coturn + webrtc: хост за NAT не может подключиться к серверу включения

Я пытаюсь интегрировать совместное использование экрана с WebRTC на своем веб-сайте. Если я попытаюсь установить соединение между двумя браузерами Chrome на одном устройстве (обычным и инкогнито), все будет в порядке. Когда я пытаюсь установить соединение между моим браузером и другим компьютером из другой сети, это не удается. Поэтому я пытаюсь настроить сервер TURN.

Обе системы, в которых интегрирована функциональность WebRTC, и сервер TURN размещены на DomainFactory, где у меня нет прав root. По этой причине мне не удалось установить coturn через apt get. Пришлось установить вручную с гитхаба.

coturn конфигурация:

external-ip=[public ip of turn-server]
fingerprint
lt-cred-mech
user=[user]:[password]
realm=[turn-server url]
total-quota=100
bps-capacity=0
stale-nonce=600
cert=[path to certificate file]
pkey=[path to private key file]
log=[path to log file]
no-multicast-peers

Моя проблема: если хост совместного использования экрана находится за NAT, его IP-адрес по-прежнему является локальным и, похоже, не подключается к серверу TURN.

Это результаты https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ для хоста за NAT:

Time    Component   Type    Foundation  Protocol    Address Port    Priority
0.003   rtp host    2448344806  udp 63e84acb-f85e-4ba8-b012-595df04e86ec.local  52272   126 | 30 | 255
39.823  Done
39.825

И вот результаты, если я попытаюсь проверить соединение TURN из другой сети без NAT с тем же примером приложения WebRTC:

Time    Component   Type    Foundation  Protocol    Address Port    Priority
0.005   rtp host    3661447420  udp 192.168.0.70    51584   126 | 32542 | 255
0.006   rtp host    4036240074  udp 192.168.178.30  51585   126 | 32286 | 255
0.105   rtp host    2495527948  tcp 192.168.0.70    9   90 | 32542 | 255
0.105   rtp host    3189235258  tcp 192.168.178.30  9   90 | 32286 | 255
0.122   rtp relay   1181488584  udp 176.221.47.80   51563   1 | 32286 | 255
0.122   Done
0.123

поворот журнала:

0: log file opened: [path to log]
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.3 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 4096
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 2000 (approximately)
0:

==== Show him the instruments, Practical Frost: ====

0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.2l  25 May 2017 (0x100020cf)
0:
0: SQLite supported, default database location is [path to turndb]
0: Redis is not supported
0: PostgreSQL supported
0: MySQL is not supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

