I am working on WebRTC framework, establishing peer connection between two Android mobile devices for voice and video calls. And now I want to move my solution to the public network where the NAT plays a major role.
My solution has to work in Symmetric NAT as well, but my STUN server is failing to establish voice/video call when it the devices are connected in Symmetric NAT. So I went to TURN server setup and did the setup successfully by the help of the following tutorial.
Free open source implementation of TURN and STUN Server
Setting up a TURN Server for WebRTC Use
And I have successfully added this server into the ICEServers of my Android application and started getting relay ICE candidates.
The candidates I am getting looks something like this
a=candidate:2312680776 1 udp 33562367 115.113.119.170 52972 typ relay raddr 223.227.91.151 rport 25323 generation 0
a=candidate:2312680776 2 udp 33562366 115.113.119.170 64698 typ relay raddr 223.227.91.151 rport 25324 generation 0
Now my question starts:
How should I assume these candidates ?? (As I want to handle these candidates manually instead of just passing these candidates to the other end)
I know how to understand srflx but not relay.
relay is followed by my global IP address and port. So does that mean I have to listen on raddr and rport to catch the audio/video data??
How should I parse these candidates and get the audio/video data ??
Note : In wireshark I am able to see the data packets coming from my TURN server on the port which is not equal to both the rport fields mentioned above in candidates.
And I read somewhere that I have to listen for some Allocate Response from TURN server.
I really need to know how do I do that. Any help about this topic will be greatly appreciated. :(
Related
I made a WebRTC video calling application that works and is able to share Audio and Video to the remote users and it also works on different networks.
We setup Coturn Server on Amazon EC2 Instance for NAT Traversal.
The issue that I'm facing is that on some networks (Globally), I'm not able to get the remote user's audio/video and I can't figure out what the issue is.
Trickle ICE test works perfectly. It's just some networks that are giving issues.
Also tried deploying Coturn on a separate EC2 instance.
tried to change ports to every possible turn configuration.
If anyone can shed some light on this one, please do let us know.
I'm attaching the logs
ICE(PC:1601497557091097 (id=10737418241 url=https://*****)): relay only option is set without any TURN server configured
ICE(PC:1601497557091097 (id=10737418241 url=https://*****)): relay only option results in no host candidate for IP4:192.168.43.57:0/UDP
ICE(PC:1601497557091097 (id=10737418241 url=https://*****)): relay only option is set without any TURN server configured
ICE(PC:1601497557091097 (id=10737418241 url=https://*****)): relay/proxy only option results in ICE TCP being disabled
ICE(PC:1601497557091097 (id=10737418241 url=https://*****)): couldn’t create any valid candidates
2:03
________
2:03
builds/worker/checkouts/gecko/media/mtransport/third_party/nICEr/src/net/nr_socket_multi_tcp.c:617 function nr_socket_multi_tcp_listen failed with error 3
ICE(PC:1601487818957513 (id=4294967297 url=https://*****)): failed to create passive TCP host candidate: 3
/builds/worker/checkouts/gecko/media/mtransport/third_party/nICEr/src/net/nr_socket_multi_tcp.c:617 function nr_socket_multi_tcp_listen failed with error 3
ICE(PC:1601487818957513 (id=4294967297 url=https://*****)): failed to create passive TCP host candidate: 3
ICE(PC:1601487818957513 (id=4294967297 url=https://*****): All candidates initialized
2:06
_________________________
2:06
ICE(PC:1601497557091097 (id=10737418241 url=https://*****)): relay only option results in no host candidate for IP6:[2401:4900:1202:b867:213f:764b:4942:4757]:0/UDP
I have two clients communicating over webrtc. (Client A writen in js, Client B in Python with aiortc). Now it happens that Client A wants to connect from a mobile Network thus it requires a turn-relay connection.
I have already setup a turn server which seems to do his job. But only approx 50% of the connections succeed now. I already found out when they succeed and when they fail:
SDP relay information in case of success:
Offer Client A
a=candidate:3 2 UDP 92217086 172.31.16.8 59986 typ relay raddr 172.31.16.8 rport 59986
Response Client B
a=candidate:11 1 UDP 92086015 172.31.16.8 49910 typ relay raddr 172.31.16.8 rport 49910
SDP relay information in case of failure:
Offer Client A
a=candidate:7 1 UDP 92151551 172.31.16.8 49871 typ relay raddr 172.31.16.8 rport 49871
Response Client B
a=candidate:5820bb1602563a80c76891a80be14933 1 udp 16777215 18.185.84.96 53279 typ relay raddr 172.31.1.103 rport 49244
The important difference is the IP address shown in the Response from Client B, in the successfull scenario it is the IP adress of the net in which Client B is, in the failing scenario it is the IP address of the turnserver (18.185.84.96).
Actually I do not understand why it sometimes gives the IP of the turnserver and the other times not, and what it means that the IP address of the turnserver is not possible to use...
Anyone any ideas, on where to start looking for the issue?
It seems like our turn server was missconfigured.
I can not tell what was misconfigured, because sadly I have no access to the configuration of the turn server.
But I tested by deploying some turn servers on my local machine and they behaved similar when they where not correctly configured. By looking into the logs of thos turn servers I saw 401 Unauthorized popping up all the time. So I changed the configuration, until the authorization was working. With this config we deployed a new server which is now working.
