TURN server¶
Overview¶
TURN server is used to establish WebRTC connection and transmit media traffic when UDP exchange between client and server is blocked by firewall
There are the following ways to use TURN server with WCS server
-
Using external TURN server, This is suitable for customers with enterprise infrastructure and customers which prefer to separate task performed by servers.
-
Using internal TURN server that embedded to WCS. This is sutable for small office and customer which prefer out-of-the-box solutions.
Supported platforms and browsers¶
Chrome | Firefox | Safari | Chromium Edge | |
---|---|---|---|---|
Windows | ✅ | ❌ | ❌ | ✅ |
Mac OS | ✅ | ❌ | ✅ | ✅ |
Android | ✅ | ❌ | ❌ | ✅ |
iOS | ✅ | ❌ | ✅ | ✅ |
Using external TURN server¶
When external TURN server is used, a traffic flows through available ports as follows:
Installing and configuring the TURN server on CentOS 7¶
-
Download and install turnserver
Or use the following guide to compile from sources -
Create the configuration file
turnserver.conf
An example of theturnserver.conf.default
configuration file is in the/usr/local/etc
directory. You can rename it toturnserver.conf
or create a new file.
Below is an example of the minimum configuration file:
- As seen from this example, operation of the TURN server requires a certificate and a private key.
If the TURN server is installed on the same server as the WCS server, you can use certificates of the WCS server.
If the TURN server is installed on another server, you can use openssl to generate a certificate and a private key:
-
REQUIRED: the configuration file of the TURN server must enable authorization, and users for authorization must be specified (the first three lines of the configuration file example).
-
Start turnserver
Connection using external TURN server¶
When you create a session using the Flashphoner WebSDKyou need to pass the mediaOptions
parameter where the credentials of the TURN server are specified. Below is an example of creating such a session:
Flashphoner.createSession({urlServer: url, mediaOptions: {"iceServers": [ { 'url': 'turn:192.168.0.1:3478?transport=tcp', 'credential': 'password1', 'username': 'username1' } ], "iceTransportPolicy": "relay"}})
Using internal TURN server¶
When internal TURN server is used, a traffic flows through available ports as follows:
Client browser establishes TCP connection to internal TURN server port (3478 by default), then internal TURN server connects to local WCS interface through UDP ports from specified range (36001-37000 by default). Thus, for client media traffic flows through TCP tunnel, and for WCS server nothing is changed, traffic flows via UDP ports.
The side effect is that all media traffic between client and server goes through TCP, this may seriously improve quality of HD translations with high bitrate.
Internal TURN server configuration¶
Internal TURN server should be set up using the following parameters in flashphoner.properties file:
Parameter | Default value | Description |
---|---|---|
turn_ip |
ip |
Internal TURN server IP address (by default is the same as ip ) |
turn_ip_local |
ip_local |
Internal TURN server local IP address used for port binding (by default is the same as ip_local ) |
turn_port |
3478 | Internal TURN server TCP port |
turn_password |
coM77EMrV7Cwhyan | Internal TURN server password (username is flashphoner ) |
turn_media_port_from |
36001 | Beginning of media UDP ports range for WebRTC connection between TURN and WCS |
turn_media_port_to |
37000 | End of media UDP ports range |
turn_media_ports_auditor_interval |
5000 | Audit interval for busy and free ports, in milliseconds |
turn_media_ports_auditor_max_attempts |
3 | Number of audits to make sure freed port is not bound |
turn.server_channel_receive_buffer_size |
1048576 | Receive buffer size in bytes |
turn.server_channel_send_buffer_size |
1048576 | Send buffer size in bytes |
Connection using internal TURN server¶
When you create a session using the Flashphoner WebSDK you need to pass the mediaOptions
parameter where the credentials of the internal TURN server are specified:
Flashphoner.createSession({urlServer: url, mediaOptions: {"iceServers": [ { 'url': 'turn:test.flashphoner.com:3478?transport=tcp', 'credential': 'coM77EMrV7Cwhyan', 'username': 'flashphoner' } ]}})
If UDP ports are blocked by firewall, browser may not establish WebRTC connection through UDP. In this case, "iceTransportPolicy": "relay"
parameter should be set in mediaOptions
Flashphoner.createSession({urlServer: url, mediaOptions: {"iceServers": [ { 'url': 'turn:test.flashphoner.com:3478?transport=tcp', 'credential': 'coM77EMrV7Cwhyan', 'username': 'flashphoner' } ], "iceTransportPolicy": "relay"}})
for media traffic go through TURN server.
Quick manual for testing¶
- For test we use:
- WCS with active embedded TURN server
- Firewall Traversal Streaming web application in Chrome browser
-
iptables
to block UDP ports on server -
Block UDP posrt on external network interface of WCS server
Where
ens192
is external network interface of WCS server -
Open Firewall Traversal Streaming application, set the following to
WhereTURN server
test.flashphoner.com
is WCS server hostname-
3478
is internal TURN server port -
Set up media traffic relay
- if UDP ports on WCS server are not blocked, uncheck
Force relay
-
if UDP ports on WCS server are blocked, check
Force relay
-
Click
Connect
, enter stream nametest
and clickPublish
. Stream publishing starts through internal TURN server
Known issues¶
1. TURN relaying does not work in some browsers¶
The Microsoft Legacy Edge and Mozilla Firefox browser can not connect and relay media traffic via the TURN server
Symptoms
Publishing/playback do not work when trying to connect through the TURN server
Solution
Use Chrome browser or its successors.