Using internal TURN server

Yossi

New Member
Hi, I'm using WSC 5.2 from marketplace on AWS and I'm trying to use the internal TURN server and I'll appreciate some help here.
It seems that the TURN server failed to listen on port 3478 on the external interface.

I followed this document: https://docs.flashphoner.com/display/WCS52EN/TURN+server

My conf file:

Code:
# Config flashphoner.properties
# To get more settings:
# ssh -p 2001 admin@localhost
# default password: admin
# show node-settings
# show node-settings | grep port

#server ip
ip                     =external_ip
ip_local               =internal_ip

#webrtc ports range
media_port_from        =31001
media_port_to          =32000

#codecs
codecs                   =opus,alaw,ulaw,g729,speex16,g722,mpeg4-generic,telephone-event,h264,vp8,flv,mpv
codecs_exclude_sip       =mpeg4-generic,flv,mpv
codecs_exclude_streaming =flv,telephone-event
codecs_exclude_sip_rtmp  =opus,g729,g722,mpeg4-generic,vp8,mpv

#websocket ports
ws.port                 =8080
wss.port                =8443

client_mode=false

rtc_ice_add_local_component=true


turn_ip=external_ip
turn_ip_local=internal_ip
turn_port=3478
turn_password=coM77EMrV7Cwhyan
turn_media_port_from=36001
turn_media_port_to=37000
turn_media_ports_auditor_interval=5000
turn_media_ports_auditor_max_attempts=3
turn.server_channel_receive_buffer_size=1048576
turn.server_channel_send_buffer_size=1048576
I tried:
[1] Set turn_ip to my be the same as ip and turn_local_ip to be as the same as local_ip - I got an error Server - main Error while init TURN server! Failed to bind to: /the_external_ip:3478
[2] Remove both - The same as above
[3] Set them both to 0.0.0.0 - bind to 0.0.0.0 but not visible from outside

Few lines from the logs:
Code:
14:40:53,569 INFO         PluginManager - main Initialized plugin Plugin[type=SSHPlugin,interface=SSHPlugin]
14:40:53,569 INFO         PluginManager - main Initialized plugin Plugin[type=SSHInlinePlugin,interface=CommandPlugin]
14:40:53,576 ERROR               Server - main Error while init  TURN server! Failed to bind to: /external_ip:3478
14:40:53,578 INFO        SipTrunkConfig - main No sip trunk config, load default
14:40:53,578 INFO  tchDogServerRegister - main Starting WatchDogServer ...
 

Max

Administrator
Staff member
Good day.
You should not set turn_ip parameter to external IP address on AWS instance, because the instanse is behind NAT, and server have only internal IP interface. So you should set
Code:
turn_ip=internal_ip
and remove turn_ip_local parameter from config
Please also don't forget to open port 3478 in security group, in this case this port will be forwarded to instance.
 

Yossi

New Member
Thanks. I still can't access to this port.
  • The port is opened on the inbound rules on AWS security groups (And there is no other firewall, and I can access all the other ports)
  • I've set turn_ip=internal_ip and remove turn_local_ip. (I also tried to remove both which gave the same result.
Now the turn server bind to the internal_ip but I can't reach it.

I've attached the full log file (Note that I've replaced the public ip with "PUBLIC_IP")

list of the listening ports:
sudo lsof -i -P -n | grep LISTEN

rpcbind 1900 rpc 8u IPv4 16761 0t0 TCP *:111 (LISTEN)
rpcbind 1900 rpc 11u IPv6 16766 0t0 TCP *:111 (LISTEN)
master 2421 root 13u IPv4 19501 0t0 TCP 127.0.0.1:25 (LISTEN)
sshd 2679 root 3u IPv4 20740 0t0 TCP *:22 (LISTEN)
sshd 2679 root 4u IPv6 20742 0t0 TCP *:22 (LISTEN)
java 2687 root 58u IPv4 20882 0t0 TCP 127.0.0.1:44817 (LISTEN)
java 2687 root 60u IPv4 21581 0t0 TCP 127.0.0.1:50999 (LISTEN)
java 2687 root 62u IPv4 21583 0t0 TCP *:45743 (LISTEN)
java 2687 root 66u IPv4 21591 0t0 TCP *:1098 (LISTEN)
java 2687 root 68u IPv4 21022 0t0 TCP *:8081 (LISTEN)
java 2687 root 84u IPv4 21024 0t0 TCP *:9091 (LISTEN)
java 2687 root 88u IPv4 21026 0t0 TCP *:8444 (LISTEN)
java 2687 root 92u IPv4 21028 0t0 TCP *:8888 (LISTEN)
java 2687 root 104u IPv4 21099 0t0 TCP *:1935 (LISTEN)
java 2687 root 111u IPv4 21668 0t0 TCP *:8080 (LISTEN)
java 2687 root 112u IPv4 21674 0t0 TCP *:8082 (LISTEN)
java 2687 root 118u IPv4 21670 0t0 TCP *:8443 (LISTEN)
java 2687 root 122u IPv4 21672 0t0 TCP *:843 (LISTEN)
java 2687 root 127u IPv4 21676 0t0 TCP *:8445 (LISTEN)
java 2687 root 131u IPv4 21678 0t0 TCP *:554 (LISTEN)
java 2687 root 135u IPv4 21685 0t0 TCP *:2001 (LISTEN)
java 2687 root 140u IPv4 21688 0t0 TCP *:2002 (LISTEN)
java 2687 root 141u IPv4 21690 0t0 TCP internal_ip:3478 (LISTEN)
 

Attachments

Max

Administrator
Staff member
Please update to build 5.2.798 or later, then test again.
If the update does not help, please clarify: did you try to enable Force relay switch?
1613027883759.png

If nothing helps, please try to publish stream via Firewall Traversal Streaming example, collect a report as described here and send using this form. Or you can provide us SSH access to the instance using this form, we will check.
 

Yossi

New Member
Thanks Max!
I'm using the latest of WSC that on AWS marketplace which is 5.2.780

I enable force relay switch, but the point is that the port is not open at all on the public ip (tested via telnet from outside)
I sent you the SSH access information through the link you provided.
 

Max

Administrator
Staff member
The port 3478 is closed by iptables by default. So you should either add the rule
Code:
sudo iptables -I INPUT 24 -p tcp --dport 3478 -j ACCEPT
or clean rules at all (it's safe because the instance is behind security group NAT)
Code:
sudo iptables -F
Then you should update WCS to build 5.2.798 because turn_ip_local parameter does not work in 5.2.780 yet
Code:
cd /usr/local/FlashphonerWebCallServer/bin
./webcallserver update 798
Then you can omit the parameter turn_ip because default settinng can be used.
Another option is to use coturn on the same instance as described here. In this case, you can use port 443 for coturn, this port is opened in iptables by default.
 
Top