New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Open
bruke291 opened this issue
Jan 7, 2021
· 28 comments
Comments
Hi everybody,
First, many thanks to everybody and so sorry for my English.
I’m beginer in this, i installed and configured Coturn, it looks good. But when i tried test with Trickle ICE tools i got error 701:
I have tried everything but it still fails.
Please help me!
Thanks and best regards!
@misi can you help me look into it please
Dear @misi,
Thanks for supporting me.
Im suspecting the problem is that there are some un-open ports between min-port 49152 and max-port 65535, because i checked stun/turn url on browser and both port 3478 and 5349 are open.
This is the list of detail specs:
I would appreciate it very much if you could provide me with a more detailed explanation or support, since my experience with setting up the server is still quite limited.
Thank you very much!
@bruke291 Unfortunately I am busy with the actual release. I can support you only latter..
Many thanks for your patience..
Have you tested that from your browser machine you can create a tcp connection to the server tcp port?
I use in my example server ip 127.0.0.1
You should see if e.g. telnet server port that telnet connection established.. connected
$ telnet 127.0.0.1 3478
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
And on server you should see if started with --verbose option
4: : IPv4. tcp or tls connected to: 127.0.0.1:47310
@bruke291 Unfortunately I am busy with the actual release. I can support you only latter..
Many thanks for your patience..
@misi please, take your time. I appreciate all the help you have given me so far. Thank you very much!
Have you tested that from your browser machine you can create a tcp connection to the server tcp port?
I use in my example server ip 127.0.0.1You should see if e.g. telnet server port that telnet connection established..
connected$ telnet 127.0.0.1 3478 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'.And on server you should see if started with
--verboseoption4: : IPv4. tcp or tls connected to: 127.0.0.1:47310
Yes i can create a tcp connection to my server with tcp port.
Im using this command:
telnet 127.0.0.1 3478
and the result is the same as yours
29: IPv4. tcp or tls connected to: 127.0.0.1:59062
And when I apply the specs to the WebRTC demo, it works. But when i tried to test my STUN/TURN server on Trickle ICE I got an error like the Issue Title.
Same issue here!
No changes from the server config, this is working before but now this error message keep showing.
In my case, I added ?transport=tcp and it’s working immediately because I opened the port as TCP.
Check whether you open the port as UDP or TCP.
Same issue here!
No changes from the server config, this is working before but now this error message keep showing.
Update: In Firefox browser, no message shown related to that error. This message can only be seen on Chrome.
For me the cause of timeout was that I set up coturn without providing credentials.
Here is how I started the server:
turnserver or turnserver --no-auth
When I tried to test this server with Trickle Ice, Google Chrome after a minute of wait showed «Not reachable» and in webrtc-internals I can see TURN allocate request timed out.
In Firefox i also got «Not reachable» and in webrtc log i could see Missing MESSAGE-INTEGRITY.
I did some checks with tcpdump and found out that server successfully received and processed TURN ALLOCATE request and responded back to the client. I also validated that response was received on the client-side.
As I understand, when coturn is used without auth, MESSAGE-INTEGRITY attribute is not included in the response and browsers reject such responses. Interestingly enough, unsafely-treat-insecure-origin-as-secure flag in chromium seems to disable message integrity validation and turn server check works fine!
TL/DR: Adding --auth=<user>:<password> --lt-cred-mech to the startup command fixed the issue for me:
turnserver --user=user:12345678 --lt-cred-mech
In my case, I added ?transport=tcp and it’s working immediately because I opened the port as TCP.
Check whether you open the port as UDP or TCP.
This was the case for me, I had not open the port 3478 UDP, only 3478 TCP. After opening the port it was fixed.
I was getting this error with the trickle-ice sample in Chrome and «401: Unauthorized» in the turnserver log, apparently because the realm wasn’t set in /etc/turnserver.conf, and the domainname wasn’t set on the EC2 machine that I was testing coturn on. The comment in turnserver.conf says that in this case realm will default to an empty string, which seems to fail in Chrome, but works in Firefox.
I think the fix for this case should be that coturn explicitly disallows an empty realm, or uses a valid string default, instead of defaulting to «».
Hi @misi
I am facing an error message 701 in Gathering candidates of TURN server, could you please help:-
i have already started my turn server in terminal:-
after that i have gone to WebRTC ICE checking:-
As, you can see above there is an error 701 coming, so can you please tell that why am getting this error, following changes i have also done:-
1:- Checked my turnserver.conf file , but have only port 3478 opened in it.
2:- have also added (—auth=: —lt-cred-mech) in turnserver.conf file
3:- checked the firewall settings, have the port TCP opened in that
Any help, will be really appreciated.
got the same problem
All port are open, test telnet connection: OK, firefox: 0 error message, Chrome:
Note: errors from onicecandidateerror above are not neccessarily fatal. For example an IPv6 DNS lookup may fail but relay candidates can still be gathered via IPv4.
The server turn:turnxxxxxxxxx:3478?transport=tcp returned an error with code=701:
TURN host lookup received error.
any help will be appreciated
I am also facing this issue.
