New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Coturn may start before network is fully configured #558
Comments
Another possibility would be to give the user the choice at package install time. Like "Will this coturn instance run on a machine with static IP configured?" and then change the target accordigly. |
@misi: Can you look? |
I have also ran into this issue. I did the same thing that was mentioned in the OP (specifying |
As the already referenced https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ explains, the best general solution is binding the server to the always available loopback or wildcard addresses instead of specific addresses, because that way the server can adapt to a dynamically changing network environment. The other solutions are either substantially more complicated and non-portable (like explicitly acting on network change events or using IP_FREEBIND) or less flexible (like configuring specific addresses and starting/stopping the daemon as they come and go). |
Can you please elaborate on that or point me to some explaining ressources? I do not know how I would operate a TURN server bound to localhost? It is the the whole point it is reachable from outside? How do I manage that if it listens on localhost? |
See also #438 |
No, you're right. My point (quoted from the NetworkTarget documentation) was that the default bind address should be one which is always available, that is either loopback or wildcard. Of course running a TURN server bound to the loopback address isn't a useful service in general. The NetworkTarget documentation explains the reasoning behind this principle in great detail, I can't really add anything to that. I don't even know offhand whether coturn specifically supports binding to the wildcard address, but in my opinion it really should, since that's a more general and more resilient solution than using the blunt |
Guys, have you tested: https://github.com/processone/eturnal? |
@wferi: Just tried and you were right: Coturn will happily bind to the wildcard address if you explicitly ask it to do so. Just put Note: Perhaps this should be the default behavior for coturn, instead the auto-discovery of addresses which usually fails at boot time? |
I also support the wildcard default, because that works with dynamic address changes as well. Preferably with IPv6 wildcard ( |
@ruedigerkupper Please accept my apologies for my late reply. I see in actual systemd unit file the following.
@wferi Can you help I am not sure, am I right/wrong that we need to remove |
I added new option |
It is closed by mistake |
systemd notify integration is a very nice. Thank you for that. How does Coturn handle removed network interfaces? I think the optimal solution would be, that Coturn would discover the network interfaces dynamically, so it would be able to start without any interfaces set up yet, and then gets notified about new interfaces or detects them itself. |
Unfortunately AFAIK coturn does not handle dynamic interface removal or add :( |
Strictly speaking, you needn't change the default (enumeration and use of currently available addresses) behaviour, it's enough to add
That "little bit" may be arbitrarily long, but the main problems are that
I'd also recommend looking into systemd socket activation, which is somewhat more involved than notify support, but nicely sidesteps the question of ordering. |
So how do I work around this before 4.5.3 milestone? Is it by using |
Yes, this should work. But be sure that it is safe to do so in your network. |
This is a boot-time race condition appearing with automatic discovery of listener addresses.
When coturn is starts up without any explicit listener addresses configured, it automatically detects them on startup. By default, it will listen to all available non-local addresses. If it cannot discover any non-local address, startup will fail. (Error log: "0: main: Cannot configure any meaningful IP listener address")
Many installation instructions recommend configuring coturn without specific listener addresses set (e.g. this one, which brought me here: https://nextcloud-talk.readthedocs.io/en/latest/TURN/)
Analysis
The systemd service file for coturn has "After=network.target" in it. This only means that the network is generally up, but it does not require non-local addresses configured.
This is usually no problem if the user starts the service manually, because the network is completely configured at this time. In contrast, during boot up systemd may well launch coturn before IP addresses are fully configured, causing start up to fail.
Solutions
There are two possible solutions:
Doing this I see from the logs that my coturn server keeps trying to bind to these addresses, which in my case takes 27 attempts, but then works. And there's another problem I can't get around this way (unless you have static IPs): I cannot be sure about my machine's IPv6 address, as this may be changed by my provider at any time. So I cannot specify my IPv6 listener address in turnserver.conf.
This will make systemd delay the start of coturn, until all network interfaces have their IPs configured.
See https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ for a discussion.
The second option works fine for me, but there may be disadvantages of using "network-online" instead of "network". In particular it may(?) slow down the boot process unnecessarily in case of static IPs.
Suggestion
Change target "network" to "network-online" in the systemd service file. This will make coturn start up correctly for all users. If this is not desirable, at least warn users who use coturn without explicit listener addresses configured that startup upon boot is likely to fail.
The text was updated successfully, but these errors were encountered: