Add on:
looking at
/etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini
i can only find a user password pair to connect to the turn service of
coturn.
Does that mean kurentos WebRtc can only use static-user accounts and the
long term credentials to talk to each other
but openmeetings is using dynamic user/password pairs based on a common
secret to talk to coturn ..... ?
I don't get it .... ;-(
On 22/12/2020 21:02, kaffeesurrogat wrote:
Hi Everybody,
again an attempt to understand the ways of coturn/kurento/openmeetings
....
I will write a litte story, to examplify what i believe to understand.
1) Two people, a moderator (M) and a guest (G) want to use openmeetings.
2) M sits at home of M within a local network, some kind of 10.20.3...
or 192.192... behind router with NAT
3) G sits at home of G within a local network, some kind of
10.22.13..... behind a router with NAT
4) Openmeetings/Kurento/coturn sit on a "public" server, which
sometimes can be behind a NAT (for example virtual machines from
amazon .... ) or they even can have a public ip and a couple of ports
for each service.
coturn is used to figure out some kind of public ips for M and G who
are behind NAT-routers, so the stream between the two browsers of M
and G can be pushed over the kurento-media server. Is that right ?
If by any chance 4) is natted too, coturn even needs to figure out a
public ip for openmeetings too ?
If stun is enough to setup this connection for kurento the
coturn-service is done after the connection is established, right ?
If turn has to be used, the coturn-service has to deal at least with
parts of the traffic between M and G which is pushed over kurento ?
Looking at openmeetings.properties i have added (i guess, somebody
told me to do so) the lines:
kurento.turn.secret=MYSECRET
kurento.turn.url=<public-ip-of-coturn-server:<coturn-port>
In turnserver.conf
static-auth-secret=MYSECRET
How is the connection between openmeetings, kurento and coturn
established ?
My guess:
Openmeetings generates user/password pairs for M and G which are
passed over to kurento which passes them to coturn allowing M and G to
connect to each other. Just a guess, as i said.
for turnserver.conf using static-auth-secret means using the
time-limited credentials mechanism. Since openmeetings knows about the
secret (openmeetings.properties) and coturn (turnserver.conf) does
too, they both can generate a dynamic user/password pair which is
passed to ...... now i am completly lost.
How is kurento allowed to talk to coturn .... ?
My brain starts to eject some smoke signals .... ;-)
I've read a couple of blogs and manuals and i am really sorry to
bother you, but i would love to understand .....
kaffeesurrogat