I have a server that I access using ssh and I port forward the ports. I have port forwarded required ports, i.e. 3478, 5349, and a small range of ports:
min-port=49152
max-port=49155
I am able to access the Turn server (I get the «Done» in the Trickle ICE page on using transport as TCP [turn:localhost:3478?transport=tcp]). However, I’m unable to access the STUN server. The error is:
The server stun:localhost:3478 returned an error with code=701:
STUN allocate request timed out.
The page says: On the server, I am getting responses on running turnutils_stunclient -p 3478 localhost.
I feel I should set some configuration in order to get stun response to work over ssh.
I’m using VPN in the client when got the 701 error.
After turned off the VPN, the check passed.
I’m using VPN in the client when got the 701 error. After turned off the VPN, the check passed.
I have the same problem.
1: IO method (general relay thread): epoll (with changelist) 1: turn server id=0 created 1: IPv4. SCTP listener opened on : 0.0.0.0:3478 1: IPv4. TCP listener opened on : 0.0.0.0:3478 1: IPv4. UDP listener opened on: 0.0.0.0:3478 1: Total General servers: 2 1: IO method (admin thread): epoll (with changelist) 1: IO method (auth thread): epoll (with changelist) 1: IO method (auth thread): epoll (with changelist) 1: SQLite DB connection success: /var/lib/turn/turndb 4: handle_udp_packet: New UDP endpoint: local addr 0.0.0.0:3478, remote addr 79.184.37.15:55434 4: session 001000000000000001: realm <webrtcserver.itstream.app> user <>: incoming packet BINDING processed, success 9: handle_udp_packet: New UDP endpoint: local addr 0.0.0.0:3478, remote addr 79.184.37.15:63833 9: session 000000000000000001: realm <webrtcserver.itstream.app> user <>: incoming packet BINDING processed, success 14: session 001000000000000001: realm <webrtcserver.itstream.app> user <>: incoming packet BINDING processed, success 19: session 000000000000000001: realm <webrtcserver.itstream.app> user <>: incoming packet BINDING processed, success
it looks like my server starting without port i specified as TLS in turnserver.conf:
@ideviant @namdoel1412 It looks like your VPN is blocking the access to your TURN server. Can you check it is reachable like mentioned here #678 (comment) ?
Also can you check if your turn server is receiving any packet from your client with a packet sniffer?
I can take a look if you can provide that.
Okay, same problem here. TURN server is in container, I’ve mapped ports 3478 tcp/udp. 5349 tcp/udp, 10000-20000 udp
turnserver.conf
listening-port=3478
external-ip=my-extern-ip
min-port=10000
max-port=20000
fingerprint
verbose
no-auth
userdb=/var/lib/turn/turndb
realm=my-domain-name
syslog
tcpdump
21:14:30.691873 IP 109.252.33.32.1123 > 192.168.3.182.3478: UDP, length 20
21:14:30.692288 IP 192.168.3.182.3478 > 109.252.33.32.1123: UDP, length 92
21:14:30.752859 IP 109.252.33.32.1123 > 192.168.3.182.3478: UDP, length 28
21:14:30.753090 IP 192.168.3.182.3478 > 109.252.33.32.1123: UDP, length 88
21:14:30.824169 IP 109.252.33.32.1123 > 192.168.3.182.3478: UDP, length 68
21:14:30.824325 IP 192.168.3.182.3478 > 109.252.33.32.1123: UDP, length 64
syslog (realm omitted)
Nov 16 21:14:30 turn turnserver: 8: : session 001000000000000001: realm <> user <>: incoming packet BINDING processed, success
Nov 16 21:14:30 turn turnserver: 8: : IPv4. Local relay addr: 192.168.3.182:11868
Nov 16 21:14:30 turn turnserver: 8: : session 001000000000000001: new, realm=<>, username=<>, lifetime=600
Nov 16 21:14:30 turn turnserver: 8: : session 001000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
Nov 16 21:14:30 turn turnserver: 8: : session 001000000000000001: refreshed, realm=<>, username=<>, lifetime=0
Nov 16 21:14:30 turn turnserver: 8: : session 001000000000000001: realm <> user <>: incoming packet REFRESH processed, success
Nov 16 21:14:31 turn turnserver: 9: : session 001000000000000001: usage: realm=<>, username=<>, rp=3, rb=116, sp=3, sb=244
Nov 16 21:14:31 turn turnserver: 9: : session 001000000000000001: peer usage: realm=< >, username=<>, rp=0, rb=0, sp=0, sb=0
Nov 16 21:14:31 turn turnserver: 9: : session 001000000000000001: closed (2nd stage), user <> realm < > origin <>, local 192.168.3.182:3478, remote 109.252.33.32:1123, reason: allocation timeout
Nov 16 21:14:31 turn turnserver: 9: : session 001000000000000001: delete: realm=< >, username=<>
and «server returned code 701»
Hi @tarkhil
You are setting port range to 10000-20000 — can you pls verify if this port range is actually in the range of ephemeral ports that is used by OS of your container, host, and also exposed by the host? To my knowledge, it is not given that 10000-20000 will just work on any system.
