I do remember I already wrote this before here we go again:
OM generates some temporary, hashed version of client/password and sends it to the client browsers they are using it during WebRTC negotiation phase In case all IPs are public STUN/TURN has no effect In case STUN is enough - it will be used In case TURN is required coturn will send all traffic through itself All above is per my understanding :) On Wed, 23 Dec 2020 at 03:10, kaffeesurrogat <[email protected]> wrote: > Add on: > > looking at > > /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini > > i can only find a user password pair to connect to the turn service of > coturn. > > Does that mean kurentos WebRtc can only use static-user accounts and the > long term credentials to talk to each other > > but openmeetings is using dynamic user/password pairs based on a common > secret to talk to coturn ..... ? > > I don't get it .... ;-( > > > > > > On 22/12/2020 21:02, kaffeesurrogat wrote: > > Hi Everybody, > > > > again an attempt to understand the ways of coturn/kurento/openmeetings > > .... > > > > I will write a litte story, to examplify what i believe to understand. > > > > > > 1) Two people, a moderator (M) and a guest (G) want to use openmeetings. > > > > 2) M sits at home of M within a local network, some kind of 10.20.3... > > or 192.192... behind router with NAT > > > > 3) G sits at home of G within a local network, some kind of > > 10.22.13..... behind a router with NAT > > > > 4) Openmeetings/Kurento/coturn sit on a "public" server, which > > sometimes can be behind a NAT (for example virtual machines from > > amazon .... ) or they even can have a public ip and a couple of ports > > for each service. > > > > > > coturn is used to figure out some kind of public ips for M and G who > > are behind NAT-routers, so the stream between the two browsers of M > > and G can be pushed over the kurento-media server. Is that right ? > > > > If by any chance 4) is natted too, coturn even needs to figure out a > > public ip for openmeetings too ? > > > > > > If stun is enough to setup this connection for kurento the > > coturn-service is done after the connection is established, right ? > > > > If turn has to be used, the coturn-service has to deal at least with > > parts of the traffic between M and G which is pushed over kurento ? > > > > > > Looking at openmeetings.properties i have added (i guess, somebody > > told me to do so) the lines: > > > > > > kurento.turn.secret=MYSECRET > > kurento.turn.url=<public-ip-of-coturn-server:<coturn-port> > > > > > > In turnserver.conf > > > > static-auth-secret=MYSECRET > > > > > > How is the connection between openmeetings, kurento and coturn > > established ? > > > > My guess: > > > > Openmeetings generates user/password pairs for M and G which are > > passed over to kurento which passes them to coturn allowing M and G to > > connect to each other. Just a guess, as i said. > > > > for turnserver.conf using static-auth-secret means using the > > time-limited credentials mechanism. Since openmeetings knows about the > > secret (openmeetings.properties) and coturn (turnserver.conf) does > > too, they both can generate a dynamic user/password pair which is > > passed to ...... now i am completly lost. > > > > How is kurento allowed to talk to coturn .... ? > > > > My brain starts to eject some smoke signals .... ;-) > > > > > > I've read a couple of blogs and manuals and i am really sorry to > > bother you, but i would love to understand ..... > > > > > > kaffeesurrogat > > > > -- Best regards, Maxim
