So the problem I am having is that the WebSocket connection is working on my KurentoMediaServer, but no data is getting transferred (empty remote URLs). I know that this is because my KurentoMediaServer is running behind a NAT (google compute server), but the STUN/TURN server that I am using does not seem to be working.
This is what my WebRtcEndpoint.conf.ini looks like:
; Only IP address are supported, not domain names for addresses
; You have to find a valid stun server. You can check if it works
; using this tool:
; http://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
stunServerAddress=173.194.66.127
stunServerPort=19302
; turnURL gives the necessary info to configure TURN for WebRTC.
; 'address' must be an IP (not a domain).
; 'transport' is optional (UDP by default).
turnURL=test%40gmail.com:testpassword#66.228.45.110:3478
I have tested this opening all my ports temporarily to see if that was the issue, but it was not. Also test%40gmail.com is my numb TURN registered username and testpassword is my password.
I should also mention that I have my KurentoMediaServer and Application (java server) running behind the same NAT, but I have my webpage running on a separate network. Is there something I need to do with Kurento-Utils.js in order for my webpage to run a separate NAT from my app and kurento media server?
The STUN server you've entered is not working, and the TURN server yields a possible authentication error with those credentials, though it returns some srflx candidates (remember TURN servers are also STUN servers)
When facing an issue like this, the first thing is to check the STUN and TURN servers using this very useful test page.
You should
Look for a valid STUN server
Disable the TURN configuration in you KMS config file, to single out the failure to one server or the other
Make sure everything is working using STUN
Test your TURN server using the test page
Enable TURN and make sure your TURN server is working with Kurento
Related
I was curious on why a client cannot directly to a machine running webrtc server but can do that via turn server. Both turn & webrtc are in same VPC of AWS.
Could be a lot of things.
Assuming you have the TURN configuration file correct, and as you are noting both AWS instances have public IPs, then it's possible that on the instance with the TURN server, you do not have all the firewall ports opened needed related to the TURN server: https://stackoverflow.com/a/59212004/8201657
Or, maybe it's a DNS issue and the domain of your TURN server is unknown to your peer, so it is not able to access it.
Or, maybe you are attempting to connect via WebRTC but not securely. WebRTC requires a secure connnection (https).
I'm hosting a video call site on Heroku here. My coturn server is Docker-containerized and runs locally behind a router. I opened all the needed ports (3478, 40000-65535) so that I am sure that the corturn server works over the Internet because I checked it using Trickle ICE.
Everything is fine except the video is not transferred when two devices are not on the same network. Any help?
Are you sure your code is using the TURN server?
You need to pass the iceServers list with the TURN URL and correct credentials. See for example https://developer.mozilla.org/en-US/docs/Web/API/RTCPeerConnection/setConfiguration
Then when you start the ICE gathering, you should see in coturn's log whether the Allocate Request was correctly handled and a XOR-RELAYED-ADDRESS returned.
But you can also see it on the client side (the laptop where the browser runs) by launching a tool like Wireshark and selecting stun as filter.
In addition, when the call is up, check in chrome://webrtc-internals whether ICE gathering has provided relay candidates.
I have developed a WebRTC based application along with Kurento-Media-Server.
Problems with this application is:
It works but only on open network (i.e. if run on a network without firewall).
When in firewall it runs sometimes (once out of 10 attempts).
I have tried several things with the firewall, I have disabled all kind of incoming/outgoing traffic. I have created a port-forwarding for my application as well as Kurento-media server.
I am not sure how much useful this information might be but I am deploying my
application on the same physical box along with Kurento-Media-Server. I have configured google's STUN server on my client.js, I have also configured same STUN servers on kurento using code. I haven't configured TURN server.
Just confirming this, signaling server can be behind firewall along with rest of the application, correct?
I am not sure what to look for now, any help in this area would be great.
EDIT-1
From this link I learned that my current network on which my isn't working it has issues with plain websocket connection, it doesn't allow it, it only allows secure Websocket connections.
EDIT-2
Image of netscan:
In my phone network where my app works fine I see all greens in Websocket's "plain" column.
EDIT-3 Solved
Finally found the problem, We were using a router for testing and development and I found that the router had issues, I used LAN cable on the same router and everything worked fine. Calls from application were working just fine. Firewall related details help in configuring the firewall later on.