I use debian based images (building my own) and setting port range to 32768-60999 and also explicitly allowing them in security group of infrastructure provider.
I’ve configured coturn on different server, with external IP (no port mapping).
Ports are opened on firewall (checked)
here is my tcpdump
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:41:55.466592 IP 109.252.33.32.1340 > 88.212.205.9.3478: UDP, length 20
21:41:55.466759 IP 88.212.205.9.3478 > 109.252.33.32.1340: UDP, length 96
21:41:55.527076 IP 109.252.33.32.1340 > 88.212.205.9.3478: UDP, length 28
21:41:55.527206 IP 88.212.205.9.3478 > 109.252.33.32.1340: UDP, length 80
21:41:55.589623 IP 109.252.33.32.1340 > 88.212.205.9.3478: UDP, length 68
21:41:55.589705 IP 88.212.205.9.3478 > 109.252.33.32.1340: UDP, length 56
^C
here is my config (not too complex)
listening-port=3478
no-auth
userdb=/usr/local/var/db/turndb
here is my log
11: : session 003000000000000002: realm <> user <>: incoming packet BINDING processed, success
11: : IPv4. Local relay addr: 88.212.205.9:64668
11: : session 003000000000000002: new, realm=<>, username=<>, lifetime=600
11: : session 003000000000000002: realm <> user <>: incoming packet ALLOCATE processed, success
11: : session 003000000000000002: refreshed, realm=<>, username=<>, lifetime=0
11: : session 003000000000000002: realm <> user <>: incoming packet REFRESH processed, success
12: : session 003000000000000002: usage: realm=<>, username=<>, rp=3, rb=116, sp=3, sb=232
12: : session 003000000000000002: peer usage: realm=<>, username=<>, rp=0, rb=0, sp=0, sb=0
12: : session 003000000000000002: closed (2nd stage), user <> realm <> origin <>, local 88.212.205.9:3478, remote 109.252.33.32:1074, reason: allocation timeout
12: : session 003000000000000002: delete: realm=<>, username=<>
allocation timeout? What and how?
Hi @tarkhil You are setting port range to 10000-20000 — can you pls verify if this port range is actually in the range of ephemeral ports that is used by OS of your container, host, and also exposed by the host? To my knowledge, it is not given that 10000-20000 will just work on any system.
I use debian based images (building my own) and setting port range to 32768-60999 and also explicitly allowing them in security group of infrastructure provider.
I’ve used an unfirewalled virtual box with Ubuntu
My home PC talks something to port 3478, but
185: handle_udp_packet: New UDP endpoint: local addr 0.0.0.0:3478, remote addr 109.252.45.213:1113
185: session 003000000000000001: realm <over.ru> user <>: incoming packet BINDING processed, success
195: session 003000000000000001: realm <over.ru> user <>: incoming packet BINDING processed, success
205: session 003000000000000001: realm <over.ru> user <>: incoming packet BINDING processed, success
215: session 003000000000000001: realm <over.ru> user <>: incoming packet BINDING processed, success
245: session 003000000000000001: usage: realm=<over.ru>, username=<>, rp=4, rb=80, sp=4, sb=352
245: session 003000000000000001: closed (2nd stage), user <> realm <over.ru> origin <>, local 0.0.0.0:3478, remote 109.252.45.213:1113, reason: allocation watchdog determined stale session state
something goes wrong and I have no idea at all what could be wrong
I’m trying to make my config as small as possible
listening-ip=0.0.0.0
#external-ip=
listening-port=3478
#tls-listening-port=443
realm=over.ru
#cert=/usr/local/etc/turn_server_cert.pem
#pkey=/usr/local/etc/turn_server_pkey.pem
use-auth-secret
static-auth-secret=shiturn
log-file=/var/log/turnserver.log
verbose
no-tlsv1
no-tlsv1_1
no-tlsv1_2
What can timeout?
Stale session means that the allocation was not used for 600s (default value) and then closed
How did you test it?
Did the application work — is it possible that whatever application you used did not need turn server?
Hello
I can’t connect via webRTC, maybe someone can contact me and help me /connectionstate=failed
On webrtc debugger i have this from pc1 (call start):
From pc2 (join call):
Maybe one of you can help me? Or do you need some additional information?
Thank you everyone!
The WebRTC API event icecandidateerror is sent to an RTCPeerConnection if an error occurs while performing ICE negotiations through a STUN or TURN server. The event object is of type RTCPeerConnectionIceErrorEvent, and contains information describing the error in some amount of detail.
This event is not cancelable and does not bubble.
Syntax
Use the event name in methods like addEventListener(), or set an event handler property.
addEventListener('icecandidateerror', (event) => { });
onicecandidateerror = (event) => { };
Event type
Event properties
The RTCPeerConnectionIceErrorEvent interface includes the properties found on the Event interface, as well as the following properties:
addressRead only-
A string providing the local IP address used to communicate with the STUN or TURN server being used to negotiate the connection, or
nullif the local IP address has not yet been exposed as part of a local ICE candidate. errorCodeRead only-
An unsigned integer value stating the numeric STUN error code returned by the STUN or TURN server. If no host candidate can reach the server, this property is set to the number 701, which is outside the range of valid STUN error codes. The 701 error is fired only once per server URL, and only while the
icegatheringstateisgathering. errorTextRead only-
A string containing the STUN reason text returned by the STUN or TURN server. If communication with the STUN or TURN server couldn’t be established at all, this string will be a browser-specific string explaining the error.
portRead only-
An unsigned integer value giving the port number over which communication with the STUN or TURN server is taking place, using the IP address given in
address.nullif the connection hasn’t been established (that is, ifaddressisnull). urlRead only-
A string indicating the URL of the STUN or TURN server with which the error occurred.
