What are exact calling conditions for TURN proxy?

Community Beginner ,
Apr 13, 2009

Copy link to clipboard

Copied

Hi,

I have continued exploring how to set up a TURN proxy.

I am using reSIProcate.1.4 as a starting point.

Now I have deployed this product on a server, specified RTMFPTURNProxy=ip-addr in mm.cfg, and blocked outbound UDP to the peer I am talking to.

Now, I don't see any attempt of my app to visit the proxy.

I am using Wireshark to monitor the network.

What could be the reason?

Under what conditions will Flash 10 attempt to access peer via the proxy?

I am now working in the blind... please give me some clue. Thanks.

- Frans

Views

7.1K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

What are exact calling conditions for TURN proxy?

Community Beginner ,
Apr 13, 2009

Copy link to clipboard

Copied

Hi,

I have continued exploring how to set up a TURN proxy.

I am using reSIProcate.1.4 as a starting point.

Now I have deployed this product on a server, specified RTMFPTURNProxy=ip-addr in mm.cfg, and blocked outbound UDP to the peer I am talking to.

Now, I don't see any attempt of my app to visit the proxy.

I am using Wireshark to monitor the network.

What could be the reason?

Under what conditions will Flash 10 attempt to access peer via the proxy?

I am now working in the blind... please give me some clue. Thanks.

- Frans

Views

7.1K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Apr 13, 2009 0
Adobe Employee ,
Apr 14, 2009

Copy link to clipboard

Copied

the most important thing is it's mms.cfg, not mm.cfg.  be sure you have the file in the correct location for your platform (for example, on the Mac it's "/Library/Application Support/Macromedia/mms.cfg").  this file is only read when Flash Player starts up.  you may need to quit your web browser and restart it to ensure the file has been re-read.

if RTMFPTURNProxy is defined in your mms.cfg file, then Flash Player will attempt to open a connection to the TURN proxy when you create a NetConnection and connect it to an RTMFP URI, so if you have it configured correctly you should see traffic immediately.  the TURN proxy then becomes an additional, remote interface for the NetConnection (in addition to your local IPv4 and IPv6 network interfaces).  connections to the server and to peers are tried simultaneously through all available interfaces.  typically, if a local interface can work, it will win the race.  if they can't work, then the TURN interface will probably succeed eventually.  Flash Player 10.0 adds an extra delay to the TURN interface to try to give more of a chance for the local interface(s) to work.  however, we've found this behavior to mostly be undesirable, so the artificial delay may be changed or removed in a future release.

-mike

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 14, 2009 0
Community Beginner ,
Apr 14, 2009

Copy link to clipboard

Copied

Pls find attached the log from a test session using a manipulated version of reSIProcate1.4.

I switched off the fallback in my app to FMS, so I wait more than long enough

The config is one with two client behind the same Cone NAT, one that normally let's me work with Flash 10 / Stratus with no problems.

To simulate my customer situation I blocked internal UDP traffic from one machine to the other as follows:

sudo ipfw -q add deny udp from 192.168.0.100 to 192.168.0.101

I just assume that it is perfectly OK by design if only one side uses the proxy, the other not.

The ip addresses are as follows:

84.27.132.206 - my public IP, hiding both of my clients

76.74.170.60 - one of the Stratus servers

Do you see anything in particular that I could change to make this work?

- Frans

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 14, 2009 0
Community Beginner ,
Apr 15, 2009

Copy link to clipboard

Copied

And I did an experiment whereby both clients have a TURN proxy configured in mms.cfg.

You indeed now see both machines in the TURN server log, but still no comms.

- Frans

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 15, 2009 0
Adobe Employee ,
Apr 15, 2009

Copy link to clipboard

Copied

in the log, i see entries that look like (trimming some stuff out):

Received stun message: 104 bytes

stun magic cookie not found.

