I have installed a resiprocate reTurn server on rhel7 according to these instructions, exactly, following number 2: https://www.webrtc-experiment.com/docs/TURN-server-installation-guide.html
I have set the following:
TurnAddress = 172.31.40.178
AltStunAddress = 172.31.40.179
TurnPort = 3478
AltStunPort = 5349
The first and second IP are both configured and can be pinged, this is the output of ifconfig:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 172.31.40.178 netmask 255.255.240.0 broadcast 172.31.47.255
inet6 fe80::45e:20ff:fe6b:6869 prefixlen 64 scopeid 0x20<link>
ether 06:5e:20:6b:68:69 txqueuelen 1000 (Ethernet)
RX packets 5100789 bytes 890198603 (848.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4742159 bytes 3984379336 (3.7 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 172.31.40.179 netmask 255.255.240.0 broadcast 172.31.47.255
ether 06:5e:20:6b:68:69 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 460812 bytes 163626411 (156.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 460812 bytes 163626411 (156.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
and the ports are open.
The output of netstat for reTurn is:
tcp 0 0 172.31.40.178:3478 0.0.0.0:*
LISTEN 17177/reTurnServer
tcp 0 0 172.31.40.178:5349 0.0.0.0:*
LISTEN 17177/reTurnServer
tcp6 0 0 :::3478 :::*
LISTEN 17177/reTurnServer
tcp6 0 0 :::5349 :::*
LISTEN 17177/reTurnServer
udp 0 0 172.31.40.179:3478 0.0.0.0:*
17177/reTurnServer
udp 0 0 172.31.40.178:3478 0.0.0.0:*
17177/reTurnServer
udp 0 0 172.31.40.179:3479 0.0.0.0:*
17177/reTurnServer
udp 0 0 172.31.40.178:3479 0.0.0.0:*
17177/reTurnServer
udp6 0 0 :::3478 :::*
17177/reTurnServer
I have set up hashed passwords, and used my domain name eg. test.example.com as the realm.
When I try to connect to the turn server it fails. I am using the following code to test the connection, with the correct username and password, and it always prints "no":
function checkTURNServer(turnConfig, timeout){
return new Promise(function(resolve, reject){
setTimeout(function(){
if(promiseResolved) return;
resolve(false);
promiseResolved = true;
}, timeout || 5000);
var promiseResolved = false
, myPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection //compatibility for firefox and chrome
, pc = new myPeerConnection({iceServers:[turnConfig]})
, noop = function(){};
pc.createDataChannel(""); //create a bogus data channel
pc.createOffer(function(sdp){
if(sdp.sdp.indexOf('typ relay') > -1){ // sometimes sdp contains the ice candidates...
promiseResolved = true;
resolve(true);
}
pc.setLocalDescription(sdp, noop, noop);
}, noop); // create offer and set local description
pc.onicecandidate = function(ice){ //listen for candidate events
if(promiseResolved || !ice || !ice.candidate || !ice.candidate.candidate || !(ice.candidate.candidate.indexOf('typ relay')>-1)) return;
promiseResolved = true;
resolve(true);
};
});
}
checkTURNServer({
'url': 'turn:test.*****.com:3478',
'credential': 'password',
'username': 'username'
}).then(function(bool){
console.log('is TURN server active? ', bool? 'yes':'no');
}).catch(console.error.bind(console));
I would be beyond grateful for any help, I'm starting to lose my marbles.
Many thanks.
172.31.40.178 is in the private IP address range. Which means you are running STUN and TURN from behind a NAT. Nothing wrong with that, provided that you enabled ports 3478, 3479, and 5349 (UDP and TCP) to be forwarded to your server appropriately.
You've left enough hints in your question to suggest that your server is running on Amazon EC2. If that is the case, the port forwarding is configured by the EC2 instance's security group. For the security group associated with this instance, enable a set of inbound rules for both UDP and TCP that allow ports 3478,3479,and 5349 for IP range 0.0.0.0/0. Also, check your VPC security group and netweork acl setting, but those are typically enabled wide-open by default.
Otherwise, if you aren't on Amazon, your hosting provider or local NAT should be enabled to port-forward these ports to the server's IP.
Also, double check to make sure your IPTable rules, if enabled, are not blocking traffic.