Search code examples
ioswebrtcipv6stunturn

How to setup Restund Turn Server with IPv6

I am using Restund for WebRTC. My Restund server currently works with IPv4. I am attempting to update my Restund server to work with both IPv4 and IPv6. I am having some troubles and could use some help.

My dilemma is that my Restund turn server no longer works with Cell Service on iOS Devices since the 10.2 update (When using T-Mobile and Sprint. Note: Verizon is still working). As I understand it, these carriers are now only communicating on IPv6. Other carriers have announced they will be switching soon.

One thing I have noticed is the need to use the "Local" IPv4 address from my eth0 network device as listed in ifconfig. Because of this, I also added the [::1] entries in case the IPv6 cases would require it. I also added the full IPv6 Address. So there are 3 entries for udp_listen, tcp_listen, and tls_listen.

In my example below, I've changed the real addresses to be example addresses.

I've included my /etc/restund.conf file below.

daemon                  yes
debug                   no
realm                   HOST
syncinterval            600
udp_listen              192.168.1.100:3478
udp_listen              [::1]:3478
udp_listen              [AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA]:3478
udp_sockbuf_size        524288
tcp_listen              192.168.1.100:3478
tcp_listen              [::1]:3478
tcp_listen              [AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA]:3478
tls_listen              192.168.1.100:3479,/etc/cert.pem
tls_listen              [::1]:3479,/etc/cert.pem
tls_listen              [AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA]:3479,/etc/cert.pem

# modules
module_path             /usr/local/lib/restund/modules
module                  stat.so
module                  binding.so
module                  auth.so
module                  turn.so
module                  syslog.so
module                  status.so

# auth
auth_nonce_expiry       3600
auth_shared_expiry      86400
# share this with your prosody server
auth_shared yoursecretthing
#auth_shared_rollover incaseyouneedtodokeyrollover

# turn
turn_max_allocations    512
turn_max_lifetime       600
turn_relay_addr         192.168.1.100
#turn_relay_addr6       ::1
turn_relay_addr6        AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA
turn_relay_addr6        ::1

# syslog
syslog_facility         24

# status
# 2/2/2017 Apparently only the first status is used, the second one is ignored.
#          I verified this by going to:
#            http://[AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA]:8080
#            http://PUBLIC_IPV4_ADDR:8080/
#          Only one would work at a time.
#          So I commented the IPv6 Addresses.
status_udp_addr         192.168.1.100
#status_udp_addr                AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA
status_udp_port         33000
status_http_addr        192.168.1.100
#status_http_addr       AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA
status_http_port        8080

After verifying Restund ran without errors, I verified that the appropriate TCP/UDP ports were now being listened to using netstat -nlp.

One concern I found in the netstat results, was the full IPv6 address only shows 4 of the 8 sets (AAAA:AAAA:AAAA:AAAA instead of AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA). I'm wondering if this is something I should be concerned about.

netstat -nlp
IPv4 && IPv6 [Full Address and ::1]
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.1.100:8080       0.0.0.0:*               LISTEN      11442/restund
tcp        0      0 192.168.1.100:3478       0.0.0.0:*               LISTEN      11442/restund
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1321/sshd
tcp        0      0 192.168.1.100:3479       0.0.0.0:*               LISTEN      11442/restund
tcp6       0      0 AAAA:AAAA:AAAA:AAAA:3478 :::*                    LISTEN      11442/restund
tcp6       0      0 ::1:3478                :::*                    LISTEN      11442/restund
tcp6       0      0 :::22                   :::*                    LISTEN      1321/sshd
tcp6       0      0 AAAA:AAAA:AAAA:AAAA:3479 :::*                    LISTEN      11442/restund
tcp6       0      0 ::1:3479                :::*                    LISTEN      11442/restund
udp        0      0 192.168.1.100:33000      0.0.0.0:*                           11442/restund
udp        0      0 192.168.1.100:3478       0.0.0.0:*                           11442/restund
udp        0      0 0.0.0.0:68              0.0.0.0:*                           927/dhclient
udp6       0      0 AAAA:AAAA:AAAA:AAAA:3478 :::*                                11442/restund
udp6       0      0 ::1:3478                :::*                                11442/restund

After all of these IPv6 additions to my /etc/restund.conf file, I am still unable to communicate via IPv6. Thanks in advance for any input!

Solution

  • This won't resolve your IPv6 issue, but it should make your code work for now.

    On January 27 T-Mobile Released a Carrier Update for iOS 10.2.1 Carrier 27.2: https://support.t-mobile.com/docs/DOC-32574

    Try Updating your Carrier Settings and it may fix the T-Mobile Issue.

    1. From the Home screen, tap Settings.
    2. Tap General
    3. Tap About and then review the Carrier Update Field.

    It should prompt you to update at this point if you haven't already. See if that resolves your problem with T-Mobile. They added an update that "Adds dual stack to improve app compatibility issues with iOS 10.2".