Turn Remote Address = 76.74.170.78:10000

Successfully parsed StunMessage: STUN Indication: Send, id 1111804880114189070411418907041-17104569751

TurnAllocation sendDataToPeer: clientLocal=[UDP 0.0.0.0:3478] clientRemote=[UDP 84.27.132.206:51033] requested=[UDP 0.0.0.0:49152] peerAddress=[UDP 76.74.170.78:10000]

this is a TURN send indication, which makes a UDP packet get sent.  in this case, it's sending to 76.74.170.78:10000.  as of TURN draft 8, sending a packet like this is supposed to enable a return permission, so that packets coming from that "peer address" will be allowed back to the TURN client.  however, almost immediately after this send indication in the log file, you'll see

Read 52 bytes from udp relay socket (76.74.170.78:10000):
sendDataToClient RemotePeer info not found - discarding data: clientLocal=[UDP 0.0.0.0:3478] clientRemote=[UDP 84.27.132.206:51033] requested=[UDP 0.0.0.0:49152] peerAddress=[UDP 76.74.170.78:10000]

so even though it just sent data to that address and is getting back a reply, AND it can look up the TURN client, it doesn't think it's seen anything from that address before, so it discards this packet rather than relaying it to the client (Flash Player).
that and complaining about "stun magic cookie not found" is bogus.  i'm looking at the source code and a packet dump right now, and we're sending the "STUN magic cookie" from RFC 5389 (0x2112a442 in network byte order) just as it was defined for TURN draft 8.
it feels like there are bugs in that TURN server.

-mike

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 15, 2009 0
Community Beginner ,
Apr 26, 2009

Copy link to clipboard

Copied

I solved the bugs: magic cookie was tested and created in reversed order, and code made assumption that channelbind call was done, but Flash uses Send and Data Indications. Everything works perfect now.

And of course my next question now is: is there any other way we can configure the proxy name sowhere is the api? I haven't found it, and you haven't suggested it, but still want to give it a try.

We now have to bother end users as well as their IT support. It would be ideal if we could fully control this from the app.

- Frans

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 26, 2009 0
New Here ,
Aug 05, 2010

Copy link to clipboard

Copied

Did you ever find out where we can configure the proxy name sowhere in the api? I don`t whant to bother users to edit their mms.cfg

Maybe someone else?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Aug 05, 2010 0
Community Beginner ,
Aug 05, 2010

Copy link to clipboard

Copied

Unfortunately not!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Aug 05, 2010 0
Adobe Employee ,
Aug 06, 2010

Copy link to clipboard

Copied

there is no API to configure the RTMFP TURN proxy.  it can only be set in mms.cfg.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Aug 06, 2010 0
New Here ,
Sep 08, 2010

Copy link to clipboard

Copied

I'm using Resiprocate 1.6 and I set RTMFPTURN proxy, and I changed ReturnConfig.cxx  mAuthenticationMode(LogTermPassword) to NoAuthentication because I found that flash player support draft-08 without authentication, but I still kept getting "WARNING | 20100908-102816.647 | reTurnServer | RETURN | 3081141136 | RequestHandler.cxx:480 | Turn allocate request without authentication.  Sending 401.
". From mms.cfg I only can set the RTMFPproxy,  I don't know how I can set  username("test") from flash. Thanks a lot.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 08, 2010 0
Community Beginner ,
Sep 08, 2010

Copy link to clipboard

Copied

You can't pass userid from Flash. I had to patch authentication out in 1.5. I can deliver patch file if you wish. Did not check 1.6 yet. No plan to do so soon.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 08, 2010 0
New Here ,
Sep 08, 2010

Copy link to clipboard

Copied

Thank you so much, yes please send me the patch file and I will try to see if it can work for 1.6.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 08, 2010 0
Community Beginner ,
Sep 08, 2010

Copy link to clipboard

Copied

Pls send mail addres. Rather not send via forum.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 08, 2010 0
New Here ,
Sep 08, 2010

Copy link to clipboard

Copied

I sent my email address tofmaas@incontext.nl, thanks again

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 08, 2010 0
New Here ,
Sep 08, 2010

Copy link to clipboard

Copied

email address deleted

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 08, 2010 0
New Here ,
Sep 08, 2010

Copy link to clipboard

Copied

I tried to modify the requestHandler.cxx to set the username and password, now when my flex app connects to reTurn, it won't give me that error. But I got new error "Segmentation fault"  from ./reTurnServer x.x.x.x 3478 5349 x.x.x.x 3479 when flash app connected to it

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 08, 2010 0