Ceci est une ancienne révision du document !
Table des matières
Service TURN
| Paramètre | Valeur |
|---|---|
| FQDN | turn.chapril.org |
| Port | 3478 (tcp/udp) |
| Secret | Voir le pass |
Un serveur TURN est un relais qui pallie l'impossibilité d'établir des liaisons pair à pair, notamment pour le trafic SIP ou WebRTC.
Voir :
Compte rendu d'installation
DNS
On ajoute un enregistrement dans les zones DNS chapril et chapril-int.
On n'oublie pas le serial.
Installation de Coturn
L'installation consiste essentiellement à suivre ce tutoriel : https://help.nextcloud.com/t/howto-setup-nextcloud-talk-with-turn-server/30794.
Donc on installe Coturn :
apt install coturn
On configure le service :
- /etc/turnserver.conf
listening-port=3478 fingerprint use-auth-secret static-auth-secret=XXXXXXXXXXXXXXXXXXXXX realm=turn.chapril.org total-quota=100 bps-capacity=0 no-stdout-log log-file=/var/log/turn.log syslog simple-log no-multicast-peers no-cli
On redémarre de daemon :
systemctl restart coturn
Firewall
Sur la VM
On déclare un service turn :
- /etc/firehol/services/turn.conf
#FHVER: 1:213 # La premiere ligne ci dessus est nécessaire !! server_turn_ports="tcp/3478 udp/3478" client_turn_ports="default"
Et on ajoute l'ouverture du service dans firehol-ext2me.conf et firehol-lan2me.conf
server turn accept
Sur les hyperviseurs
On déclare un service TURN :
- /etc/firehol/services/turn.conf
#FHVER: 1:213 # La premiere ligne ci dessus est nécessaire !! server_turn_ports="tcp/3478 udp/3478" client_turn_ports="default"
Et on ajoute le service TURN dans la liste des services à ouvrir et (pour IPv4) à rediriger vers la VM Allo :
["turn"]='( "3478" "tcp udp" "192.168.1.64" "2a01:4f8:10b:c41::64" "2a01:4f8:10b:c42::64")'
Test
Coturn fourni un utilitaire de test. Malheureusement il n'est pas packagé séparément. On installe donc un Coturn minimal sur sa station de travail et on le désactive :
sudo apt install coturn --no-install-recommends sudo systemctl disable coturn sudo systemctl stop coturn
Une fois installé on teste le service :
turnutils_uclient -v turn.chapril.org -W XXXXXXXXXXXXXXXXX -t
0: IPv4. Connected from: 192.168.8.101:59510 0: IPv4. Connected to: 88.99.233.240:3478 0: allocate sent 0: allocate response received: 0: allocate sent 0: allocate response received: 0: success 0: IPv4. Received relay addr: 192.168.1.64:52198 0: clnet_allocate: rtv=2985305615676396384 0: refresh sent 0: refresh response received: 0: success 0: IPv4. Connected from: 192.168.8.101:59512 0: IPv4. Connected to: 88.99.233.240:3478 0: IPv4. Connected from: 192.168.8.101:59514 0: IPv4. Connected to: 88.99.233.240:3478 0: allocate sent 0: allocate response received: 0: allocate sent 0: allocate response received: 0: success 0: IPv4. Received relay addr: 192.168.1.64:52199 0: clnet_allocate: rtv=0 0: refresh sent 0: refresh response received: 0: success 0: allocate sent 0: allocate response received: 0: allocate sent 0: allocate response received: 0: success 0: IPv4. Received relay addr: 192.168.1.64:54112 0: clnet_allocate: rtv=14986022966068701615 0: refresh sent 0: refresh response received: 0: success 0: channel bind sent 1: cb response received: 1: success: 0x69e2 1: channel bind sent 1: cb response received: 1: success: 0x69e2 1: channel bind sent 1: cb response received: 1: success: 0x40dd 1: channel bind sent 1: cb response received: 1: success: 0x40dd 1: channel bind sent 1: cb response received: 1: success: 0x6c59 1: Total connect time is 2 1: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0 2: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0 3: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0 4: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0 5: start_mclient: msz=2, tot_send_msgs=5, tot_recv_msgs=0, tot_send_bytes ~ 500, tot_recv_bytes ~ 0 ...
Monitoring
C'est un peu un OVNI à superviser. On supervise la présence du processus et la capacité à ouvrir une connexion TCP depuis l'extérieur.