Hello Partha, It seems I missed the question :( (too much emails :((( ) TURN server should be able to handle connections for users behind NAT Same time KMS should be fully accessible to it
you can set it up on different server, but please ensure it has full access to KMS On Tue, 19 May 2020 at 01:34, Partha Datta <[email protected]> wrote: > Hello Maxim, > I understand, you have been busy. I was waiting to hear back from you. > I managed to get cturn for fedora 25. I have a doubt. Do I need to run > cturn in the firewall server or I can run the cturn on the server I am > running openmeeting? Which is behind the firewall server. > > Could you send me some reference, which will help me to overcome lockdown > situations. > > Regards, > Partha > > On Thu, May 7, 2020 at 6:37 AM Maxim Solodovnik <[email protected]> > wrote: > >> Hello Partha, >> >> sorry for keeping silence, I'm a bit overloaded :( >> >> I have no experience with `reTurnServer`, used only coturn, was sure it >> is available for all distros :( >> You need to make sure >> - TURN is accessible from outside your NTA >> - TURN can communicate with KMS >> >> On Wed, 6 May 2020 at 23:34, Partha Datta <[email protected]> wrote: >> >>> Hi >>> As discussed I have installed turn in a different server. >>> [root@demo reTurn]# netstat -npl | grep -i turn >>> tcp 0 0 0.0.0.0:3478 0.0.0.0:* >>> LISTEN 8770/reTurnServer >>> tcp6 0 0 :::3478 :::* >>> LISTEN 8770/reTurnServer >>> udp 0 0 0.0.0.0:3478 0.0.0.0:* >>> 8770/reTurnServer >>> udp6 0 0 :::3478 :::* >>> 8770/reTurnServer >>> I have also edited the file >>> /opt/open503/webapps/openmeetings/WEB-INF/classes/applicationContext.xml >>> <!-- Kurento --> >>> <bean id="kurentoHandler" >>> class="org.apache.openmeetings.core.remote.KurentoHandler" >>> init-method="init" destroy-method="destroy" >>> p:kurentoWsUrl="ws://127.0.0.1:8888/kurento" >>> p:checkTimeout="10000" >>> p:watchThreadCount="10" >>> p:turnUrl="125.85.210.130:3478" >>> p:turnUser="kurento" >>> p:turnSecret="ab5497d0f532dc7c24336ab0e74d5c" >>> p:turnMode="rest" >>> p:turnTtl="60" >>> p:objCheckTimeout="200" >>> /> >>> But still I cant access it from outside the LAN, Could you help me.. >>> Regards, >>> Partha >>> >>> On Mon, May 4, 2020 at 10:14 PM Maxim Solodovnik <[email protected]> >>> wrote: >>> >>>> Please check `netstat -npl|grep 8888` >>>> When you are starting dockerized KMS for ex. `docker run -v >>>> /home/solomax/work/openmeetings/data:/home/solomax/work/openmeetings/data >>>> -p 8888:8888 kurento/kurento-media-server` >>>> You make it available at `localhost:8888` due to forwarding >>>> >>>> to make everything workable behind NAT you need to ensure TURN is >>>> available outside the NAT >>>> >>>> On Mon, 4 May 2020 at 23:36, Partha Datta <[email protected]> >>>> wrote: >>>> >>>>> Hello Maxim, >>>>> Sorry, if I am not able to explain you properly, so attaching you a >>>>> network diagram of my setup. I have referred installation on Fedora 30, >>>>> it >>>>> doesn't talk about TURN installation, however I am installing on Fedora >>>>> 27, >>>>> every thing works good in LAN & VPN but I can not access from PUBLIC >>>>> network. Hope I am clear now. Moreover the docker IP is not static. Do the >>>>> docker IP has to be in different Subnet? I am also attaching you the NAT >>>>> table where OM, Docker & KMS is running. >>>>> [image: image.png] >>>>> netstat -ntp >>>>> [image: image.png] >>>>> >>>>> >>>>> >>>>> >>>>> On Mon, May 4, 2020 at 8:15 PM Maxim Solodovnik <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello Partha, >>>>>> >>>>>> this is something i don't understand :( >>>>>> I would expect KMS is accessible on the same IP >>>>>> >>>>>> Anyway you have to ensure correct KMS address is specified in OM >>>>>> config (and it is accessible to OM) >>>>>> and also accessible to TURN >>>>>> >>>>>> On Mon, 4 May 2020 at 03:23, Partha Datta <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hello Maxim, >>>>>>> My server LAN IP is 192.168.1.16 and the docer is running >>>>>>> 172.16.0.1, I have not assigned any IP address to it. Do I need to >>>>>>> change >>>>>>> it to same subnet or bind with the same IP address? If so can you tell >>>>>>> me >>>>>>> how to do that. I am using docker-ce-18.09.0-3.fc27.x86_64 >>>>>>> Regards, >>>>>>> Partha >>>>>>> >>>>>>> On Tue, Apr 28, 2020 at 7:11 PM Maxim Solodovnik < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Finally I get to this thread :) >>>>>>>> >>>>>>>> I would suggest to check which network interfaces do you have >>>>>>>> And ensure OM, KMS and coturn are available at external network >>>>>>>> interface >>>>>>>> >>>>>>>> On Tue, Apr 28, 2020, 11:42 Julian Weiß <[email protected]> wrote: >>>>>>>> >>>>>>>>> Same at my side. It works as long as I’am in the lan (VPN is also >>>>>>>>> in the lan) it works. Whe it comes to use the coturn server it >>>>>>>>> doesn’t work. