I have implemented rfc5766-turn-server and have it running on my own server.
in the app, I set :
pc_config = {"iceServers": [{"url":"turn:username#<turn_server_address>", "credential":"password"}]};
it seems to be working, but I have couple of questions:
is having the app set this way , with rfc5766-turn-server is enough to act as a TURN and also STUN server
or do I also need to run a stun server.
a turn server is also stun so will the rfc5766-turn-server function as a stun server (on most cases) and a turn server when needed?
for testing purposes it seems to work fine with the username and password given in the app, but eventually when the app is in production and have many users , do all users use the same username/password for the TURN server??
hope my question make sense...
Thanks
Yes, that server will try to act as a stun server first(you can configure it that way) but if that fails it will run work as a turn server.
Which ever way you want. You can have static long-term credentials or configure TURN REST API(which they support).
Related
We use a provider of global TURN servers (Xirsys). When establishing a connection between peers, each peer first identifies the closest TURN server to their location, then fetches credentials for that server. The peers then exchange ICE candidates, including their respective TURN server URLs.
If those peers are in different regions, they will propose different TURN servers. According to the accepted answer to this question: TURN-Server for RTCConfiguration the respective TURN servers will connect to each other to relay streams from Peer1 <> TURN1 <> TURN2 <> Peer2. However, I have been unable to get this to work. Forcing TURN in the clients (i.e. no direct p2p connections), and attempting to establish a peerConnection using a TURN server in e.g. the United States to one in Brazil, negotiation always fails.
Is this because the servers require credentials that are not passed in the ICE candidates? Or perhaps it's a Xirsys-specific problem? Or should it actually work fine and we're doing something else wrong?
No it's not going to be because of the credentials. They are used between the client and its TURN server. The connection between the TURN server and remote end point doesn't use any authentication.
In fact each TURN server should be blissfully unaware that the remote party is even another TURN server. As far as they are concerned they forward packets to the remote end point just the same no matter whether it's a browser, another TURN server or some other application.
So, while working through two TURN servers is possible, it's definitely not easy. The reason is that the first TURN server will generate an allocation with a given port. The second TURN server will need to send data to this port. However, how does the first TURN server know where to send that data? The second TURN server will not yet have an allocation!
Typically, WebRTC applications use a singular TURN server. If you want to use two, it means having control of the allocation generation and massaging of the SDP.
Is it possible (or any hack) to configure multiple stun/turn servers on the WebRtcEndpoint.conf.ini or through our signaling servers? So that if one stun fails it falls back to another? If the feature is not available what would be the closest solution?
I am not sure if I am looking into the right location - I've seen that WebRtcEndpoint has methods for- getStunServerPort()/getStunServerAddress(). So a possible client side configuration?
Reason - We've been using kurento media server (6.0) and elasticRTC 6.5 (For the future development) on an AWS vpc. It was working fine by using one of the publicly available STUN servers. Suddenly it stopped working and we figured out the STUN server was not working anymore. So we switched to Google stun and it started working normally
I would suggest, instead of using a globally configured IP in WebRtcEndpoint.conf.ini, to use the methods that you mention in the WebRtcEndpoint. That way, you can use a CNAME and resolve the IP every now and then. You might have a separate scheduled task that checks the STUN server to see if it's still available, and then refresh it when it is no longer valid.
I want to implement a restund server for WebRTC audio on my website. I wish to have one user be able to talk to all the other users on the platform (if anyone knows an easier way to do this than implementing a restund WebRTC server, please let me know, would help me out a lot).
But before I go and try to get restund working, I was wondering if it could be installed to work alongside my Apache HTTP dedicated server I use to host my website.
Well, STUN/TURN services are running on ports 3478 and 5349 by default. That should not conflict with those required for HTTP operations (e.g. 80, 443, 8080). So yes, this should be possible.
EasyRTC is a open source webRTC plugin used for many purpose.
My intention is to prepare a video chatting example using this. When I try this with same network connection (same wifi) it works like a charm, but when I try this with different wifi network its not working instead its through errors like
No usable STUN/TURN path -- in client end
undefined -- in initiator end.
Is there is any configuration I need to change to make this working.
Thanks in advance
Mtbikemike has called it.
The general experiment is trying using the demos at demo.easyrtc.com. They are backed by a turn server. If they work across networks and your own doesn't, then it's probably a challenging network that needs a turn server. Turn servers don't punch holes so much as they act as packet relays.
EasyRTC is an open source bundle of a signalling server, a Javascript client and some demonstration code, rather than a plugin. If you've got a firewall between you and the other party then you'll need a TURN server. We do have a TURN server backing the demo.easyrtc.com demos on our servers. We are working on putting together a paid TURN service specifically designed for EasyRTC. Should be available in the next month or so. For now you could look into using a TURN service from Xirsys or put up you own TURN server in the cloud or on your premise but outside the firewall.
So the problem I am having is that the WebSocket connection is working on my KurentoMediaServer, but no data is getting transferred (empty remote URLs). I know that this is because my KurentoMediaServer is running behind a NAT (google compute server), but the STUN/TURN server that I am using does not seem to be working.
This is what my WebRtcEndpoint.conf.ini looks like:
; Only IP address are supported, not domain names for addresses
; You have to find a valid stun server. You can check if it works
; using this tool:
; http://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
stunServerAddress=173.194.66.127
stunServerPort=19302
; turnURL gives the necessary info to configure TURN for WebRTC.
; 'address' must be an IP (not a domain).
; 'transport' is optional (UDP by default).
turnURL=test%40gmail.com:testpassword#66.228.45.110:3478
I have tested this opening all my ports temporarily to see if that was the issue, but it was not. Also test%40gmail.com is my numb TURN registered username and testpassword is my password.
I should also mention that I have my KurentoMediaServer and Application (java server) running behind the same NAT, but I have my webpage running on a separate network. Is there something I need to do with Kurento-Utils.js in order for my webpage to run a separate NAT from my app and kurento media server?
The STUN server you've entered is not working, and the TURN server yields a possible authentication error with those credentials, though it returns some srflx candidates (remember TURN servers are also STUN servers)
When facing an issue like this, the first thing is to check the STUN and TURN servers using this very useful test page.
You should
Look for a valid STUN server
Disable the TURN configuration in you KMS config file, to single out the failure to one server or the other
Make sure everything is working using STUN
Test your TURN server using the test page
Enable TURN and make sure your TURN server is working with Kurento