Description
The error object’s errorCode property is one of the numeric STUN error codes. There is one additional, WebRTC-specific, error which lies outside the valid STUN error code range: 701. Error 701 indicates that none of the ICE candidates were able to successfully make contact with the STUN or TURN server.
The 701 error is fired only once per server URL from the list of available STUN or TURN servers provided when creating the RTCPeerConnection. These errors occur only when the connection’s ICE gathering state is gathering.
Example
The following example establishes a handler for icecandidateerrors that occur on the RTCPeerConnection pc. This handler looks specifically for 701 errors that indicate that candidates couldn’t reach the STUN or TURN server.
When this happens, the server URL and the error message are passed to a function called reportConnectFail() to log or output the connection failure.
pc.addEventListener("icecandidateerror", (event) => {
if (event.errorCode === 701) {
reportConnectFail(event.url, event.errorText);
}
});
Note that if multiple STUN and/or TURN servers are provided when creating the connection, this error may happen more than once, if more than one of those servers fails. Each provided server is tried until a connection is established.
Specifications
| Specification |
|---|
| WebRTC 1.0: Real-Time Communication Between Browsers # dom-rtcpeerconnection-onicecandidateerror |
Browser compatibility
BCD tables only load in the browser
STUN server address is incompatible | Error code=701:
I have installed the TURN server everything in the server code is working fine. no error in the log file. only a warning stating
but the TURN server running on the server.
here is what shows when I check lsof -i :3478
when I check STUN in Trickle ICE it throws an errors
what’s going wrong in this.
2 Answers 2
I think that 701 error is a more generic connectivity error that Trickle ICE uses to indicate it didn’t get a binding response back. Run stunclient your.stun.ip.address with the command line tools at www.stunprotocol.org to see if your STUN service is accessible from the outside world.
STUN technically requires being hosted on a device with two IP addresses and two ports. It’s typically a command line parameter to specify which IP addresses the server should listen on. But most server implementations can operate on a host with a single IP address.
The second IP address and port on the server is used for STUN client filtering tests to detect what type of NAT is in effect. The client sends a binding request on the server’s primary ip and port, but with a change request attribute to have the server respond from the alternate IP address or port. More often than not, this binding request with a change-request attribute fails since NATs will not forward traffic from the other IP/port.
The filtering test is useful for logging what type of NAT the client is on. So that failed connections can be debugged and that success/failure metrics can be correlated to NAT type.
Since most ICE implementations will exchange all available address candidates (local, mapped, and relay), the filtering test isn’t very or useful to connectivity establishment.
Источник
Coturn stun server returned an error with code=701
I have my own server with ubuntu 19.
NOTE: I need a stun/turn server for a video chat web application. It works already if both devices are in the same network.
I have successfully installed and configured coturn. I can successfully start the turnserver by running: turnserver or nohup turnserver & in the terminal.
NOTE: I have an SSH connection to my server.
I also ensured that the necessary ports are open and checked them with netstat -tulpn .
I have been also restarting coturn a few times while testing sudo service coturn restart .
I use these configurations in the turnserver.conf :
This is my iceServers config in js, which I believe should work (I have done TONS of other combinations).
I have done TONS of different stun/turn server combinations, e.g.:
I used google’s stun servers: stun.l.google.com:19302, stun2.l.google.com:19302 etc.
I tried ports 3478 and 5349 (of course after restarting coturn)
I tried to use credentials for the stun server, but I am sure it does not need them
I tried to use IP6 address
Basically the testing URL above always gives me:
It does not matter whether I use google’s stun server or my own, the error is the same.
My webproject and the video chat WORKS great if I use the same network, but I believe stun and turn servers are not used in the same network.
Also while I updated my JS file I always deleted cache, so the new JS file was used. So that was also not an issue.
EDIT
This combination does not give an error, only:
I simply used IP6 for the stun and IP4 for turn. Video chat in different network still does not work, nowhere other errors to find.
EDIT:
Noticed today that https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ does not work. I had no errors on firefox. BUT you can enter some nonesense there and it will also show no errors.
EDIT:
I have also added now valid certificates:
Seems to work. I restarted coturn and status tells me that everything is running without issues.
Video chat still does not work in different networks.
Источник
Getting Timeout and Error with code 701 on clicking Gather Candidates for ICE Server #1251
Comments
chiangky commented Jan 6, 2020
Please read first!
Please use discuss-webrtc for general technical discussions and questions.