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *Von: *Partha Datta <[email protected]> >>>>>>>>> *Antworten an: *"[email protected]" < >>>>>>>>> [email protected]> >>>>>>>>> *Datum: *Montag, 27. April 2020 um 22:14 >>>>>>>>> *An: *"[email protected]" <[email protected] >>>>>>>>> > >>>>>>>>> *Betreff: *Re: NAT Issue >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Hi Alvaro, >>>>>>>>> >>>>>>>>> No luck.. Here is my firewall configuration. But very strange.. it >>>>>>>>> works great when I get connected with VPN client >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> FedoraServer (active) >>>>>>>>> target: default >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: enp5s10 >>>>>>>>> sources: >>>>>>>>> services: ssh >>>>>>>>> ports: 5904/tcp 3478/tcp 3478/udp 5443/tcp 8888/tcp >>>>>>>>> 49152-65535/udp >>>>>>>>> protocols: >>>>>>>>> masquerade: yes >>>>>>>>> forward-ports: >>>>>>>>> source-ports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> [root@hepi3 ~]# firewall-cmd --list-all-zones >>>>>>>>> FedoraServer (active) >>>>>>>>> target: default >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: enp5s10 >>>>>>>>> sources: >>>>>>>>> services: ssh >>>>>>>>> ports: 5904/tcp 3478/tcp 3478/udp 5443/tcp 8888/tcp >>>>>>>>> 49152-65535/udp >>>>>>>>> protocols: >>>>>>>>> masquerade: yes >>>>>>>>> forward-ports: >>>>>>>>> source-ports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> rule family="ipv4" destination address="112.73.210.134" >>>>>>>>> forward-port port="5443" protocol="tcp" to-port="5443" >>>>>>>>> to-addr="192.168.110.16" >>>>>>>>> rule family="ipv4" destination address="112.73.210.134" >>>>>>>>> forward-port port="8888" protocol="tcp" to-port="8888" >>>>>>>>> to-addr="192.168.110.16" >>>>>>>>> rule family="ipv4" destination address="112.73.210.134" >>>>>>>>> forward-port port="49152-65535" protocol="udp" to-port="49152-65535" >>>>>>>>> to-addr="192.168.110.16" >>>>>>>>> rule family="ipv4" destination address="112.73.210.134" >>>>>>>>> forward-port port="3478" protocol="udp" to-port="3478" >>>>>>>>> to-addr="192.168.110.16" >>>>>>>>> rule family="ipv4" destination address="112.73.210.134" >>>>>>>>> forward-port port="3478" protocol="tcp" to-port="3478" >>>>>>>>> to-addr="192.168.110.16" >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> Partha >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Apr 27, 2020 at 12:09 PM Alvaro <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ...Partha, please open in firewalld the ports: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> # service firewalld start >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> # sudo firewall-cmd --zone=public --add-port=3478/tcp --permanent >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> # sudo firewall-cmd --zone=public --add-port=3478/udp --permanent >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> # sudo firewall-cmd --zone=public --add-port=5443/tcp --permanent >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> # sudo firewall-cmd --zone=public --add-port=8888/tcp --permanent >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> # sudo firewall-cmd --zone=public --add-port=49152-65535/udp >>>>>>>>> --permanent >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> # service firewalld restart >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ...and to see they are open: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> # firewall-cmd --list-all >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ...and after this would be good stop the servers and reboot >>>>>>>>> >>>>>>>>> the machine. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> .................. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> El lun, 27-04-2020 a las 05:23 +0530, Partha Datta escribió: >>>>>>>>> >>>>>>>>> Hello Alvaro, >>>>>>>>> >>>>>>>>> I am running in Fedora 27. When I enable Firewalld service in the >>>>>>>>> server running openmeeting I cant access, even from the LAN, so I >>>>>>>>> think it >>>>>>>>> is some thing to do with fire wall, I have not checked opening up the >>>>>>>>> ports >>>>>>>>> mentioned in the document you have sent on the local server . I shall >>>>>>>>> do >>>>>>>>> that today, and update you, to confirm if that is the issue with NAT >>>>>>>>> or >>>>>>>>> port blocking. