Re: How get I video working on a new installation on Fedora Server?
Hello All, sorry for top posting :( The discussion is now a bit hard to follow :(( I have created my version of Coturn config based on this: https://stackoverflow.com/questions/35766382/coturn-how-to-use-turn-rest-api guide It works for me for years :) I also got warning regarding conflicting options, but have no time to investigate ... So I'm using what working :) "kurento.turn.user" might be left blank but, if i remember correctly, it was useful for debugging and for TURN server testing According to ports: - port is KMS port, it might be left open in case you would like to allow your users to directly connect to media server, and reduce TURN server load In fact TURN server might work as STUN i.e. can provide the way to establish connections between devices at private networks that can be behind firewalls) OR as TURN server: it can work as full proxy to pass multimedia to KMS I'm starting all OM related services under user nobody to make system more secure :) @Peter, I've just have checked your set-up (can be done via video-testing app: https://148.251.152.52:5443/openmeetings/hash?app=settings) And it seems your TURN server is EMPTY :( have you restarted OM after openmeetings.properties modification? :) On Wed, 27 Sept 2023 at 08:01, Guofeng Zhang wrote: > > Hi, > > I just installed OM 7.1.0 a few days ago, and I don’t know much about the > various components of OM. A few notes for my situation: > > lt-cred-mech: It shoul be commented out like "#lt-cred-mech", becuase here we > use use-auth-secret. > > kurento.turn.user=fedorian: It should be "kurento.turn.user=" the same reason > as above. > > Port range 49152-65535, it is used for video/audio streaming when > conferencing, which coTrun bridge the steaming between the client and media > server (here Kurento) in many case. > > Best regards > > Guofeng > > > > On Wed, Sep 27, 2023 at 4:39 AM Peter Boy wrote: >> >> Hi all, >> >> For sake of simplicity, I answer to all mails in one go. >> >> >> > Am 26.09.2023 um 02:50 schrieb Guofeng Zhang : >> > >> > Hi, >> > >> > I met the same issue as yours after the installation. You please first >> > verify if CoTurn is set up correctly. Using stunclient from >> > https://www.stunprotocol.org/ to check if CoTurn setup correctly >> > stunclient 3478 >> > It should prompt "Binding test: success" if the setup is ok. >> >> Great hint. I got on a request from my desktop to the server: >> >> Binding test: success >> Local address: 192.168.158.120:54174 >> Mapped address: 87.150.96.84:54174 >> >> But the —-mode behavior test failed. >> >> But obviously the basic functionality works. >> >> >> > IIf there is any error message prompted, you please verify if the >> > following ports are opened by your firewall. For me, this is the root >> > cause (I opened port 3478 UDP, but forgot opening port 3478 TCP). >> > >> > 3478 TCP-UDP IN >> > 5443 TCP IN >> > TCP IN >> > 49152:65535 UDP IN-OUT >> >> I think, the ports are OK: >> >> [root@letsmeet ~]# firewall-cmd --list-all >> FedoraServer (active) >> target: default >> icmp-block-inversion: no >> interfaces: enp1s0 >> sources: >> services: cockpit dhcpv6-client http https mdns ssh >> ports: 5443/tcp 3478/tcp 3478/udp /tcp 49152-65535/udp >> protocols: >> forward: yes >> masquerade: no >> >> The firewall blocks no outgoing traffic at all. >> >> But I wandering about port . As far as I get it, this port is for >> communication between OM and Kurento using the localhost interface. >> >> Or is there any incoming traffic from the clients? >> >> And the Port range 49152-65535, Isn’t it used by Kurento initializing p2p >> traffic to the clients. So Kurento is opening the port anyway? >> >> >> >> > But if your CoTurn runs on a VM in a cloud lik AWS, you should google to >> > know how to configure CoTurn specially, like: >> > external-ip=/ >> > listening-ip= >> > relay-ip= >> >> My VM is running on my own root Server in a data center. So that’s not a >> problem here. But I take that for the Fedora Server documentation when I >> manage to get it running. >> >> > >> > Hope the above is helpful to you. >> >> Yes, it is. Thanks! >> >> >> >> >> > Am 26.09.2023 um 06:31 schrieb Maxim Solodovnik : >> > >> >> ……. >> > >> > Our current demo server (and Dockerized Ubuntu 22) versions will work >> > with Dokerized KMS >> > KMS natively supports Ubuntu 20 only :( >> > >> > TURN server (listening ports 3478 TCP+UDP AND ports being used for >> > proxy 49152:65535 UDP IN-OUT) should be public >> > In all my configurations I'm using TURN at the same server as OM and KMS >> > >> > Coturn config should be as simple as >> > https://lists.apache.org/thread/x4rl7xjq6fnfy6nyl5c6lhmp57fdf4br >> >> The source says: >> fingerprint >> lt-cred-mech >> use-auth-secret >> static-auth-secret=** >> realm=om.alteametasoft.com >> stale-nonce=0 >> proc-user=nobody >> proc-group=nogroup >> >> I couldn’t switch the user to nobody.
