Furor Teutonicus blog | over | volg | teuto | lyme | archief | doneer | todo
🕰️
  ⬩  
✍️ Evert Mouw
  ⬩  
⏱️ 3 min

Choosing and using CoTurn as a STUN and TURN server for ICE

Introduction

Internet Protocol (IP) based voice and messaging are very popular and increasingly so. SIP phone systems such as Lynx and Asterisk and XMPP based instant messengers (IM) from Facebook and Google are gradually replacing traditional phone systems and older IM clients. I have written previously on the good client Jitsi that handles both protocols. Another development is the rise of WebRTC for in-browser conferencing.

However, to enable systems to communicate, they have to see each other. Many devices have “hidden” private IP addresses because we don’t have enough IPv4 addresses and therefore use Network Address Translation (NAT). NAT makes it difficult for devices to transmit files, video and voice. A method to bypass NAT is ICE. ICE makes use of other protocols, notably STUN and TURN. In order to use ICE (and make those nice phone calls), you want a server that implements both protocols. Actually, there are quite a few that do.

But what is the best STUN and TURN server for your ICE based NAT traversals? (The rest of the article is rather technical.)

Lots of choices

I prefer C/C++ implementations over Java ones because better CPU and memory usage — not unimportant on your server or maybe your small Raspberry Pi! So I will leave out most of the Java implementations. This is one of the well-known Java implementations:

These are C/C++ servers but they lack some features:

A C/C++ server with many features is CoTurn:

CoTurn installation

From the INSTALL file for v4.1.1.1:

Debian

Debian “jessie” (and the recent version of Ubuntu and Mint) have the predecessor of this project packaged as “rfc5766-turn-server”, see the link: http://packages.qa.debian.org/r/rfc5766-turn-server.html

So we need to install a newer version.

If you are using the Debian package from the project download site, then follow these instructions:

Unpack the archive:

$ tar xvfz turnserver-<...>.tar.gz

Read the INSTALl file:

$ cat INSTALL

Install the *.deb file:

$ sudo apt-get update
$ sudo apt-get install gdebi-core
$ sudo gdebi coturn*.deb

(to install the bare package without any dependencies, type:

$ sudo dpkg -i coturn_*_*.deb)

And enable coturn:

$ vim /etc/default/coturn

After the install, read the documentation in /usr/share/doc/coturn directory.

All binaries will be installed in /usr/bin/ directory. The turn*.conf config files are in /etc directory.

The service start-up control scripts will be in /etc/init.d/coturn and in /etc/defaults/coturn files.

Builing your own is needed if you have a Raspberry Pi or whatever.

apt-get install gcc build-essential
apt-get install libssl-dev libevent-dev libpq-dev mysql-client libmysqlclient-dev libhiredis-dev
wget URL-TO-SOURCES
tar xzf SOURCES.tgz
cd SOURCES
make
make install

Arch Linux

ArchLinux has this TURN server package:

https://aur.archlinux.org/packages/coturn/

CoTurn configuration

from /usr/local/share/doc/turnserver/postinstall.txt

1) If you system supports automatic start-up system daemon services,
   the, to enable the turnserver as an automatically started system
   service, you have to:

    a) Create and edit /etc/turnserver.conf or
    /usr/local/etc/turnserver.conf .
    Use /usr/local/etc/turnserver.conf.default as an example.

    b) For user accounts settings, if using the turnserver
    with authentication: create and edit /etc/turnuserdb.conf
    file, or set up PostgreSQL or MySQL or MongoDB or Redis database
    for user accounts.
    Use /usr/local/etc/turnuserdb.conf.default as example for flat file DB,
    or use /usr/local/share/turnserver/schema.sql as SQL database schema,
    or use /usr/local/share/turnserver/schema.userdb.redis as Redis
    database schema description and/or
    /usr/local/share/turnserver/schema.stats.redis
    as Redis status & statistics database schema description.

    c) add whatever is necessary to enable start-up daemon for the
    /usr/local/bin/turnserver.

2) If you do not want the turnserver to be a system service,
   then you can start/stop it "manually", using the "turnserver"
   executable with appropriate options (see the documentation).

3) To create database schema, use schema in file
   /usr/local/share/turnserver/schema.sql

4) For additional information, run:

   $ man turnserver
   $ man turnadmin
   $ man turnutils

Create a self-signed certificate

openssl req -x509 -newkey rsa:4096 -keyout turnserver.key -out turnserver.crt -days 9999 -nodes

Ports needed on your firewall

(UDP & TCP)


Deze blogpost werd in december 2022 overgezet van WordPress naar een methode gebaseerd op Markdown; het is mogelijk dat hierbij fouten of wijzigingen zijn ontstaan t.o.v. de originele blogpost.