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> Partha >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, 27 Apr 2020, 00:40 Alvaro, <[email protected]> wrote: >>>>>>>>> >>>>>>>>> Partha and Julian, is neccesary to open that ports in the firewall >>>>>>>>> and >>>>>>>>> >>>>>>>>> the router (both). >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Try without firewall to test (open ports in router). >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Are you in Ubuntu or Centos? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> .............. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> El dom, 26-04-2020 a las 23:52 +0530, Partha Datta escribió: >>>>>>>>> >>>>>>>>> Dear Alvaro, >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> I have opened up all the port mentioned in the document but I keep >>>>>>>>> getting the error, stating failed to connect to media server. >>>>>>>>> >>>>>>>>> Does it need to do any other conficonfiguration. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> Partha >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, 24 Apr 2020, 02:06 Alvaro, <[email protected]> wrote: >>>>>>>>> >>>>>>>>> ...that is for Ubuntu 18.04. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> And this is for Centos 7-8: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> https://cwiki.apache.org/confluence/download/attachments/27838216/Centos%207-8%20Installation%20SSL%20certificates%20and%20Coturn%20for%20OpenMeetings%205.0.0-M3.pdf >>>>>>>>> <https://cwiki.apache.org/confluence/download/attachments/27838216/Centos%207-8%20Installation%20SSL%20certificates%20and%20Coturn%20for%20OpenMeetings%205.0.0-M3.pdf?api=v2> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ................... >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> El jue, 23-04-2020 a las 22:11 +0200, Alvaro escribió: >>>>>>>>> >>>>>>>>> ...take a look: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> https://cwiki.apache.org/confluence/download/attachments/27838216/Installation%20SSL%20certificates%20and%20Coturn%20for%20OpenMeetings%205.0.0-M3.pdf >>>>>>>>> <https://cwiki.apache.org/confluence/download/attachments/27838216/Installation%20SSL%20certificates%20and%20Coturn%20for%20OpenMeetings%205.0.0-M3.pdf?api=v2> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> ................ >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> El vie, 24-04-2020 a las 00:34 +0530, Partha Datta escribió: >>>>>>>>> >>>>>>>>> Hello, >>>>>>>>> >>>>>>>>> I have installed OpenMeetings 5.0.0-M3. It is working in LAN both >>>>>>>>> audio & video. >>>>>>>>> >>>>>>>>> I have Openmeeting server behind a Linux firewall with NAT and >>>>>>>>> opened up 5443 & 8888 ports. I can not see or hear the meeting >>>>>>>>> participants >>>>>>>>> nor he can see me or hear. >>>>>>>>> >>>>>>>>> The setup test, I can see my own voice and video. >>>>>>>>> >>>>>>>>> Here is my nat table >>>>>>>>> >>>>>>>>> rule family="ipv4" destination address="112.73.210.134" >>>>>>>>> forward-port port="5443" protocol="tcp" to-port="5443" >>>>>>>>> to-addr="192.168.110.16" >>>>>>>>> rule family="ipv4" destination address="112.73.210.134" >>>>>>>>> forward-port port="8888" protocol="tcp" to-port="8888" >>>>>>>>> to-addr="192.168.110.16" >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> public >>>>>>>>> target: default >>>>>>>>> icmp-block-inversion: no >>>>>>>>> interfaces: >>>>>>>>> sources: >>>>>>>>> services: mdns dhcpv6-client >>>>>>>>> ports: 53/udp 5080/tcp 1935/tcp 5443/tcp >>>>>>>>> protocols: >>>>>>>>> masquerade: no >>>>>>>>> forward-ports: >>>>>>>>> source-ports: >>>>>>>>> icmp-blocks: >>>>>>>>> rich rules: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Could you please help me >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> Partha >>>>>>>>> M +91-8825608651 >>>>>>>>> Sent from mobile device >>>>>>>>> "If you worried about falling off the bike, you’d never..." >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> Partha >>>>>>>>> M +91-8825608651 >>>>>>>>> Sent from mobile device >>>>>>>>> "If you worried about falling off the bike, you’d never..." >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Partha >>>>>>> M +91-8825608651 >>>>>>> Sent from mobile device >>>>>>> "If you worried about falling off the bike, you’d never..." >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Best regards, >>>>>> Maxim >>>>>> >>>>> >>>>> >>>>> -- >>>>> Partha >>>>> M +91-8825608651 >>>>> Sent from mobile device >>>>> "If you worried about falling off the bike, you’d never..." >>>>> >>>> >>>> >>>> -- >>>> Best regards, >>>> Maxim >>>> >>> >>> >>> -- >>> Partha >>> M +91-8825608651 >>> Sent from mobile device >>> "If you worried about falling off the bike, you’d never..." >>> >> >> >> -- >> Best regards, >> Maxim >> > > > -- > Partha > M +91-8825608651 > Sent from mobile device > "If you worried about falling off the bike, you’d never..." > -- Best regards, Maxim