Re: How get I video working on a new installation on Fedora Server?
Hi, I just installed OM 7.1.0 a few days ago, and I don’t know much about the various components of OM. A few notes for my situation: lt-cred-mech: It shoul be commented out like "#lt-cred-mech", becuase here we use use-auth-secret. kurento.turn.user=fedorian: It should be "kurento.turn.user=" the same reason as above. Port range 49152-65535, it is used for video/audio streaming when conferencing, which coTrun bridge the steaming between the client and media server (here Kurento) in many case. Best regards Guofeng On Wed, Sep 27, 2023 at 4:39 AM Peter Boy wrote: > Hi all, > > For sake of simplicity, I answer to all mails in one go. > > > > Am 26.09.2023 um 02:50 schrieb Guofeng Zhang : > > > > Hi, > > > > I met the same issue as yours after the installation. You please first > verify if CoTurn is set up correctly. Using stunclient from > https://www.stunprotocol.org/ to check if CoTurn setup correctly > > stunclient 3478 > > It should prompt "Binding test: success" if the setup is ok. > > Great hint. I got on a request from my desktop to the server: > > Binding test: success > Local address: 192.168.158.120:54174 > Mapped address: 87.150.96.84:54174 > > But the —-mode behavior test failed. > > But obviously the basic functionality works. > > > > IIf there is any error message prompted, you please verify if the > following ports are opened by your firewall. For me, this is the root cause > (I opened port 3478 UDP, but forgot opening port 3478 TCP). > > > > 3478 TCP-UDP IN > > 5443 TCP IN > > TCP IN > > 49152:65535 UDP IN-OUT > > I think, the ports are OK: > > [root@letsmeet ~]# firewall-cmd --list-all > FedoraServer (active) > target: default > icmp-block-inversion: no > interfaces: enp1s0 > sources: > services: cockpit dhcpv6-client http https mdns ssh > ports: 5443/tcp 3478/tcp 3478/udp /tcp 49152-65535/udp > protocols: > forward: yes > masquerade: no > > The firewall blocks no outgoing traffic at all. > > But I wandering about port . As far as I get it, this port is for > communication between OM and Kurento using the localhost interface. > > Or is there any incoming traffic from the clients? > > And the Port range 49152-65535, Isn’t it used by Kurento initializing p2p > traffic to the clients. So Kurento is opening the port anyway? > > > > > But if your CoTurn runs on a VM in a cloud lik AWS, you should google to > know how to configure CoTurn specially, like: > > external-ip=/ > > listening-ip= > > relay-ip= > > My VM is running on my own root Server in a data center. So that’s not a > problem here. But I take that for the Fedora Server documentation when I > manage to get it running. > > > > > Hope the above is helpful to you. > > Yes, it is. Thanks! > > > > > > Am 26.09.2023 um 06:31 schrieb Maxim Solodovnik : > > > >> ……. > > > > Our current demo server (and Dockerized Ubuntu 22) versions will work > > with Dokerized KMS > > KMS natively supports Ubuntu 20 only :( > > > > TURN server (listening ports 3478 TCP+UDP AND ports being used for > > proxy 49152:65535 UDP IN-OUT) should be public > > In all my configurations I'm using TURN at the same server as OM and KMS > > > > Coturn config should be as simple as > > https://lists.apache.org/thread/x4rl7xjq6fnfy6nyl5c6lhmp57fdf4br > > The source says: > fingerprint > lt-cred-mech > use-auth-secret > static-auth-secret=** > realm=om.alteametasoft.com > stale-nonce=0 > proc-user=nobody > proc-group=nogroup > > I couldn’t switch the user to nobody. Fedora create a user coturn, so the > proc is not running with root privileges. > > And regarding lt-cred-mech the docs say: > > # Be aware that use-auth-secret overrides some parts of lt-cred-mech. > # The use-auth-secret feature depends internally on lt-cred-mech, so if > you set > # this option then it automatically enables lt-cred-mech internally > # as if you had enabled both. > # > # Note that you can use only one auth mechanism at the same time! This is > because, > # both mechanisms conduct username and password validation in different > ways. > # > # Use either lt-cred-mech or use-auth-secret in the conf > # to avoid any confusion. > # > #use-auth-secret > use-auth-secret > > And the log gave a warning. > > > > > > `openmeetings.properties` file should have > > > > ### localhost IP in case KMS and OM are at the same server > > kurento.ws.url=ws://127.0.0.1:/kurento > > > > ### this URL must be *Public* IP+PORT, like 8.8.8.8:3478 > > kurento.turn.url= > > > > ### can be any string, for ex: fedora-user > > kurento.turn.user= > > > > ### this one should match *static-auth-secret* fron coturn config > > kurento.turn.secret= > > > > kurento.turn.mode=rest > > > > My Kurento section is now: > > ## Kurento ## > kurento.ws.url=ws://127.0.0.1:/kurento > kurento.turn.url=148.251.152.52:3478 > kurento.turn.user=fedorian >
Re: How get I video working on a new installation on Fedora Server?
Hi all, For sake of simplicity, I answer to all mails in one go. > Am 26.09.2023 um 02:50 schrieb Guofeng Zhang : > > Hi, > > I met the same issue as yours after the installation. You please first verify > if CoTurn is set up correctly. Using stunclient from > https://www.stunprotocol.org/ to check if CoTurn setup correctly > stunclient 3478 > It should prompt "Binding test: success" if the setup is ok. Great hint. I got on a request from my desktop to the server: Binding test: success Local address: 192.168.158.120:54174 Mapped address: 87.150.96.84:54174 But the —-mode behavior test failed. But obviously the basic functionality works. > IIf there is any error message prompted, you please verify if the following > ports are opened by your firewall. For me, this is the root cause (I opened > port 3478 UDP, but forgot opening port 3478 TCP). > > 3478 TCP-UDP IN > 5443 TCP IN > TCP IN > 49152:65535 UDP IN-OUT I think, the ports are OK: [root@letsmeet ~]# firewall-cmd --list-all FedoraServer (active) target: default icmp-block-inversion: no interfaces: enp1s0 sources: services: cockpit dhcpv6-client http https mdns ssh ports: 5443/tcp 3478/tcp 3478/udp /tcp 49152-65535/udp protocols: forward: yes masquerade: no The firewall blocks no outgoing traffic at all. But I wandering about port . As far as I get it, this port is for communication between OM and Kurento using the localhost interface. Or is there any incoming traffic from the clients? And the Port range 49152-65535, Isn’t it used by Kurento initializing p2p traffic to the clients. So Kurento is opening the port