- [ v] I have provided steps to reproduce
- [ v] I have provided browser name and version
- [ v] I have provided a link to the sample here or a modified version thereof
Browser affected
Google Chrome Version 79.0.3945.88 (Official Build) (64-bit)
Firefox v71.0 (32bit)
Description
In my same PC and same networking environment, both Chrome & Firefox browser has different testing result. Firefox works fine but Chrome is not working.
Steps to reproduce
- Connect the PC to the router (My Public IP: 112.118.183.xxx ; LAN local IP: 192.168.8.228)
- Launch https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
- Click «Reset to defaults» button
- Input STUN URI: «stun:stun1.l.google.com:19302» and click «Add Server» button
- Input STUN URI: «stun:stun2.l.google.com:19302» and click «Add Server» button
- Input STUN URI: «stun:stun3.l.google.com:19302» and click «Add Server» button
- Input STUN URI: «stun:stun4.l.google.com:19302» and click «Add Server» button
- ICE options «IceTransports value:» set to «all» (default)
- ICE options «ICE Candidate Pool:» set to «0» (default)
- Click on «Gather Candidates» button
Expected results
It should display all the candidates of Type ‘Host’ or ‘srflx’, and no errors show at the bottom.
Actual results
Error code 701 shows at the bottom of «Gather Candidates» button.
The server stun:stun1.l.google.com:19302 returned an error with code=701:
STUN allocate request timed out.
The server stun:stun2.l.google.com:19302 returned an error with code=701:
STUN allocate request timed out.
The server stun:stun3.l.google.com:19302 returned an error with code=701:
STUN allocate request timed out.
The server stun:stun.l.google.com:19302 returned an error with code=701:
STUN allocate request timed out.
The server stun:stun4.l.google.com:19302 returned an error with code=701:
STUN allocate request timed out.
Screenshot of Chrome test result: 
Screenshot of Firefox test result: 
The text was updated successfully, but these errors were encountered:
Источник
701 error #1232
Comments
Archer-Thane commented Oct 28, 2019
- I have provided steps to reproduce
- I have provided browser name and version
- I have provided a link to the sample here or a modified version thereof
The issue is not browser specific. Tested with: Chrome Version 78.0.3904.70 (Official Build) (64-bit)
and Firefox 69.0.1
Description
I’ve used pion turn server. the instructions are found inside github page
After a simple setup using test as username and password, I see a 701 error code from trickle Ice page.
Worth to mention that the pion program started correctly at port 3478 on UDP. this is verified using fuser 3478/tcp command from server’s terminal.
First of all, what means this error and where can I find description about error codes, and second is how to fix this?
Steps to reproduce
1- open https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
2- STUN or TURN URI: turn:aalimoshaver.com:3478
3- TURN username: test
4- TURN password: test
Expected results
This should show a success test, which indicates done.
Actual results
I got these as error text:
The server stun:aalimoshaver.com:3478 returned an error with code=701:
STUN allocate request timed out.
The server turn:aalimoshaver.com:3478?transport=udp returned an error with code=701:
TURN allocate request timed out.
The text was updated successfully, but these errors were encountered:
Источник
The server returned an error with code=701: STUN/TURN allocate request timed out. #678
Comments
bruke291 commented Jan 7, 2021
First, many thanks to everybody and so sorry for my English.
I’m beginer in this, i installed and configured Coturn, it looks good. But when i tried test with Trickle ICE tools i got error 701:
I have tried everything but it still fails.
Please help me!
Thanks and best regards!
The text was updated successfully, but these errors were encountered:
bruke291 commented Jan 7, 2021
@misi can you help me look into it please
misi commented Jan 7, 2021
See for stun 701 error code:
The standard
If no host candidate can reach the server, errorCode will be set to the value 701 which is outside the STUN error code range. This error is only fired once per server URL while in the RTCIceGatheringState of «gathering».
The source of a browser implementation
So try to check your app signaling and server rechability from the client..
bruke291 commented Jan 8, 2021
Thanks for supporting me.
Im suspecting the problem is that there are some un-open ports between min-port 49152 and max-port 65535, because i checked stun/turn url on browser and both port 3478 and 5349 are open.
This is the list of detail specs:
I would appreciate it very much if you could provide me with a more detailed explanation or support, since my experience with setting up the server is still quite limited.
Thank you very much!
bruke291 commented Jan 8, 2021
See for stun 701 error code:
The standard
If no host candidate can reach the server, errorCode will be set to the value 701 which is outside the STUN error code range. This error is only fired once per server URL while in the RTCIceGatheringState of «gathering».
The source of a browser implementation
So try to check your app signaling and server rechability from the client..
About reachability, as i mentioned earlier, i checked everything i could, and i am suspecting the problem is that there are some un-open ports between min-port 49152 and max-port 65535.
misi commented Jan 8, 2021
@bruke291 Unfortunately I am busy with the actual release. I can support you only latter..
Many thanks for your patience..
misi commented Jan 8, 2021 •
Have you tested that from your browser machine you can create a tcp connection to the server tcp port?
I use in my example server ip 127.0.0.1
You should see if e.g. telnet server port that telnet connection established.. connected
And on server you should see if started with —verbose option
bruke291 commented Jan 8, 2021
@bruke291 Unfortunately I am busy with the actual release. I can support you only latter..