0: Domain name:
0: Default realm: [realm]
0:
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
0: SSL23: Certificate file found: [path to certificate file]
0: SSL23: Private key file found: [path to private key file]
0: TLS1.0: Certificate file found: [path to certificate file]
0: TLS1.0: Private key file found: [path to private key file]
0: TLS1.1: Certificate file found: [path to certificate file]
0: TLS1.1: Private key file found: [path to private key file]
0: TLS1.2: Certificate file found: [path to certificate file]
0: TLS1.2: Private key file found: [path to private key file]
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: [path to certificate file]
0: DTLS: Private key file found: [path to private key file]
0: DTLS1.2: Certificate file found: [path to certificate file]
0: DTLS1.2: Private key file found: [path to private key file]
0: DTLS cipher suite: DEFAULT
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: [localhost]
0: Listener address to use: [public ip1]
0: Listener address to use: [public ip2]
0: Listener address to use: [public ip3]
0: Listener address to use: [ipv6 localhost]
0: Listener address to use: [ipv6 public]
0: =====================================================
0: Total: 4 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: [public ip1]
0: Relay address to use: [public ip2]
0: Relay address to use: [public ip3]
0: Relay address to use: [ipv6 public]
0: =====================================================
0: Total: 4 relay addresses discovered
0: =====================================================
0: Cannot create pid file: /var/run/turnserver.pid
0: pid file created: /var/tmp/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
0: Wait for relay ports initialization...
0:   relay [public ip1] initialization...
0:   relay [public ip1] initialization done
0:   relay [public ip2] initialization...
0:   relay [public ip2] initialization done
0:   relay [public ip3] initialization...
0:   relay [public ip3] initialization done
0:   relay [ipv6 public] initialization...
0:   relay [ipv6 public] initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: IPv4. TLS/TCP listener opened on : [localhost]:3478
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=2 created
0: IPv4. TLS/TCP listener opened on : [localhost]:3478
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=3 created
0: IPv4. DTLS/UDP listener opened on: [localhost]:3478
0: IPv4. DTLS/UDP listener opened on: [localhost]:5349
0: IPv4. DTLS/UDP listener opened on: [public ip1]:3478
0: IPv4. DTLS/UDP listener opened on: [public ip1]:5349
0: IPv4. DTLS/UDP listener opened on: [public ip2]:3478
0: IPv4. DTLS/UDP listener opened on: [public ip2]:5349
0: IPv4. DTLS/UDP listener opened on: [public ip3]:3478
0: IPv4. DTLS/UDP listener opened on: [public ip3]:5349
0: IPv6. DTLS/UDP listener opened on: [ipv6 localhost]:3478
0: IPv6. DTLS/UDP listener opened on: [ipv6 localhost]:5349
0: IPv6. DTLS/UDP listener opened on: [ipv6 public]:3478
0: IPv6. DTLS/UDP listener opened on: [ipv6 public]:5349
0: Total General servers: 4
0: IPv4. TLS/TCP listener opened on : [localhost]:5349
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: [path to turndb]
0: IPv4. TLS/TCP listener opened on : [localhost]:3478
0: IO method (admin thread): epoll (with changelist)
0: IPv4. TLS/TCP listener opened on : [public ip1]:3478
0: IPv4. TLS/TCP listener opened on : [localhost]:5349
0: IPv4. TLS/TCP listener opened on : [localhost]:3478
0: IPv4. TLS/TCP listener opened on : [public ip1]:3478
0: IPv4. TLS/TCP listener opened on : [localhost]:5349
0: IPv4. TLS/TCP listener opened on : [public ip1]:5349
0: IPv4. TLS/TCP listener opened on : [public ip1]:3478
0: IPv4. TLS/TCP listener opened on : [public ip2]:3478
0: IPv4. TLS/TCP listener opened on : [public ip1]:5349
0: IPv4. TLS/TCP listener opened on : [public ip1]:5349
0: IPv4. TLS/TCP listener opened on : [public ip2]:3478
0: IPv4. TLS/TCP listener opened on : [public ip2]:5349
0: IPv4. TLS/TCP listener opened on : [public ip2]:5349
0: IPv4. TLS/TCP listener opened on : [public ip2]:3478
0: IPv4. TLS/TCP listener opened on : [public ip3]:3478
0: IPv4. TLS/TCP listener opened on : [localhost]:5349
0: IPv4. TLS/TCP listener opened on : [public ip3]:3478
0: IPv4. TLS/TCP listener opened on : [public ip2]:5349
0: IPv4. TLS/TCP listener opened on : [public ip3]:5349
0: IPv4. TLS/TCP listener opened on : [public ip1]:3478
0: IPv4. TLS/TCP listener opened on : [public ip3]:3478
0: IPv4. TLS/TCP listener opened on : [public ip3]:5349