anyway? > But if your CoTurn runs on a VM in a cloud lik AWS, you should google to know > how to configure CoTurn specially, like: > external-ip=/ > listening-ip= > relay-ip= My VM is running on my own root Server in a data center. So that’s not a problem here. But I take that for the Fedora Server documentation when I manage to get it running. > > Hope the above is helpful to you. Yes, it is. Thanks! > Am 26.09.2023 um 06:31 schrieb Maxim Solodovnik : > >> ……. > > Our current demo server (and Dockerized Ubuntu 22) versions will work > with Dokerized KMS > KMS natively supports Ubuntu 20 only :( > > TURN server (listening ports 3478 TCP+UDP AND ports being used for > proxy 49152:65535 UDP IN-OUT) should be public > In all my configurations I'm using TURN at the same server as OM and KMS > > Coturn config should be as simple as > https://lists.apache.org/thread/x4rl7xjq6fnfy6nyl5c6lhmp57fdf4br The source says: fingerprint lt-cred-mech use-auth-secret static-auth-secret=** realm=om.alteametasoft.com stale-nonce=0 proc-user=nobody proc-group=nogroup I couldn’t switch the user to nobody. Fedora create a user coturn, so the proc is not running with root privileges. And regarding lt-cred-mech the docs say: # Be aware that use-auth-secret overrides some parts of lt-cred-mech. # The use-auth-secret feature depends internally on lt-cred-mech, so if you set # this option then it automatically enables lt-cred-mech internally # as if you had enabled both. # # Note that you can use only one auth mechanism at the same time! This is because, # both mechanisms conduct username and password validation in different ways. # # Use either lt-cred-mech or use-auth-secret in the conf # to avoid any confusion. # #use-auth-secret use-auth-secret And the log gave a warning. > > `openmeetings.properties` file should have > > ### localhost IP in case KMS and OM are at the same server > kurento.ws.url=ws://127.0.0.1:/kurento > > ### this URL must be *Public* IP+PORT, like 8.8.8.8:3478 > kurento.turn.url= > > ### can be any string, for ex: fedora-user > kurento.turn.user= > > ### this one should match *static-auth-secret* fron coturn config > kurento.turn.secret= > > kurento.turn.mode=rest > My Kurento section is now: ## Kurento ## kurento.ws.url=ws://127.0.0.1:/kurento kurento.turn.url=148.251.152.52:3478 kurento.turn.user=fedorian kurento.turn.secret=500647a15be4f9cef63a8a5208042cfbfbc50f6ac28b1c10f901ee1caedf8421 kurento.turn.mode=rest ## minutes kurento.turn.ttl=60 ## milliseconds kurento.check.timeout=1 ## milliseconds kurento.object.check.timeout=200 kurento.watch.thread.count=10 kurento.flowout.timeout=5 ## please ensure this one is unique, better to regenerate it from time to time ## can be generated for ex. here https://www.uuidtools.com kurento.kuid=df992960-e7b0-11ea-9acd-337fb30dd93d ## this list can be space and/or comma separated kurento.ignored.kuids= ## See https://doc-kurento.readthedocs.io/en/latest/features/security.html#media-plane-security-dtls ## possible values: RSA, or ECDSA (capital-case) kurento.certificateType= > hope this helps :) It does, yes, although I still get the error message: ERROR: check_stun_auth: Cannot find credentials of user
Re: How get I video working on a new installation on Fedora Server?
