Skip to content

rgl/coturn-playground

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.github/workflows
.github/workflows
 
 
turn-ping
turn-ping
 
 
Dockerfile.coturn
Dockerfile.coturn
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 
turnserver.conf
turnserver.conf
 
 

Repository files navigation

About

build

This is a coturn playground for playing with Session Traversal Utilities for NAT (STUN) and Traversal Using Relays around NAT (TURN).

Usage

Edit the turnserver.conf IP address and use it through this example.

NB This example assumes 10.3.0.1.

Start the coturn server:

docker compose up --build

NB You might need to configure the firewall.

In another shell, initialize it:

docker compose exec coturn sqlite3 /var/lib/coturn/turndb .schema
docker compose exec coturn turnadmin --userdb /var/lib/coturn/turndb --add-admin --realm coturn --user admin --password admin
docker compose exec coturn turnadmin --userdb /var/lib/coturn/turndb --add --realm coturn --user alice --password alice
docker compose exec coturn turnadmin --userdb /var/lib/coturn/turndb --list-admin
docker compose exec coturn turnadmin --userdb /var/lib/coturn/turndb --list

And try it:

cd turn-ping
docker build --tag turn-ping .
docker run --rm turn-ping -host 10.3.0.1 -port 3478 -realm coturn -user alice=alice -protocol tcp
docker run --rm turn-ping -host 10.3.0.1 -port 3478 -realm coturn -user alice=alice -protocol udp

Also try it with the Trickle ICE WebRTC sample:

  • STUN or TURN URI: turn:10.3.0.1:3478
  • TURN username: alice
  • TURN password: alice
  • IceTransports value: relay

The setup is working when you see a rtp relay line.

Destroy everything:

docker compose down --remove-orphans --volumes

iptables rules

Edit the saved rules:

vim /etc/iptables/rules.v4

Add the required rules:

-A INPUT -p tcp -m state --state NEW -m multiport --dports 3478:3479 -j ACCEPT
-A INPUT -p udp -m multiport                      --dports 3478:3479 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m multiport --dports 49160:49200 -j ACCEPT
-A INPUT -p udp -m multiport                      --dports 49160:49200 -j ACCEPT

Reboot to apply:

NB We reboot because we are also using docker, which dynamically creates iptables rules, and since we do not want to save those, we cannot just do a iptables-restore /etc/iptables/rules.v4.

reboot

Notes

  • Instead of configuring all the users in the coturn server using lt-cred-mech, you might want to use use-auth-secret and static-auth-secret, and have your signaling server generate temporary credentials.
  • You might want to prevent coturn from relaying traffic to your internal network by using denied-peer-ip and allowed-peer-ip.

References

About

coturn playground

Topics

stun turn webrtc coturn

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 1

v0.0.1 Latest
Jul 3, 2023

Packages

No packages published

Languages