Menu
▾
▴
Re: [Turnserver-users] Regarding user accounts in turnserver
|
From: Sébastien V. <vi...@cl...> - 2009-09-08 17:59:41
|
Hi, Srikanth Rajagopalan a écrit : > Hi Sebastien, > > Thanks for your reply. I have some doubt about TURN here. The internet > draft on TURN given at > http://tools.ietf.org/html/draft-ietf-behave-turn-16 indicates that > while transport from TURN client to server may be UDP/TCP/TLS over > TCP; the transport from the TURN server to the peer (the host we are > contacting) is only UDP. Is that how you have implemented it or is TCP > transport available between TURN server and peer. > For the moment in TurnServer TCP is not supported between server and peer, it is not in the standard TURN specification. But it exists a draft that specify turn-tcp (see http://tools.ietf.org/html/draft-ietf-behave-turn-tcp). I plan to implement it in TurnServer in the future (maybe in revision 05). Regards, -- Sebastien Vincent > > Regards, > Srikanth Rajagopalan > > --- On *Sat, 5/9/09, Sébastien Vincent > /<vi...@cl...>/* wrote: > > > From: Sébastien Vincent <vi...@cl...> > Subject: Re: [Turnserver-users] Regarding user accounts in turnserver > To: "Srikanth Rajagopalan" <sri...@ya...>, > tur...@li... > Date: Saturday, 5 September, 2009, 12:07 AM > > Hi, > > To have some debug message in TunrServer, reconfigure as follow: > > make clean > ./configure --enable-debug-build > make > > > STUN binding request is never authenticated and it is not a TURN > message. TurnServer requires authentication (and thus valid > account) just for TURN message. Maybe you have missed some > configuration with PJSIP (according to > http://www.pjsip.org/pjnath/docs/html/group__PJNATH__TURN.htm > PJSIP support TURN). > > Regards, > -- > Sebastien Vincent > > > Srikanth Rajagopalan a écrit : > > Hi Sebastien, > > > > Thank you for your quick reply. I am starting the turnserver > after editing the turnusers.txt using this command > > > > turnserver -c /usr/local/etc/turnserver.conf > > > > I do not recieve any message saying turnserver has started but I > am able to connect to the server so I know that it is working. IS > this normal or shoul;d I be getting some message saying the server > is running now? > > > > What I did is I emptied the turnusers.txt file and started the > turn server. I ran my program and checked with wireshark. What I > saw is that the client sends a STUN bind request and the server > replies with a success message and I am able to communicate. I > expected it to fail as the users list is empty. Is the users list > only for TURN and not for STUN? > > > > I am pasting my config file below. > > > > #################################################### > > ## > > # TurnServer configuration file. > > # > > > > ## Public IPv4 address of any relayed address (if not set, no > relay for IPv4). > > ## To have multiple address, separate addresses with a comma > > ## (i.e. listen_address = { "172.16.0.1", "172.17.0.1" }). > > listen_address = { "10.100.104.206" } > > > > ## Public IPv6 address of any relayed address (if not set, no > relay for IPv6). > > ## To have multiple address, separate address with a comma > > ## (i.e. listen_addressv6 = { "2001:db8:1::1", "2001:db8:2::1" }). > > #listen_addressv6 = { "2001:db8::1" } > > > > ## UDP listening port. > > udp_port = 3478 > > > > ## TCP listening port. > > tcp_port = 3478 > > > > ## TLS listening port. > > tls_port = 5349 > > > > ## TLS support. > > tls = false > > > > ## Daemon mode. > > daemon = false > > > > ## Unprivileged user > > ## if you want to use this feature create a system user. > > ## On Linux: adduser --system --group turnserver > > #unpriv_user = turnserver > > > > ## Realm value. > > realm = "10.100.104.28" > > > > ## Nonce key. > > nonce_key = "hieKedq" > > > > ## Max relay per username. > > max_relay_per_username = 5 > > > > ## Allocation lifetime. > > allocation_lifetime = 1800 > > > > ## Allocation bandwidth limitation (in KBytes/s). > > # 0 value means bandwidth quota