WebRTC Trickle ICE with TURN with connections over internet

2
votes

I cannot form a WebRTC connection between browsers using two separate public IP addresses that are behind a NAT (a.k.a. regularly over the internet) that do not allow connecting using STUN information only and instead require TURN server assistance.

I have already had success with forming connections in LAN, but so far I haven't came across ANY instructions on how to form a simple TURN-based connection with javascript webrtc. It seems that all the tutorials are happy when they receive "typ relay" type of sdp and end there. I got the "typ relay" sdp from my coturn as well, however I never got the ICE to connect using TURN over internet and I have found no instructions that instruct on this case (which I recon should be quite typical).

My best effort according to firefox's about:webrtc -page has provided me ICE connection effort where both remote and local candidates of the raw connections of ICE are turn-relay addresses with correct TURN server public IP and UDP port. However this ICE connection fails for a reason unknown to me.

Also, I've tried to find all mystical security requirements related to TURN server, however I'm not sure what level of settings exactly are required by Chrome or Firefox. My current coturn config is as follows:

external-ip=13.X.X.X/172.X.X.X
listening-port=3478
log-file=stdout
lt-cred-mech
max-port=36980
min-port=36940
fingerprint
no-cli
realm=example.com
user=usernamehere:passwordhere
verbose
cert=/etc/letsencrypt/live/example.com/cert.pem
pkey=/etc/letsencrypt/live/example.com/privkey.pem
no-sslv2
no-sslv3

I would love to see a tutorial or instructions where someone has made a simple code that IS ACTUALLY USED to pass data accross internet using webrtc and TURN server. So far i've found examples with same browser only, using websockets or success with STUN information.

Just having the ICE connection successfully form would make my day.

EDIT: Turns out (pun intended) that my signaling method was too slow. To use UDP-based TURN relay server, you need to deliver candidates faster than my signaling method (human copypaste to another tab) did. Websockets provide a method for delivering signaling info fast enough.

1
webrtcturn
You can still test relay/turn only connection using existing "tab to tab" test pages in the same browser. In your RTCIceTransportPolicy object, if you put ice transport policy to relay instead of default ( which is all ), then your current webRTC session will try to be established using only relay/turn candidates even they are in same network.Pallab Gain
This will speed up debugging for sure, Thanks!Kridls_834
Okay, my first new error using this is DOMException "Unknown ufrag (121212ff)"Kridls_834
Hi @Kridls_834, I am facing the same issue. Were you able to resolve this?Prakhar Patidar

1 Answers

0
votes

You usually can simply add your TURN-Credentials here: 

config: {
 'iceServers': [
     { url: 'stun:stun.l.google.com:19302' },
     {
         url: 'turn:domain:port',
         credential: 'password',
         username: 'username'
    }
 ]
}

I always use following TURN-config:

listening-port=80
listening-ip=internalIP //can be empty
relay-ip=intermalIP //can be empty
external-ip=publicIP
realm=yourDomain
server-name=yourDomain
lt-cred-mech
user=User:Pass