v0.1.2.2 — coturn validation works on more provider topologies
Note for
go installusers: this tag is 4-segment (v0.1.2.2), which Go module proxy treats as invalid semver and silently substitutes a pseudo-version. The Go binary is byte-identical tov0.1.2— no Go source changed in v0.1.2.1 or v0.1.2.2, the deltas are conf + docs + script that ship via Homebrew or repo clone, not viago install. Usego install github.com/1mb-dev/natcheck/cmd/natcheck@v0.1.2(same binary) orbrew install 1mb-dev/tap/natcheck(binary + corrected assets). v0.1.3 will use 3-segment semver.
Patch release. Closes #15 and #16. No code or JSON schema delta — same binary as v0.1.2 / v0.1.2.1.
Fixed
examples/coturn-natcheck.confnow uses the two-listening-ip+ two-external-ip-pair form explicitly. v0.1.2.1'sexternal-ip=PUBLIC/PRIVATEonly worked on AWS/GCP-style topologies where the two IPs differ naturally. On single-public-IP providers (DigitalOcean basic droplet, Linode Nanode, Hetzner single-IP), eth0's IP IS the public IP —external-ip=A/Adoesn't satisfy coturn's "two distinct IPs" requirement and coturn silently logsWARNING: ... only one IP address is providedwhile natcheck reportsfiltering: untested.docs/coturn-setup.mdadds a per-provider topology table (AWS/GCP / DO basic / bare metal) with a worked DigitalOcean Reserved IP example (ip addr add SECOND_IP/32 dev eth0).
Added
-
scripts/validate-coturn.sh— one-shot SSH-pipe provisioner that installs coturn, writes the conf, opens the firewall, starts coturn in tmux, and verifies the startup log for the two specific warning lines that signal a misconfigured §4.4 path. Exits non-zero withFAIL: ...if either appears, so misconfigured droplets don't silently producefiltering: untestedsamples. AcceptsSECOND_IP=<addr>env var for single-public-IP providers — aliases the IP to the NIC and writes the multi-IP conf.# AWS/GCP topology: ssh root@<vm-ip> 'bash -s' < scripts/validate-coturn.sh # Single-public-IP provider, after attaching a second IP: ssh root@<vm-ip> "SECOND_IP=<reserved-ip> bash -s" < scripts/validate-coturn.sh
Verified
End-to-end against a real DigitalOcean basic droplet (coturn 4.6, Ubuntu 24.04, primary public IP + Reserved IP aliased to eth0). Canonical filtering verdict reproduces across runs; classification + warnings + exit code stable. tcpdump confirmed coturn responds to RFC 5780 §4.4 Test 2 + Test 3 with routable public source IPs.
Known follow-up
- #14 — when the default-server hostnames resolve via IPv6 and a custom
--serveris IPv4 literal, the classifier compares mapped endpoints across address families and produces wrong ADM verdicts. Affects users followingdocs/coturn-setup.mdwho pass the natural probe set. Larger surface (Go code change + new schema warning + tests). v0.1.3.
Install
brew tap 1mb-dev/tap
brew upgrade natcheck # if already installed
brew install natcheck # fresh installor
go install github.com/1mb-dev/natcheck/cmd/natcheck@v0.1.2.2