YunoHost-Apps / galene_ynh

Galène package for YunoHost
https://galene.org/
GNU General Public License v3.0
10 stars 3 forks source link

Connecting coturn_ynh fails (relay-test timeout) #105

Open jakobkilian opened 1 year ago

jakobkilian commented 1 year ago

Describe the bug

Installed coturn_ynh as I wanted to solve this issue. Sometimes people still can't see the video streams of others in galene (opened an issue a while ago) and I thought this might be related, too. I checked if the TURN server is available with the Trickle ICE tool –> working. I followed the galene_ynh docu for using an own turn server, but the relay-test (in the chat box in galene) fails. I tried the use-auth-secret and the lt-cred-mech mode with no success (Trickle ICE worked for both). In the logs (sudo journalctl -u coturn) I can only find a note that the relay-test failed. Where can I find verbose information like auth fail or an error code?

Context

jakobkilian commented 1 year ago

Some more info on that case. Hope that helps, please tell me if I can get any other log...

Note: I changed the actual domain to MYDOMAIN on purpose.

jakobkilian commented 1 year ago

Would be very happy to receive tips on how I can debug the problem further :)

ericgaspar commented 1 year ago

Did you actually experienced issues with Galène build in Turn server?

jakobkilian commented 1 year ago

Did you actually experienced issues with Galène build in Turn server?

Hmm, the relay-test with the internal did work. I just had the "Port 1194 is not reachable from outside in IPv6" Issue and then read, that the internal Turn server generally does not support IPV6. Still about 5 % of the people cannot participate in video calls (or have to change their machine) – most of the time they can enter the call and listen but video streams are not visible. As these people sometimes use iPads (difficult to debug) or are "external" people (which I cannot easily ask to send me their logs for debugging) I didn't really come further and therefore though I check the IPV6 reachability. Very often people with problems were using eduroam or company internal Wifis...

Wrong derivation?

jech commented 1 year ago

Two things come to mind.

  1. Port 5349 is normally for TURN over (D)TLS, which Galene does not support. Are you sure that you didn't mean to specify port 3478?
  2. Both ports 3478 and 5349, are often blocked in Eduroam networks. I recommend switching to either port 1149 (OpenVPN) or port 10000 (Cisco VPN server), which are more likely to be open.
jakobkilian commented 1 year ago

Ah, thanks. that wasn't clear to me. The standard config actually has the listening-port=3478 line commented in /etc/turnserver.conf so there never was a TCP/UDP port open. So I uncommented, restarted and tested (using turn:turn.krakelee.org:3478 with the Trickle ICE tool) with both 3478 and 1149 with no success. Nevertheless the turn server is still reachable with 5349...

Is there any other setting in coturn_ynh that I need to set to activate TCP/UDP?

jech commented 1 year ago
  1. Make sure that the Galene log says « relay test successful ».
  2. Log into Galene and type « /relay-test ». It should report success.
  3. Repeat the test (2) on the client that has an issue.
jakobkilian commented 1 year ago

Sorry, maybe I didn't express myself correctly: I can't do 1, 2 or 3 because the coturn server is not accessible via UDP/TCP. However, this is a matter concerning coturn_ynh, I might create an issue there if I don't get any further.

jakobkilian commented 1 year ago

Shame on me, I had blocked the UDP port despite checking several times → now I can reach the coturn server on 1149 from outside with UDP/TCP. Unfortunately, everything remains the same with Galene:

12:05:13 Relay test failed: timeout
12:05:13 Perhaps you didn't configure a TURN server?

my /var/www/galene/live/data/ice-servers.json is:

[
        {
                "urls": [
                        "turn:turn.MYDOMAIN.org:1149",
                        "turn:turn.MYDOMAIN.org:1149?transport=tcp"
                ],
                "username": "test",
                "credential": "test123"
        }
]

With exactly those creds I can reach it with the Trickle ICE tool...