Many thanks for your patience..
@misi please, take your time. I appreciate all the help you have given me so far. Thank you very much!
bruke291 commented Jan 8, 2021
Have you tested that from your browser machine you can create a tcp connection to the server tcp port?
I use in my example server ip 127.0.0.1
You should see if e.g. telnet server port that telnet connection established.. connected
And on server you should see if started with —verbose option
Yes i can create a tcp connection to my server with tcp port.
Im using this command:
telnet 127.0.0.1 3478
and the result is the same as yours
29: IPv4. tcp or tls connected to: 127.0.0.1:59062
And when I apply the specs to the WebRTC demo, it works. But when i tried to test my STUN/TURN server on Trickle ICE I got an error like the Issue Title.
LordDashMe commented Apr 6, 2021
Same issue here!
No changes from the server config, this is working before but now this error message keep showing.
plukito commented Apr 8, 2021
In my case, I added ?transport=tcp and it’s working immediately because I opened the port as TCP.
Check whether you open the port as UDP or TCP.
LordDashMe commented Apr 11, 2021
Same issue here!
No changes from the server config, this is working before but now this error message keep showing.
Update: In Firefox browser, no message shown related to that error. This message can only be seen on Chrome.
ivanlukomskiy commented Jul 2, 2021 •
For me the cause of timeout was that I set up coturn without providing credentials.
Here is how I started the server:
turnserver or turnserver —no-auth
When I tried to test this server with Trickle Ice, Google Chrome after a minute of wait showed «Not reachable» and in webrtc-internals I can see TURN allocate request timed out .
In Firefox i also got «Not reachable» and in webrtc log i could see Missing MESSAGE-INTEGRITY .
I did some checks with tcpdump and found out that server successfully received and processed TURN ALLOCATE request and responded back to the client. I also validated that response was received on the client-side.
As I understand, when coturn is used without auth, MESSAGE-INTEGRITY attribute is not included in the response and browsers reject such responses. Interestingly enough, unsafely-treat-insecure-origin-as-secure flag in chromium seems to disable message integrity validation and turn server check works fine!
TL/DR: Adding —auth= :
—lt-cred-mech to the startup command fixed the issue for me:
turnserver —user=user:12345678 —lt-cred-mech
v1shva commented Aug 18, 2021
In my case, I added ?transport=tcp and it’s working immediately because I opened the port as TCP.
Check whether you open the port as UDP or TCP.
This was the case for me, I had not open the port 3478 UDP, only 3478 TCP. After opening the port it was fixed.
chrbsg commented Feb 10, 2022
I was getting this error with the trickle-ice sample in Chrome and «401: Unauthorized» in the turnserver log, apparently because the realm wasn’t set in /etc/turnserver.conf, and the domainname wasn’t set on the EC2 machine that I was testing coturn on. The comment in turnserver.conf says that in this case realm will default to an empty string, which seems to fail in Chrome, but works in Firefox.
I think the fix for this case should be that coturn explicitly disallows an empty realm, or uses a valid string default, instead of defaulting to «».
praveenjha-github commented Feb 18, 2022
I am facing an error message 701 in Gathering candidates of TURN server, could you please help:-
i have already started my turn server in terminal:-
after that i have gone to WebRTC ICE checking:-
As, you can see above there is an error 701 coming, so can you please tell that why am getting this error, following changes i have also done:-
1:- Checked my turnserver.conf file , but have only port 3478 opened in it.
2:- have also added (—auth=: —lt-cred-mech) in turnserver.conf file
3:- checked the firewall settings, have the port TCP opened in that
Any help, will be really appreciated.
tyki6 commented Mar 9, 2022 •
got the same problem
All port are open, test telnet connection: OK, firefox: 0 error message, Chrome:
any help will be appreciated
manrajgrover commented Mar 21, 2022
I am also facing this issue.
I have a server that I access using ssh and I port forward the ports. I have port forwarded required ports, i.e. 3478, 5349, and a small range of ports:
I am able to access the Turn server (I get the «Done» in the Trickle ICE page on using transport as TCP [ turn:localhost:3478?transport=tcp ]). However, I’m unable to access the STUN server. The error is:
The page says: On the server, I am getting responses on running turnutils_stunclient -p 3478 localhost .
I feel I should set some configuration in order to get stun response to work over ssh.
ideviant commented May 6, 2022
I’m using VPN in the client when got the 701 error.
After turned off the VPN, the check passed.
namdoel1412 commented Aug 7, 2022
I’m using VPN in the client when got the 701 error. After turned off the VPN, the check passed.
I have the same problem.