Based on your problem description it seems all the UDP traffic is not open in your firewall. WebRTC media run on UDP ports.As you mentioned it works one out of 10 times whch means only few UDP ports are open in your firewall.You are lucky when traffic comes via tose ports.You can open port-range in your firewall and configure the same in kurento-media-server config.Your job should be done.
Even if you configure TURN server you need to open certain ports for outgoing and incoming UDP traffic.For TURN server default port is 3478 or 8443 for sending data towards it but for incoming traffic you need to configure port-range on your TURN server and open those ports in your firewall. Always remember TURN server is assured way to connect but it's always costly.
On an isolated LAN, is there any way that a WebRTC connection can be made simply with the IP addresses assigned by the DHCP server?
I understand that I can accomplish this with Node.js and Socket.io - but I was really hoping to avoid setting up that kind of server with my limited skill set. I'm a science teacher who dabbles in programming, so feel free to keep it simple. Thank you!
UPDATE
Alex, you are correct that I can avoid using a STUN server if all of the computers are on the same local network. Although I had to bite the bullet and install Node.js on my laptop, it was really wasn't complicated. I then tried a whole bunch of 'working examples' that didn't work for me, until I found this one and his GitHub files.
After running the server script in Node, I had a DataChannel connection between two browser windows on the same machine, but not between different computers. I edited the .html files to point to my local server IP address instead of localhost and I could then connect with multiple computers. Then came the real test - could I use this without an internet connection? I found the line that specified using Google's STUN servers and changed it from
var config = {"iceServers":[{"url":"stun:stun.l.google.com:19302"}]};
to just
var config = {"iceServers":[]};
It worked. :-)
Omit the iceServers list:
const pc = new RTCPeerConnection();
Either omit the iceServers list from the RTCPeerConnection constructor, or make it the empty list [].
From RTCPeerConnection docs:
iceServers | optional
An array of RTCIceServer objects, each describing one server which may be used by the ICE agent; these are typically STUN and/or TURN servers. If this isn't specified, the connection attempt will be made with no STUN or TURN server available, which limits the connection to local peers.
webrtc/samples demo
The WebRTC project has a Trickle ICE sample that you can use to see how changes in iceServers effect the candidate address that are gathered. The specific sample you want to look at is.
Run it with defaults set by pressing the Gather candidates button at the bottom of the page. This will return a list of addresses which include the address of the public side of your NAT.
Now remove all the ICE servers from the list and press Gather candidates again, this time you should only see local network addresses.
Notice that, on my network, the 2 public IPv4 addresses (beginning with 98.) only appear when I'm using the default ICE servers. When I use an empty ICE server list, my public IPv4 addresses are no longer discovered. My IPv6 addresses, on the other hand, are the same in both tests because they aren't subject to NAT.
Here is a link to the source code that sets up iceServers and PeerConnection.
Alex, you are correct that I can avoid using a STUN server if all of the computers are on the same local network. Although I had to bite the bullet and install Node.js on my laptop, it was really wasn't complicated. I then tried a whole bunch of 'working examples' that didn't work for me, until I found this one and his GitHub files.
After running the server script in Node, I had a DataChannel connection between two browser windows on the same machine, but not between different computers. I edited the .html files to point to my local server IP address instead of localhost and I could then connect with multiple computers. Then came the real test - could I use this without an internet connection? I found the line that specified using Google's STUN servers and changed it from
var config = {"iceServers":[{"url":"stun:stun.l.google.com:19302"}]};
to just
var config = {"iceServers":[]};
I have a server running on my machine. I want to send a request to the server using different IP address to test a web application. I only have the machine on which the server is installed. I have been testing as a single user but now I would like to let the server think that the request is coming from a different ip address even though it is from the same machine. How can I do that?
Here are the 2 solutions that might be possible in your situation
1- To change the ip address :
Pick an ip from the free proxies here: http://www.freeproxylists.net/
And enter the info in firefox just like this page says:
http://www.wikihow.com/Enter-Proxy-Settings-in-Firefox
Note: You may pick a proxy with port 80.
Then you are good to go...
2- Or you might use a Virtual Machine installed on the same computer as the server and access the website right from it but beware not to use bridged connection.