Some words on the configuration for people also having troubles with that on the first run, those are the configurations we put into /etc/turnserver.conf and passed it when starting the server with turnserver -v -c /etc/turnserver.conf:
listening-port=<port>
alt-listening-port=<port>
listening-ip=<listening-ip>
external-ip=<external-ip>
realm=<realm>
fingerprint
lt-cred-mech
user=<user:pw>
bofore coming to that configuration we made some errors, maybe they are obious to experienced people but they were not to us:
we had the use-auth-secret in the config file, this should not be enabled when using user
we had the issue that the turn server was usable in firefox but not in chrome or others, (not possible to gather relay candidates), this was do to realm not beeing configured in the config
I am Working with peerJS,
In LAN all is OK, but if I use turn servers from cellphone connection the stream connection fails.
The mediaStream is passed in peerJS connection.on('stream', (stream)=>{..
but crashes just after this, the problem seems related to stun/turn negotiation, here the console logs:
.callConnection.on('stream')... <-- I receive the stream
...
PeerJS: Set remoteDescription: ANSWER for: PEER_ID
PeerJS: Added ICE candidate for: PEER_ID
PeerJS: iceConnectionState is disconnected, closing connections to PEER_ID
myHandler.Negotiation of connection to PEER_ID failed.
And then this error catched:
Error: Negotiation of connection to PEER_ID failed.
at RTCPeerConnection.pc.oniceconnectionstatechange [as onicechange]
and here fails
what could it be?
I am not sure if it matters, in the signaling negotiation LOGS I cannot see the configured TURN IP, I only see other IPs:
{"type":"CANDIDATE","src":"itEthicsoftIdeskUserUUU1","dst":"itEthicsoftIdeskDeviceDDDfa53da20-5cc8-83dc-e259-df0ef328fbb7","payload":{"candidate":{"candidate":"candidate:1028452565 1 udp 2113937151 10.98.5.173 42892 typ host generation 0 ufrag lewL network-cost 50","sdpMid":"audio","sdpMLineIndex":0},"type":"media","connectionId":"mc_yzox790yv9b"}}
{"type":"CANDIDATE","src":"itEthicsoftIdeskUserUUU1","dst":"itEthicsoftIdeskDeviceDDDfa53da20-5cc8-83dc-e259-df0ef328fbb7","payload":{"candidate":{"candidate":"candidate:842163049 1 udp 1677729535 37.162.11.125 44523 typ srflx raddr 10.98.5.173 rport 42892 generation 0 ufrag lewL network-cost 50","sdpMid":"audio","sdpMLineIndex":0},"type":"media","connectionId":"mc_yzox790yv9b"}}
Thanks in advance
I'm in a hurry at the moment.
My Question is, is there a way to forward UDP to TCP port?
I need this for hosting a game server for my friends, I want to
host Counter-Strike server for example, but it uses UDP (User Datagram Protocol) for server port, but NGROK only supports TCP (Transmission Control Protocl) & HTTP (HyperText Transfer Protocol).
I tried this while ago..
ngrok tcp 127.0.0.1:27015
and as usually it will start :
ngrok by #inconshreveable (Ctrl+C to quit)
Session Status online
Account Soricy Infinitive (Plan: Free)
Version 2.2.8
Region United States (us)
Web Interface http://127.0.0.1:4040
Forwarding tcp://0.tcp.ngrok.io:18833 -> 127.0.0.1:27015
Connections ttl opn rt1 rt5 p50 p90
0 0 0.00 0.00 0.00 0.00
But fails to connect to 0.tcp.ngrok.io:18833 in the game, and displays that there is no UDP configured on the server side.
Is there any way I could do this differently? UDP=>TCP?
Checkout DatagramTunnneler (on github). It is an open-source c++ program which simply listens to UDP traffic and forwards it to a TCP endpoint of your choice. On that TCP endpoint another instance of the DatagramTunneler publishes the UDP data back onto a UDP channel.
Disclaimer: I wrote that tool.
One way is to copy the "raw" udp Payload and create a new TCP packet with the raw payload. But you need to set the same data of the other layer except the udp layer. Also: You need a clean configuration of the tcp layer.
I'm tunneling all of my internet traffic through a remote computer hosting Debian using sshd. But my internet connection becomes so slow (something around 5 to 10 kbps!). Can be anything wrong with the default configuration to cause this problem?
Thanks in advance,
Tunneling TCP within another TCP stream can sometimes work -- but when things go wrong, they go wrong very quickly.
Consider what happens when the "real world" loses one of your TCP packets: after a certain amount of not getting an ACK packet back in response to new data packets, the sending side realizes a packet has gone missing and re-sends the data.
If that packet happens to be a TCP packet whose payload is another TCP packet, then you have two TCP stacks that are upset about their missing packet. The tunneled TCP layer will re-send packets and the outer TCP layer will also resend packets. This causes a giant pileup of duplicate packets that will eventually be delivered and must be dropped on the floor -- because the outer TCP reliably delivered the packet, eventually.
I believe you would be much better served by a more dedicated tunneling method such as GRE tunnels or IPSec.
Yes, tunelling traffic over tcp connection is not a good idea. See http://sites.inka.de/bigred/devel/tcp-tcp.html