Neustradamus commented Aug 8, 2022
@ggarber: Can you look it?
kamilk91 commented Aug 29, 2022
1: IO method (general relay thread): epoll (with changelist) 1: turn server created 1: IPv4. SCTP listener opened on : 0.0.0.0:3478 1: IPv4. TCP listener opened on : 0.0.0.0:3478 1: IPv4. UDP listener opened on: 0.0.0.0:3478 1: Total General servers: 2 1: IO method (admin thread): epoll (with changelist) 1: IO method (auth thread): epoll (with changelist) 1: IO method (auth thread): epoll (with changelist) 1: SQLite DB connection success: /var/lib/turn/turndb 4: handle_udp_packet: New UDP endpoint: local addr 0.0.0.0:3478, remote addr 79.184.37.15:55434 4: session 001000000000000001: realm user <>: incoming packet BINDING processed, success 9: handle_udp_packet: New UDP endpoint: local addr 0.0.0.0:3478, remote addr 79.184.37.15:63833 9: session 000000000000000001: realm user <>: incoming packet BINDING processed, success 14: session 001000000000000001: realm user <>: incoming packet BINDING processed, success 19: session 000000000000000001: realm user <>: incoming packet BINDING processed, success
it looks like my server starting without port i specified as TLS in turnserver.conf:
ggarber commented Sep 17, 2022
@ideviant @namdoel1412 It looks like your VPN is blocking the access to your TURN server. Can you check it is reachable like mentioned here #678 (comment) ?
Also can you check if your turn server is receiving any packet from your client with a packet sniffer?
I can take a look if you can provide that.
tarkhil commented Nov 16, 2022
Okay, same problem here. TURN server is in container, I’ve mapped ports 3478 tcp/udp. 5349 tcp/udp, 10000-20000 udp
syslog (realm omitted)
and «server returned code 701»
eakraly commented Nov 17, 2022
Hi @tarkhil
You are setting port range to 10000-20000 — can you pls verify if this port range is actually in the range of ephemeral ports that is used by OS of your container, host, and also exposed by the host? To my knowledge, it is not given that 10000-20000 will just work on any system.
I use debian based images (building my own) and setting port range to 32768-60999 and also explicitly allowing them in security group of infrastructure provider.
tarkhil commented Nov 17, 2022 •
I’ve configured coturn on different server, with external IP (no port mapping).
Источник
Chris Dawson
unread,
Apr 10, 2020, 10:05:29 PM4/10/20
to TURN Server (Open-Source project)
TL;DR I have a local webrtc demo working. I want to permit a relay between two clients that are outside the local network. I’m setting up a turn server. But, I’m unsure if my coturn is incorrectly setup, or if ports are not open, or if my webrtc client is wrong. I’m struggling with understanding where to look (tcpdump or chrome webrtc internals, or otherwise?)
Specific questions
- Should the credentials inside my peer config be username=abc, credential=123 OR username: «abc:123» (and then credential field is something else)? Here (https://www.html5rocks.com/en/tutorials/webrtc/infrastructure/) it says crendentials like this: { ‘credential’: ‘JZEOEt2V3Qb0y27GRntt2u2PAYA=’, ‘username’: ‘28224511:1379330808’ }. I don’t get where they get the «JZ….» for credentials string but I see username is username/password separated by a colon. Perhaps this is backend specific?
- Should tls-listening-port inside my coturn configuration file be set to 3478, or 443 (or 8443). What is that port, an admin https port? Which one should I provide to Trickle ICE?
- What should I be looking for inside the webrtc internals of Chrome or Firefox to see if authentication is passing for a webrtc connection (either with Trickle ICE or my own webrtc demo)?
- What can I look for on the server using tcpdump to see if trickle ICE is talking to my server (and see if it is a firewall issue perhaps).
Now the full details:
(I’ve changed my hostnames and IPs to fake ones here BTW)
I have an example webrtc app working that allows me to send and display video from two clients. It works great within a closed network using just a STUN URL.
var config = {
‘iceServers’: [ {‘urls’: ‘stun:stun.l.google.com:19302’}]
};
Two different browsers send video back and forth. If I have one browser inside the firewall and then another outside, things don’t work. I’m trying to get a TURN server using coturn working to relay for me with this config.
var config = {
‘iceServers’: [ {‘urls’: ‘stun:stun.l.google.com:19302’}, {
'urls': 'turn:turn.example.com:3478',
username: "abc",
credential: "123",
I have one running on ubuntu with this configuration.
fingerprint
listening-ip=0.0.0.0
external-ip=34.34.34.34
listening-port=3478
tls-listening-port=443
min-port=10000
max-port=20000
log-file=/var/log/turnserver.log
verbose
user=abc:123
lt-cred-mech
I can see it is listening when I run netstat:
# netstat -anp | grep turn
tcp 0 0 0.0.0.0:3478 0.0.0.0:* LISTEN 6363/turnserver
tcp 0 0 0.0.0.0:3478 0.0.0.0:* LISTEN 6363/turnserver
…
tcp 0 0 0.0.0.0:3478 0.0.0.0:* LISTEN 6363/turnserver
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 6363/turnserver
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 6363/turnserver
…
I add this server:
Then, I see this:
Note: errors from onicecandidateerror above are not neccessarily fatal. For example an IPv6 DNS lookup may fail but relay candidates can still be gathered via IPv4.
