Search code examples
configurationserverreturnstunturn

reTurn Server (resiprocate) not responding, config error?

I have installed a resiprocate reTurn server on rhel7 according to these instructions, exactly, following number 2: https://www.webrtc-experiment.com/docs/TURN-server-installation-guide.html

I have set the following:

TurnAddress = 172.31.40.178
AltStunAddress = 172.31.40.179
TurnPort = 3478
AltStunPort = 5349

The first and second IP are both configured and can be pinged, this is the output of ifconfig:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
        inet 172.31.40.178  netmask 255.255.240.0  broadcast 172.31.47.255
        inet6 fe80::45e:20ff:fe6b:6869  prefixlen 64  scopeid 0x20<link>
        ether 06:5e:20:6b:68:69  txqueuelen 1000  (Ethernet)
        RX packets 5100789  bytes 890198603 (848.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4742159  bytes 3984379336 (3.7 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
        inet 172.31.40.179  netmask 255.255.240.0  broadcast 172.31.47.255
        ether 06:5e:20:6b:68:69  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 460812  bytes 163626411 (156.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 460812  bytes 163626411 (156.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

and the ports are open.

The output of netstat for reTurn is:

tcp        0      0 172.31.40.178:3478      0.0.0.0:*
LISTEN      17177/reTurnServer
tcp        0      0 172.31.40.178:5349      0.0.0.0:*
LISTEN      17177/reTurnServer
tcp6       0      0 :::3478                 :::*
LISTEN      17177/reTurnServer
tcp6       0      0 :::5349                 :::*
LISTEN      17177/reTurnServer
udp        0      0 172.31.40.179:3478      0.0.0.0:*
         17177/reTurnServer
udp        0      0 172.31.40.178:3478      0.0.0.0:*
         17177/reTurnServer
udp        0      0 172.31.40.179:3479      0.0.0.0:*
         17177/reTurnServer
udp        0      0 172.31.40.178:3479      0.0.0.0:*
         17177/reTurnServer
udp6       0      0 :::3478                 :::*
         17177/reTurnServer

I have set up hashed passwords, and used my domain name eg. test.example.com as the realm.

When I try to connect to the turn server it fails. I am using the following code to test the connection, with the correct username and password, and it always prints "no":

function checkTURNServer(turnConfig, timeout){ 

  return new Promise(function(resolve, reject){

    setTimeout(function(){
        if(promiseResolved) return;
        resolve(false);
        promiseResolved = true;
    }, timeout || 5000);

    var promiseResolved = false
      , myPeerConnection = window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection   //compatibility for firefox and chrome
      , pc = new myPeerConnection({iceServers:[turnConfig]})
      , noop = function(){};
    pc.createDataChannel("");    //create a bogus data channel
    pc.createOffer(function(sdp){
      if(sdp.sdp.indexOf('typ relay') > -1){ // sometimes sdp contains the ice candidates...
        promiseResolved = true;
        resolve(true);
      }
      pc.setLocalDescription(sdp, noop, noop);
    }, noop);    // create offer and set local description
    pc.onicecandidate = function(ice){  //listen for candidate events
      if(promiseResolved || !ice || !ice.candidate || !ice.candidate.candidate || !(ice.candidate.candidate.indexOf('typ relay')>-1))  return;
      promiseResolved = true;
      resolve(true);
    };
  });   
}

checkTURNServer({
            'url': 'turn:test.*****.com:3478',
            'credential': 'password',
            'username': 'username'
}).then(function(bool){
    console.log('is TURN server active? ', bool? 'yes':'no');
}).catch(console.error.bind(console));

I would be beyond grateful for any help, I'm starting to lose my marbles.

Many thanks.

Solution

  • 172.31.40.178 is in the private IP address range. Which means you are running STUN and TURN from behind a NAT. Nothing wrong with that, provided that you enabled ports 3478, 3479, and 5349 (UDP and TCP) to be forwarded to your server appropriately.

    You've left enough hints in your question to suggest that your server is running on Amazon EC2. If that is the case, the port forwarding is configured by the EC2 instance's security group. For the security group associated with this instance, enable a set of inbound rules for both UDP and TCP that allow ports 3478,3479,and 5349 for IP range 0.0.0.0/0. Also, check your VPC security group and netweork acl setting, but those are typically enabled wide-open by default.

    Otherwise, if you aren't on Amazon, your hosting provider or local NAT should be enabled to port-forward these ports to the server's IP.

    Also, double check to make sure your IPTable rules, if enabled, are not blocking traffic.