eturnal icon indicating copy to clipboard operation
eturnal copied to clipboard
verified publisher icon processone

TURN using docker not work with transport=udp

Open whatisor opened this issue 1 year ago • 7 comments

  1. Start eturnal container

  2. Test on Trickle ICE using 2 servers: TURN:127.0.0.1:3478?transport=tcp TURN:127.0.0.1:3478?transport=udp

  3. Check result

  • Only tcp one work, udp is timeout.

whatisor avatar Mar 27 '24 18:03 whatisor

How did you start the container?

sando38 avatar Mar 27 '24 18:03 sando38

Hi, I am using this: docker run -d --rm --name eturnal -p 3478:3478/udp -p 3478:3478 -p 50000-50050:50000-50050/udp -e ETURNAL_RELAY_MIN_PORT=50000 -e ETURNAL_RELAY_MAX_PORT=50050 -v D:\git\2024\speedtest\server\eturnal.yml:/etc/eturnal.yml ghcr.io/processone/eturnal:latest

yml from this repo and just adding user/password https://github.com/processone/eturnal/blob/master/config/eturnal.yml

whatisor avatar Mar 27 '24 21:03 whatisor

Okay, I checked on my computer as well. I can confirm, that I cannot reach the UDP listener via localhost using the Trickle ICE, however, here is what worked:

# starting first container
:~$ sudo docker run -d --rm --name eturnal -p 3478:3478/udp -p 3478:3478 -p 50000-50050:50000-50050/udp -e ETURNAL_RELAY_MIN_PORT=50000 -e ETURNAL_RELAY_MAX_PORT=50050 ghcr.io/processone/eturnal:1.12.0

# make STUN udp query to running container using docker network - negative
:~$ sudo docker run --rm ghcr.io/processone/eturnal:1.12.0 stun 127.0.0.1
Cannot query 127.0.0.1:3478: request timed out

# make STUN udp query to running container using host network - positive
:~$ sudo docker run --rm --network host ghcr.io/processone/eturnal:1.12.0 stun 127.0.0.1
172.17.0.1

# docker logs
:~$ sudo docker logs eturnal
Cannot query stun.conversations.im:3478: can't assign requested address
Exec: /opt/eturnal/erts-14.0.2/bin/erlexec -noinput +Bd -boot /opt/eturnal/releases/1.12.0/start -mode embedded -boot_var SYSTEM_LIB_DIR /opt/eturnal/lib -config /opt/eturnal/releases/1.12.0/sys.config -args_file /opt/eturnal/releases/1.12.0/vm.args -erl_epmd_port 3470 -start_epmd false -- foreground
Root: /opt/eturnal
/opt/eturnal
2024-03-27 22:17:03.689316+00:00 [notice] Starting eturnal 1.12.0 on Erlang/OTP 26 (ERTS 14.0.2)
2024-03-27 22:17:03.689387+00:00 [info] Got no NOTIFY_SOCKET, notifications disabled
2024-03-27 22:17:03.689430+00:00 [info] Relay IPv4 address: 1xx.1xx.xx8.xx1 (port range: 50000-50050)
2024-03-27 22:17:03.689476+00:00 [info] Relay IPv6 address not configured
2024-03-27 22:17:03.689508+00:00 [info] Listening on 127.0.0.1:3470 (tcp) (Erlang protocol version 5)
2024-03-27 22:17:03.689695+00:00 [info] Started mod_log_stun
2024-03-27 22:17:03.689923+00:00 [info] Listening on [::]:3478 (udp) (STUN/TURN)
2024-03-27 22:17:03.690084+00:00 [info] Listening on [::]:3478 (tcp) (STUN/TURN)
2024-03-27 22:19:00.679618+00:00 [info] Accepting connection: 172.17.0.1:60164 -> 172.17.0.2:3478 [TCP, session n9og5jipuort]
2024-03-27 22:19:00.681407+00:00 [info] Accepting long-term STUN/TURN authentication [TCP, session n9og5jipuort, user 1711664258, client 172.17.0.1:60164]
2024-03-27 22:19:00.681875+00:00 [notice] Creating TURN allocation (lifetime: 600 seconds) [TCP, session n9og5jipuort, user 1711664258, client 172.17.0.1:60164, relay 187.191.8.231:50026]
2024-03-27 22:21:39.181233+00:00 [info] Responding to STUN request [UDP, session f6hgfugi7d81, anonymous, client 172.17.0.1:43599]

So it looks like the UDP is not reachable with Trickle ICE via localhost due to some networking issue. I have no idea what it could be, but maybe @weiss has an idea.

sando38 avatar Mar 27 '24 22:03 sando38

Thanks @sando38 for quick try, I will try it. Do you have any idea about purpose of this error "stun.conversations.im" server? I beleive we are running all locally, so should not include any domain url.

whatisor avatar Mar 28 '24 01:03 whatisor

Yes, that is caused by a STUN client when querying the public IPv4 and IPv6 address and usually only occurs when the machine (docker host) has no IPv6 address. It is described here: https://github.com/processone/eturnal/blob/master/doc/CONTAINER.md#general-hints

Your can disable the service if you do not need it.

sando38 avatar Mar 28 '24 02:03 sando38

So it looks like the UDP is not reachable with Trickle ICE via localhost due to some networking issue. I have no idea what it could be, but maybe @weiss has an idea.

No idea, sorry. Maybe try to capture the traffic with tcpdump or so?

FWIW, I wasn't able to reproduce the problem on a plain Linux system (curl -fsS https://eturnal.net/install | sudo sh), at least not with Chromium-based browsers. (For some reason, Trickle-ICE doesn't seem to work with Firefox at all for me, right now.)

weiss avatar Mar 28 '24 11:03 weiss

Root cause is that realm is required to initialize connection with some clients like Chromium on windows( and some others)

whatisor avatar Apr 05 '24 14:04 whatisor

Root cause is that realm is required to initialize connection with some clients like Chromium on windows

A realm is always involved while performing TURN authentication. The actual realm value is communicated by the server to the client (not the other way round). If you don't specify a realm in the eturnal configuration, eturnal.net will be used. That should work just fine for all common use-cases (which is why example configs don't mention this option).

Therefore, I'm assuming the root cause of the issue you've seen is something different. But if the issue is fixed for you, I'm happy :smile:

weiss avatar Jun 16 '24 16:06 weiss