That’s what happens on Chrome for Linux (80.0.3987.163 (Official Build) (64-bit))
If I use Firefox, it just seems to hang (nothing is output)
Inside the JS on both platforms I see this output:
Creating new PeerConnection with config={«iceServers»:[{«urls»:[«turn:turn.example.com:3478″],»username»:»abc»,»credential»:»123″}],»iceTransportPolicy»:»relay»,»iceCandidatePoolSize»:»0″} main.js:151:11
I attempt to sniff the packets with tcpdump and am not seeing anything with this command (but I’m no tcpdump expert!). Is this the correct command to use? What can I use to determine whether the client is at least connecting?
# tcpdump ‘port 3478’
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens4, link-type EN10MB (Ethernet), capture size 262144 bytes
Chris Dawson
unread,
Apr 12, 2020, 3:26:57 AM4/12/20
to TURN Server (Open-Source project)
Doh. Simply a firewall issue.
MIchael
unread,
Apr 12, 2020, 4:37:32 AM4/12/20
to TURN Server (Open-Source project)
I’m having what sounds to be a similar issue. What was your firewall issue?
On Sunday, 12 April 2020 01:26:57 UTC+1, Chris Dawson wrote:
Doh. Simply a firewall issue.
Chris Dawson
unread,
Apr 12, 2020, 5:15:55 AM4/12/20
to MIchael, TURN Server (Open-Source project)
I was using 0.0.0.0/24 instead of 0.0.0.0/0. That opened it up for all connections and then it worked.
У меня есть собственный сервер с Ubuntu 19.
ПРИМЕЧАНИЕ. Мне нужен сервер оглушения / поворота для веб-приложения видеочата. Он уже работает, если оба устройства находятся в одной сети.
Я успешно установил и настроил coturn. Я могу успешно запустить Turnserver, запустив: turnserver или nohup turnserver & в терминале.
ПРИМЕЧАНИЕ. У меня SSH подключение к моему серверу.
Я также убедился, что необходимые порты открыты, и проверил их с помощью netstat -tulpn.
Я также несколько раз перезапускал coturn во время тестирования sudo service coturn restart.
Я использую эти конфигурации в turnserver.conf:
# Also tried 80
listening-port=3478
# Also tried 443
tls-listening-port=5349
listening-ip=<MY-IP4>
listening-ip=<MY-IP6>
relay-ip=<MY-IP4>
external-ip=<MY-IP4>
oauth
user=root:<password>
userdb=/var/lib/turn/turndb
no-stdout-log
Это моя конфигурация iceServers в js, которая, как я считаю, должна работать (я использовал ТОННУ других комбинаций).
var pcConfig = {
'iceServers': [
{
'urls': 'stun:<MY-IP4>:80'
},
{
'urls': 'turn:<MY-IP4>:80',
'credential': '<PASSWORD>',
'username': 'root'
}
]
};
Я использовал ТОННУ различных комбинаций оглушения / поворота, например:
-
Я использовал оглушающие серверы Google: stun.l.google.com:19302, stun2.l.google.com:19302 и т. Д.
-
Пробовал порты 3478 и 5349 (конечно после перезапуска coturn)
-
Я пробовал использовать учетные данные для оглушающего сервера, но уверен, что они ему не нужны
-
Я пробовал использовать IP6-адрес
Я также проводил тесты в прямом эфире в своем веб-проекте, а также здесь: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
По сути, приведенный выше URL-адрес тестирования всегда дает мне:
Note: errors from onicecandidateerror above are not neccessarily fatal. For example an IPv6 DNS lookup may fail but relay candidates can still be gathered via IPv4.
The server stun:<MY-IP4>:80 returned an error with code=701:
STUN server address is incompatible.
The server stun:<MY-IP4>:80 returned an error with code=701:
STUN server address is incompatible.
Неважно, использую ли я сервер оглушения Google или свой, ошибка одна и та же.
Мой веб-проект и видеочат отлично работают, если я использую одну и ту же сеть, но я считаю, что серверы оглушения и поворота не используются в одной сети.
Кроме того, когда я обновлял свой JS-файл, я всегда удалял кеш, поэтому использовался новый JS-файл. Так что это тоже не было проблемой.
ИЗМЕНИТЬ
Эта комбинация не дает ошибки, только:
Note: errors from onicecandidateerror above are not
neccessarily fatal. For example an IPv6 DNS
lookup may fail but relay candidates can still be gathered via IPv4.
Протестировано на https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
{
'urls': 'stun:<MY-IP6>:80'
},
{
'urls': 'turn:<MY-IP4>:80',
'credential': '<PASSWORD>',
'username': 'root'
}
Я просто использовал IP6 для оглушения и IP4 для поворота. Видеочат в другой сети по-прежнему не работает, других ошибок нигде не найти.
РЕДАКТИРОВАТЬ:
Сегодня заметил, что https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ не работает. У меня в firefox ошибок не было. НО вы можете ввести туда какую-то бессмыслицу, и она тоже не будет показывать ошибок …
РЕДАКТИРОВАТЬ:
Я также добавил действующие сертификаты:
cert=/usr/local/etc/turn.pem
pkey=/usr/local/etc/turn.key.pem
Кажется, работает. Я перезапустил coturn, и статус говорит мне, что все работает без проблем.
Видеочат по-прежнему не работает в разных сетях.