0: IPv6. TLS/TCP listener opened on : [ipv6 localhost]:3478
0: IPv4. TLS/TCP listener opened on : [public ip1]:5349
0: IPv4. TLS/TCP listener opened on : [public ip3]:5349
0: IPv6. TLS/TCP listener opened on : [ipv6 localhost]:5349
0: IPv6. TLS/TCP listener opened on : [ipv6 localhost]:3478
0: IPv4. TLS/TCP listener opened on : [public ip2]:3478
0: IPv6. TLS/TCP listener opened on : [ipv6 localhost]:5349
0: IPv6. TLS/TCP listener opened on : [ipv6 public]:3478
0: IPv6. TLS/TCP listener opened on : [ipv6 public]:3478
0: IPv6. TLS/TCP listener opened on : [ipv6 localhost]:3478
0: IPv6. TLS/TCP listener opened on : [ipv6 public]:5349
0: IPv6. TLS/TCP listener opened on : [ipv6 public]:5349
0: IPv4. TLS/TCP listener opened on : [public ip2]:5349
0: IPv6. TLS/TCP listener opened on : [ipv6 localhost]:5349
0: IPv4. TLS/TCP listener opened on : [public ip3]:3478
0: IPv6. TLS/TCP listener opened on : [ipv6 public]:3478
0: IPv4. TLS/TCP listener opened on : [public ip3]:5349
0: IPv6. TLS/TCP listener opened on : [ipv6 public]:5349
0: IPv6. TLS/TCP listener opened on : [ipv6 localhost]:3478
0: IPv6. TLS/TCP listener opened on : [ipv6 localhost]:5349
0: IPv6. TLS/TCP listener opened on : [ipv6 public]:3478
0: IPv6. TLS/TCP listener opened on : [ipv6 public]:5349
269933: handle_udp_packet: New UDP endpoint: local addr [public ip1]:5349, remote addr [ip without NAT]:49333
269933: session 003000000000000012: realm <[realm]> user <>: incoming packet BINDING processed, success
269933: session 003000000000000012: realm <[realm]> user <>: incoming packet message processed, error 401: Unauthorized
269933: IPv4. Local relay addr: [public ip1]:52030
269933: session 003000000000000012: new, realm=<[realm]>, username=<[user]>, lifetime=600
269933: session 003000000000000012: realm <[realm]> user <[user]>: incoming packet ALLOCATE processed, success
269943: session 003000000000000012: realm <[realm]> user <[user]>: incoming packet BINDING processed, success
269953: session 003000000000000012: realm <[realm]> user <[user]>: incoming packet BINDING processed, success
269963: session 003000000000000012: realm <[realm]> user <[user]>: incoming packet BINDING processed, success
269970: session 003000000000000012: refreshed, realm=<[realm]>, username=<[user]>, lifetime=0
269970: session 003000000000000012: realm <[realm]> user <[user]>: incoming packet REFRESH processed, success
269971: session 003000000000000012: usage: realm=<[realm]>, username=<[user]>, rp=7, rb=332, sp=7, sb=720
269971: session 003000000000000012: peer usage: realm=<[realm]>, username=<[user]>, rp=0, rb=0, sp=0, sb=0
269971: session 003000000000000012: closed (2nd stage), user <[user]> realm <[realm]> origin <>, local [public ip1]:5349, remote [ip without NAT]:49333, reason: allocation timeout
269971: session 003000000000000012: delete: realm=<[realm]>, username=<[user]>
269996: IPv4. tcp or tls connected to: [ip without NAT]:59678
269996: session 000000000000000016: realm <[realm]> user <>: incoming packet message processed, error 401: Unauthorized
269996: IPv4. Local relay addr: [public ip1]:64039
269996: session 000000000000000016: new, realm=<[realm]>, username=<[user]>, lifetime=600
269996: session 000000000000000016: realm <[realm]> user <[user]>: incoming packet ALLOCATE processed, success

Я новичок в TURN и WebRTC, поэтому мне было бы неплохо помочь :)


javascript webrtc coturn rfc5766turnserver
person alex_i    schedule 27.11.2020    source источник
comment
Привет, не могли бы stackoverflow.com/questions/59906509/ поможет вам каким-то образом?   -  person Yennefer    schedule 27.11.2020

Ответы (1)


arrow_upward
1
arrow_downward

Первая попытка собрать кандидатов ICE с помощью примера приложения WebRTC показала, что были обнаружены только кандидаты на хост.

Это означает, что либо настройки TURN были неправильными (неправильный URL-адрес или неправильные учетные данные), либо компьютер не смог подключиться к серверу TURN на данном порту.

Существуют условия NAT, запрещающие доступ к внешним портам, отличным от заданного предустановки, например порт 443 TCP (по умолчанию для HTTPS).

В качестве эксперимента вы можете попробовать настроить coturn для прослушивания порта 443 TCP и снова попробовать приложение для сбора данных ICE.

В общем, такие приложения, как Wireshark, позволяют захватывать сетевой трафик на вашем компьютере и проверять, куда идут запросы и есть ли какой-либо ответ от сервера TURN (вы можете использовать фильтр stun).

person giavac    schedule 17.03.2021