...this dd USB stick burn works for me on Mac: sudo diskutil list ...look for your pendrive... sudo diskutil unmountDisk /dev/diskN ...replace last N for your pendrive number-disk... sudo dd if=./Live_OpenMeetings_7.1.0_on_Ubuntu_18.04_lts.iso of=/dev/diskN bs=1m ...replace last N for your pendrive number-disk and fill the empty spaces in the name "Live OpenMeetings 7.1.0" When finish will show something similar to this: 88+0 records in 388+0 records out 406847488 bytes transferred in 94.024237 secs (4327049 bytes/sec) = # Respect to configuration Turn server and other, only can say...please follow pdf tutorial. There is any information. --- On Mon, 25 Sep 2023 21:00:37 +0200 Peter Boy wrote: > Hi > > > Am 25.09.2023 um 18:57 schrieb Alvaro : > > > > ...i made the bootable iso on USB with "Rufus" on Windows. > > Too bad, I don't have Windows. Only Linux and macOS. Hopefully, I may find > someone around who still uses Windows and is a bit adventurous with their > precious system. > > > > The tutorial works on the following path: > > > > /opt/open710 > > > > ...and you are working on: > > > > "And in /opt/openmeetings/…./kurento.properties" > > > > Maybe you are working on some right path and > > other times on /opt/openmeetings/, and therefore > > the differents configurations no coincide. > > Well, I used openmeetings instead of open710. I just checked again, I did it > consistently. > > > Obviously, there is a communication block between KMS and coturn. > > Is there a third location where I have to specify the the secret? > > And do I use the correct IP configuration? > > > > Thanks again > > Peter > > > > > > > --- > > > > > > > > On Mon, 25 Sep 2023 17:53:28 +0200 > > Peter Boy wrote: > > > >> Hi Alvaro, > >> > >> Thanks for the info > >> > >>> Am 25.09.2023 um 11:21 schrieb Alvaro : > >>> > >>> > >>> > >>> You said: > >>> > >>> "But the video is only displayed for each local > >>> user on their own machine" > >>> > >>> ...That is happen to me when the server is not > >>> connected to Internet. When is connected to Internet > >>> any user can see the cam of the other users. > >>> > >>> About the live iso in the tutorial section it can > >>> be booted from USB memory stick. > >> > >> How get I the iso onto the stick? I tried balenaEtcher which got me just > >> one hidden partition on the stick, not recognized as bootable, and I tried > >> dd, which got me the same (id 17 HPFS/NTFS) and a warning about iso9660 > >> signature. The partition was marked as bootable but not recognized as > >> bootable by BIOS. I can mount the partition and get 4 directories. > >> Unfortunately, I have no idea how to make it bootable. > >> > >> > >>> Attached my turn.log file running some minutes ago > >>> with succes. > >> > >> I got the same with some differences regarding the interfaces. But after I > >> connected to the server I got > >> In /var/log/coturn/turnserver.log : > >> > >> 3: (1947): DEBUG: turn server id=3 created > >> 3: (1943): INFO: Total auth threads: 3 > >> 3: (1943): INFO: turnserver compiled without prometheus support > >> 1661: (1945): ERROR: check_stun_auth: Cannot find credentials of user > >> <1695643791:cbb57dbd-240c-4f61-b801-efe0886c2d7f> > >> 1661: (1944): ERROR: check_stun_auth: Cannot find credentials of user > >> <1695643791:cbb57dbd-240c-4f61-b801-efe0886c2d7f> > >> (repeatedly) > >> > >> So I must have missed an important part of your guide, but I don’t get it. > >> > >> I generated the secret using openssl and got > >> 500647a15be4f9cef63a8a5208042cfbfbc50f6ac28b1c10f901ee1caedf8421 > >> > >> I edited /etc/coturn/turnserver: > >> > >>> < > >> ... > >> # Listener interface device (optional, Linux only). > >> # NOT RECOMMENDED. > >> # > >> #listening-device=eth0 > >> > >> # TURN listener port for UDP and TCP (Default: 3478). > >> # Note: actually, TLS & DTLS sessions can connect to the > >> # "plain" TCP & UDP port(s), too - if allowed by configuration. > >> # > >> #listening-port=3478 > >> > >> # > >> #use-auth-secret > >> use-auth-secret > >> ... > >> # by a separate program, so this is why that mode is considered 'dynamic'. > >> # > >> #static-auth-secret=north > >> static-auth-secret=500647a15be4f9cef63a8a5208042cfbfbc50f6ac28b1c10f901ee1caedf8421 > >> > >> ... > >> # > >> #realm=mycompany.org > >> realm=letsmeet.commtalk.org > >> > >> # > >> #stale-nonce=600 > >> stale-nonce=0 > >>> < > >> > >> And in /opt/openmeetings/…./kurento.properties > >>> < > >> ## Kurento ## > >> kurento.ws.url=ws://127.0.0.1:/kurento > >> kurento.turn.url=148.251.152.52:3478 > >> kurento.turn.user= > >> kurento.turn.secret=500647a15be4f9cef63a8a5208042cfbfbc50f6ac28b1c10f901ee1caedf8421 > >> > >> kurento.turn.mode=rest > >>> < > >> > >> > >> > >> What do I miss? > >> > >>
