2
votes

I am trying to run Coturn in a Google Cloud Ubuntu instance.

In a fresh VM installed coturn using: sudo apt install coturn

I created a certificate file with the private key and update the /etc/turnserver.conf:

listening-port=3478
tls-listening-port=5349
listening-ip=10.128.0.2
relay-ip=10.128.0.2
external-ip=35.192.224.52/10.128.0.2
lt-cred-mech
userdb=/var/lib/turn/turndb
user=attitudemarketing:password
cert=cert.crt
pkey=private.key
no-stdout-log

Everything seems to be running but when I try the Trickle Ice: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ It doesn't seem to be working

And this is the log file from coturn:

0: log file opened: /var/log/turn_1978_2017-10-12.log
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0:   relay 10.128.0.2 initialization...
0:   relay 10.128.0.2 initialization done
0:   relay ::1 initialization...
0:   relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: IPv4. TCP listener opened on : 127.0.0.1:3478
0: IPv4. TCP listener opened on : 127.0.0.1:3479
0: IPv4. TCP listener opened on : 10.128.0.2:3478
0: IPv4. TCP listener opened on : 10.128.0.2:3479
0: IPv6. TCP listener opened on : ::1:3478
0: IPv6. TCP listener opened on : ::1:3479
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IPv4. TCP listener opened on : 127.0.0.1:3478
0: IPv4. TCP listener opened on : 127.0.0.1:3479
0: IPv4. TCP listener opened on : 10.128.0.2:3478
0: IPv4. TCP listener opened on : 10.128.0.2:3479
0: IPv6. TCP listener opened on : ::1:3478
0: IPv6. TCP listener opened on : ::1:3479
0: IPv4. UDP listener opened on: 127.0.0.1:3478
0: IPv4. UDP listener opened on: 127.0.0.1:3479
0: IPv4. UDP listener opened on: 10.128.0.2:3478
0: IPv4. UDP listener opened on: 10.128.0.2:3479
0: IPv6. UDP listener opened on: ::1:3478
0: IPv6. UDP listener opened on: ::1:3479
0: Total General servers: 2
0: IO method (auth thread): epoll (with changelist)
0: IO method (admin thread): epoll (with changelist)
0: IPv4. CLI listener opened on : 127.0.0.1:5766
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/lib/turn/turndb

I'm not sure if it's working or if it's blocked because it's inside of Google cloud VM.

2
I think you need to open up the ports on the firewall. Try opening up port 3478 and 5349 with the following instructions.Kyle

2 Answers

5
votes

I've recently set up a coturn server on an AWS Ubuntu EC2 instance. The process should be the same for the Google Cloud Instance.

First of all, make sure following inbound ports are opened (TCP&UDP):

  • 3478 and 3479 (standard listening-port and alternative listening port)
  • 5349 and 5350 (standard tls-listening-port and alternative tls-listening-port)
  • 49152 - 65535 (standard relay ports)

For testing purposes, until your server is reachable, id add the following to the turnserver.conf:

no-tls
no-dtls
verbose

In general, you also need to add fingerprint to your config.

For the explanation of these, check this. I'd also delete cert=cert.crt and pkey=private.key from your config for now.

At this point, you should be able to reach your server from a remote computer. The best way to test this usually is just going to the browser at your remote machine, and go to "your-public-ip":3478.

If the server is reachable, you should see the following in the browser:

pic

If not, try the following:

  • delete listening-ip, relay-ip, external-ip and listening-port from the turnserver.conf and let coturn decide on its own (this works for me on AWS EC2)

  • set the listening-port to 80 and the alt-listening-port to 443 and open the ports on your server. This will help against very strict firewalls but I don't think this should be the issue on a Google VM.

3
votes

Sorry for late post,but this works explicitly for GCP usage. Coturn needs almost all ports of UDP. You need to turn on UDP ports on external GCP firewall. Unlike other cloud,GCP need manual add firewall rule to enable remote input.

Control Pane > VM instances

find your VM and click "see network detail".

You'll see "VPC Network" page,then go for "Firewall Rules"and "Add Firewall Rule".

Set "Targets" to "All instances"(or Tags as your choice) set "protocols and ports rule" and enable UDP ports.

This should work to test on tools like Trickle ICE.