disabled. > > bandwidth_per_allocation = 150 > > > > ## Denied addresses. > > > > # disallow relaying to localhost > > #denied_address { > > # address = "127.0.0.1" > > # mask = "8" > > # port = 0 > > #} > > > > # disallow relaying to ip6-localhost > > denied_address { > > address = "::1" > > mask = "128" > > port = 0 > > } > > > > denied_address { > > address = "10.1.4.0" > > mask = 24 > > port = 0 > > } > > > > ## Certification Authority file. > > ca_file = "./ca.crt" > > > > ## Server certificate file. > > cert_file = "./server.crt" > > > > ## Private key file. > > private_key_file = "./server.key" > > > > ## Account method. > > account_method = "file" > > > > ## Account file (if account_method = file). > > account_file = "/usr/local/etc/turnusers.txt" > > > > Thanks fro your help. > > > > Regards, > > Srikanth Rajagopalan > > > > --- On *Fri, 4/9/09, Sébastien Vincent > /<vi...@cl... > <http://in.mc87.mail.yahoo.com/mc/compose?to=vi...@cl...>>/* > wrote: > > > > > > From: Sébastien Vincent <vi...@cl... > <http://in.mc87.mail.yahoo.com/mc/compose?to=vi...@cl...>> > > Subject: Re: [Turnserver-users] Regarding user accounts in > turnserver > > To: "Srikanth Rajagopalan" <sri...@ya... > <http://in.mc87.mail.yahoo.com/mc/compose?to=sri...@ya...>> > > Cc: tur...@li... > <http://in.mc87.mail.yahoo.com/mc/compose?to=tur...@li...> > > Date: Friday, 4 September, 2009, 12:08 AM > > > > Hi, > > > > Are you restarting turnserver after modifying turnserver.txt > file > > ? Are turnserver uses correct turnserver.txt path ? (look at > > configuration file => account_file = "./turnusers.txt"). > > I just test with test_client_udp by changing password in the > > source file, recompile and it does not work when account not > exist > > or password does not match. > > > > I suggest you to study PCAP traces (with Wireshark) and see > if all > > is normal (good credentials given by client, bad credentials > given > > by client). > > > > Regards, > > -- > > Sebastien Vincent > > > > Srikanth Rajagopalan a écrit : > > > Hi, > > > I am using turnserver to implement a STUN?TURN server for > SIP. > > I got the server up and running. The problem I have is that the > > turnusers.txt does not seem to have any effect. Regardless of > > wether a person has an entry in the turnusers.txt file and > whether > > the correct password is supplied it works. I am using PJSIP for > > the SIP client. > > > Hoping for a reply. > > > Regards, > > > Srikanth Rajagopalan > > > > > > > > > > > > ------------------------------------------------------------------------ > > > See the Web's breaking stories, chosen by people like you. > Check > > out Yahoo! Buzz > > > <http://in.rd.yahoo.com/tagline_buzz_1/*http://in.buzz.yahoo.com/>. > > > > > > ------------------------------------------------------------------------ > > > > > > > > > ------------------------------------------------------------------------------ > > > Let Crystal Reports handle the reporting - Free Crystal > Reports > > 2008 30-Day trial. Simplify your report design, integration and > > deployment - and focus on what you do best, core application > > coding. Discover what's new with Crystal Reports now. > http://p.sf.net/sfu/bobj-july > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > Turnserver-users mailing list > > > Tur...@li... > <http://in.mc87.mail.yahoo.com/mc/compose?to=Tur...@li...> > > </mc/compose?to=Tur...@li... > <http://in.mc87.mail.yahoo.com/mc/compose?to=Tur...@li...>> > > > https://lists.sourceforge.net/lists/listinfo/turnserver-users > > > > > > > > ------------------------------------------------------------------------ > > See the Web's breaking stories, chosen by people like you. Check > out Yahoo! Buzz > <http://in.rd.yahoo.com/tagline_buzz_1/*http://in.buzz.yahoo.com/>. > > > ------------------------------------------------------------------------ > See the Web's breaking stories, chosen by people like you. Check out > Yahoo! Buzz > <http://in.rd.yahoo.com/tagline_buzz_1/*http://in.buzz.yahoo.com/>. |
