New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
turnserver issue #9310
Comments
OK. I think I should change the following in turn-stun-servers from ` to Would that work? I will delete the use-auth-secret line in tunrserver.conf and only use lt-cred-mech Would the bbb-server still send an api request along with the username and password in the instance above? I didn't delete the api-call constructor, I just left it blank? Would it send a blank call or not send an api-call? Would it matter anyway if I have use-auth-secret disabled in the turnserver? Would it just ignore the api-call and route the username:password through? We'll see. |
Didn't work. The bbb server still sends an empty api-call along with the username:password for the index 0 constructor-arg in the stun-turn-server.xml file. It expects an answer to the api-call and is refused connection to the turnserver. How do I change it to not send for the rest-api call at all? |
Trickle ICE (and other WebRTC testing tools, as well as your browsers WebRTC API) need an username and password combination. |
I do think the documentation is unclear on this issue and the core of the problem is that there are two different configuration files - one of which seems to require coturn to use the lt-cred-mech and the other uses the static-auth-secret mechanism. I have had a go at clarifying this as a PR to the documentation - would you mind taking a look: bigbluebutton/bigbluebutton.github.io#138 The comment by robbi here has given me pause for doubt - if bbb-web is creating a username / password pair that would suggest it is using lt-cred-mech and I might have this wrong. |
Hello, have you resolve this issue? or alternative solution. |
Following instructions exactly as described leads to a loop of stupidity.
The comments in the file /kurento/modules/kurento/WebRtcEndpoint.conf.ini
say that you must get one srfix and one relay candidate to show the turnserver is working on Trickle ICE, but the configuration makes this impossible.
Trickle ICE, at the very outset, requires a username and password combination for it's service to relay. With none defined, one cannot check for a relay. No combination of configuarions of using the secret-password defined in the bbb-install.sh coturn server will provide a relay candidate on Trickle ICE. I've tried everything at this stage. The only way I got a relay candidate on Trickle ICE was to delete use-auth-cred in turnserver.conf. Then I got a relay, so a working turnserver, but now the bbb server is configured wrongly.
Am I correct to assume that, even though I will never get a relay on Trickle ICE with the default configuartion, the turnserver is actually working and configured correctly? Would it suffice, as it were, to show that the new turnserver was working as a stun server on Trickle ICE. At least we know it's not blocking everything.
If we delete the lt-cred-mech option, then we cannot test our server on Trickle ICE.
To Reproduce
Steps to reproduce the behavior:
That's it.
Expected behavior
Get a relay
Actual behavior
infinte sadness and virtual madness
Additional context
Because of this error, I kept trying to find answers and changed the wrong thing and then it wasn't working, because now I broke it. So, I was stuck at that point over and over.
At this point, I am trying to refix all configurations with the troubleshooting pages, again.
But now I see that the file has the new follwing line
turnURL=username:password@XX.XX.XX.XX:443(?transport=[udp|tcp|tls])
but the file /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml
is sending the turnsecret to the server, calling on auth-use-secret which we had to delete to get username:password to give us a relay on Trickle ICE.
Is bbb going to use the server strictly as lt-cred-mech or use-auth-secret or as a mixture of both?
At the end of all of this, what I am asking is
If I use lt-cred-mech only on the turnserver, what changes do I need to make to /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml to add username and password in the turn server settings? Could I simply enter username:password for turnsecret here?
<constructor-arg index="0" value="turnsecret"/> <constructor-arg index="1" value="turns:turn.mydomain.com:443?transport=tcp"/>
in /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml
Otherwise, if I stick with use-auth-secret what was the line in /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini
that became,
turnURL=username:password@XX.XX.XX.XX:443(?transport=[udp|tcp|tls])
or, can I use both methods as per configuration and just assume that the turnserver knows what to do and my webcam issues are something else?
The text was updated successfully, but these errors were encountered: