex: client: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: aes128-ctr,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha1-96,hmac-md5-96
INFO: kex: client: none
INFO: kex: client: none
INFO: kex: client:
INFO: kex: client:
INFO: kex: server->client aes128-ctr hmac-md5 none
INFO: kex: client->server aes128-ctr hmac-md5 none
INFO: SSH_MSG_KEX_ECDH_INIT sent
INFO: expecting SSH_MSG_KEX_ECDH_REPLY
INFO: ssh_rsa_verify: signature true
WARN: Permanently added 'my-server.de' (RSA) to the list of known hosts.
INFO: SSH_MSG_NEWKEYS sent
INFO: SSH_MSG_NEWKEYS received
INFO: SSH_MSG_SERVICE_REQUEST sent
INFO: SSH_MSG_SERVICE_ACCEPT received
INFO: Authentications that can continue: gssapi-with-mic
INFO: Next authentication method: gssapi-with-mic
INFO: Disconnecting from my-server.de port 22
com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:519)
at kerberos.JschKerberos.main(JschKerberos.java:49)
Is there something incorrect with my configuration? Are there some conditions between the local (user, domain, etc.) and the remote one?

I finally found the solution! It was a missing service keytab for the sshd service! Some service principals aren't generated automatically by the Kerberos server. So this has to been done manually by the kadmin, as the sshd service also has to authenticate against Kerberos! This is done by the host/fqdn#REALM principal.
Important here: The "host" is a fixed String(!), I always replaced it by the hostname of my OpenSSH server machine... So, only "fqdn" and "REALM.COM" must be replaced by your data!
See this for more information (in German): http://www.pks.mpg.de/~mueller/docs/suse10.3/opensuse-manual_de/manual/sec.kerbadmin.hostprinc.html
This also shows the steps (English): http://www.microhowto.info/howto/create_a_host_principal_using_mit_kerberos.html
So these were the necessary steps for me to get the application work:
Set GSSAPIAuthentication yes in the /etc/ssh/sshd_conf config file of the OpenSSH server
Set Host * [...] GSSAPIAuthentication yes in the /etc/ssh/ssh_conf config file of the ssh client
Check the jaas.conf and krb5.conf (or .ini) files on the client for correct settings (see the code blocks in the question section above)
On the Kerberos server, open kadmin.local and type ktadd host/my-server.de
optional: Add a user principal (if not exists yet): ktadd keytabuser
Make a kinit keytabuser (with password) or kinit -kt /path/to/file.keytab keytabuser (normal Kerberos command)
Check if the user is authenticated via klist
Run the application or ssh directly via console ssh keytabuser#my-server.de
You should be logged in by the cached ticket!
Of course, the user keytabuser must be a user on the ssh-server machine!

Selenium and a Non-working IEDriverServer

The IEDriverServer is throwing a OpenQA.Selenium.WebDriverException when I try a simple navigation to a page. This is working for Firefox.
It is "Unexpected error" and if I read further along it appears to be a 404 page not found.
I have already disabled protected mode for all zones and had also made IntroduceInstabilityByIgnoringProtectedModeSettings = true on the InternetExplorerOptions object.
How does one get IE working in this case?
Edit
Here is the stacktrace:
at OpenQA.Selenium.Remote.RemoteWebDriver.UnpackAndThrowOnError(Response
errorResponse) at
OpenQA.Selenium.Remote.RemoteWebDriver.Execute(String
driverCommandToExecute, Dictionary`2 parameters) at
OpenQA.Selenium.Remote.RemoteWebDriver.StartSession(ICapabilities
desiredCapabilities) at
OpenQA.Selenium.Remote.RemoteWebDriver..ctor(ICommandExecutor
commandExecutor, ICapabilities desiredCapabilities) at
OpenQA.Selenium.IE.InternetExplorerDriver..ctor(InternetExplorerDriverService
service, InternetExplorerOptions options, TimeSpan commandTimeout)
at
OpenQA.Selenium.IE.InternetExplorerDriver..ctor(InternetExplorerDriverService
service, InternetExplorerOptions options) at
CUWebinars.Selenium.Core.Ie.IeTestDriver..ctor() in
e:\TTS\BankWebinars\CUWebinars.Selenium.Core\Ie\IeTestDriver.cs:line
21 at CUWebinars.WebUi.Tests.Ie.IeBaseTest.Setup() in
e:\TTS\BankWebinars\CUWebinars.WebUi.Tests\Ie\IeBaseTest.cs:line 13
Edit 2
The following is in the constructor of the IeTestDriver (custom class)
const string ieTestDriverLocation = #"E:\";
var internetExplorerDriverService = InternetExplorerDriverService.CreateDefaultService(ieTestDriverLocation);
var internetExplorerOptions = new InternetExplorerOptions();
internetExplorerDriverService.Port = 333; // this is the port for the driver, not the webpage
port = "5556"; // in base class
webDriver = new InternetExplorerDriver(internetExplorerDriverService, internetExplorerOptions); // crashes here
webDriver.Manage().Timeouts().ImplicitlyWait(TimeSpan.FromSeconds(10));
webDriver.Manage().Timeouts().SetScriptTimeout(TimeSpan.FromSeconds(10));

The port 333 specified for the InternetExplorerDriverService falls within the well-known-port-numbers range:
On most systems, a well-known port number can only be used by a system
(root) process or by a program run by a privileged user.
Allow the driver service to select its own port by not specifying one explicitly, or provide an available port.
Double clicking IEDriverServer.exe will give you a Listening on port <number> message to see what it automatically picks up as available.

selenium RC- change default port 4444 port .if the port is busy at runtime

How to handle the scenario while running SELENIUM RC.If we get the default port 4444 is busy.

You first need to check whether port 4444 is busy. If it is busy then set your RC to use a different port.
static int port=4444;
try {
ServerSocket serverSocket = new ServerSocket(port);
//Checking whether 4444 is closed or not
if(!serverSocket.isClosed())
port=5555;//Or whatever port you like
//Now start selenium server
RemoteControlConfiguration rcc = new RemoteControlConfiguration();
rcc.setPort(port);
SeleniumServer server = new SeleniumServer(false, rcc);
server.start(); }
catch(Exception e){
e.printStackTrace(); }