The server returned an error with code=701: STUN/TURN allocate request timed out.

[bruke291]

Hi everybody,

First, many thanks to everybody and so sorry for my English.

I'm beginer in this, i installed and configured Coturn, it looks good. But when i tried test with Trickle ICE tools i got error 701:

I have tried everything but it still fails.

Please help me! Thanks and best regards!

[bruke291]

@misi can you help me look into it please

[misi]

See for stun 701 error code: The standard

If no host candidate can reach the server, errorCode will be set to the value 701 which is outside the STUN error code range. This error is only fired once per server URL while in the RTCIceGatheringState of "gathering".

• https://www.w3.org/TR/webrtc/#dom-rtcpeerconnectioniceerrorevent-errorcode

The source of a browser implementation

• https://source.chromium.org/chromium/chromium/src/+/master:third_party/webrtc/api/transport/stun.cc;drc=837f13c84c41b2e507f5c38424414a57572632a2;l=108

So try to check your app signaling and server rechability from the client..

[bruke291]

Dear @misi,

Thanks for supporting me. Im suspecting the problem is that there are some un-open ports between min-port 49152 and max-port 65535, because i checked stun/turn url on browser and both port 3478 and 5349 are open. This is the list of detail specs:

I would appreciate it very much if you could provide me with a more detailed explanation or support, since my experience with setting up the server is still quite limited.

Thank you very much!

[bruke291]

See for stun 701 error code: The standard

If no host candidate can reach the server, errorCode will be set to the value 701 which is outside the STUN error code range. This error is only fired once per server URL while in the RTCIceGatheringState of "gathering".

• https://www.w3.org/TR/webrtc/#dom-rtcpeerconnectioniceerrorevent-errorcode

The source of a browser implementation

• https://source.chromium.org/chromium/chromium/src/+/master:third_party/webrtc/api/transport/stun.cc;drc=837f13c84c41b2e507f5c38424414a57572632a2;l=108

So try to check your app signaling and server rechability from the client..

About reachability, as i mentioned earlier, i checked everything i could, and i am suspecting the problem is that there are some un-open ports between min-port 49152 and max-port 65535.

[misi]

@bruke291 Unfortunately I am busy with the actual release. I can support you only latter.. Many thanks for your patience..

[misi]

Have you tested that from your browser machine you can create a tcp connection to the server tcp port? I use in my example server ip 127.0.0.1

You should see if e.g. telnet server port that telnet connection established.. connected

$ telnet 127.0.0.1 3478
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

And on server you should see if started with --verbose option

4: : IPv4. tcp or tls connected to: 127.0.0.1:47310

[bruke291]

@bruke291 Unfortunately I am busy with the actual release. I can support you only latter.. Many thanks for your patience..

@misi please, take your time. I appreciate all the help you have given me so far. Thank you very much!

[bruke291]

Have you tested that from your browser machine you can create a tcp connection to the server tcp port? I use in my example server ip 127.0.0.1

You should see if e.g. telnet server port that telnet connection established.. connected

$ telnet 127.0.0.1 3478
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

And on server you should see if started with --verbose option

4: : IPv4. tcp or tls connected to: 127.0.0.1:47310

Yes i can create a tcp connection to my server with tcp port. Im using this command: telnet 127.0.0.1 3478 and the result is the same as yours 29: IPv4. tcp or tls connected to: 127.0.0.1:59062

And when I apply the specs to the WebRTC demo, it works. But when i tried to test my STUN/TURN server on Trickle ICE I got an error like the Issue Title.

[LordDashMe]

Same issue here! No changes from the server config, this is working before but now this error message keep showing.

[plukito]

In my case, I added ?transport=tcp and it's working immediately because I opened the port as TCP. Check whether you open the port as UDP or TCP.

[LordDashMe]

Same issue here! No changes from the server config, this is working before but now this error message keep showing.

Update: In Firefox browser, no message shown related to that error. This message can only be seen on Chrome.

[ivanlukomskiy]

For me the cause of timeout was that I set up coturn without providing credentials.

Here is how I started the server: turnserver or turnserver --no-auth

When I tried to test this server with Trickle Ice, Google Chrome after a minute of wait showed "Not reachable" and in webrtc-internals I can see TURN allocate request timed out.

In Firefox i also got "Not reachable" and in webrtc log i could see Missing MESSAGE-INTEGRITY.

I did some checks with tcpdump and found out that server successfully received and processed TURN ALLOCATE request and responded back to the client. I also validated that response was received on the client-side.

As I understand, when coturn is used without auth, MESSAGE-INTEGRITY attribute is not included in the response and browsers reject such responses. Interestingly enough, unsafely-treat-insecure-origin-as-secure flag in chromium seems to disable message integrity validation and turn server check works fine!

TL/DR: Adding --auth=<user>:<password> --lt-cred-mech to the startup command fixed the issue for me:

turnserver --user=user:12345678 --lt-cred-mech

[v1shva]

In my case, I added ?transport=tcp and it's working immediately because I opened the port as TCP. Check whether you open the port as UDP or TCP.

This was the case for me, I had not open the port 3478 UDP, only 3478 TCP. After opening the port it was fixed.

[chrbsg]

I was getting this error with the trickle-ice sample in Chrome and "401: Unauthorized" in the turnserver log, apparently because the realm wasn't set in /etc/turnserver.conf, and the domainname wasn't set on the EC2 machine that I was testing coturn on. The comment in turnserver.conf says that in this case realm will default to an empty string, which seems to fail in Chrome, but works in Firefox.

I think the fix for this case should be that coturn explicitly disallows an empty realm, or uses a valid string default, instead of defaulting to "".

[praveenjha-github]

Hi @misi

I am facing an error message 701 in Gathering candidates of TURN server, could you please help:-

i have already started my turn server in terminal:-

after that i have gone to WebRTC ICE checking:-

As, you can see above there is an error 701 coming, so can you please tell that why am getting this error, following changes i have also done:-

1:- Checked my turnserver.conf file , but have only port 3478 opened in it.

2:- have also added (--auth=: --lt-cred-mech) in turnserver.conf file

3:- checked the firewall settings, have the port TCP opened in that

Any help, will be really appreciated.

[tyki6]

got the same problem All port are open, test telnet connection: OK, firefox: 0 error message, Chrome:

Note: errors from onicecandidateerror above are not neccessarily fatal. For example an IPv6 DNS lookup may fail but relay candidates can still be gathered via IPv4.
The server turn:turnxxxxxxxxx:3478?transport=tcp returned an error with code=701:
TURN host lookup received error.

any help will be appreciated

[manrajgrover]

I am also facing this issue.

I have a server that I access using ssh and I port forward the ports. I have port forwarded required ports, i.e. 3478, 5349, and a small range of ports:

min-port=49152 max-port=49155

I am able to access the Turn server (I get the "Done" in the Trickle ICE page on using transport as TCP [turn:localhost:3478?transport=tcp]). However, I'm unable to access the STUN server. The error is:

The server stun:localhost:3478 returned an error with code=701:
STUN allocate request timed out.

The page says: On the server, I am getting responses on running turnutils_stunclient -p 3478 localhost.

I feel I should set some configuration in order to get stun response to work over ssh.

[ideviant]

I'm using VPN in the client when got the 701 error. After turned off the VPN, the check passed.

[namdoel1412]

I'm using VPN in the client when got the 701 error. After turned off the VPN, the check passed.

I have the same problem.

[Neustradamus]

@ggarber: Can you look it?

[kamilk91]

1: IO method (general relay thread): epoll (with changelist) 1: turn server id=0 created 1: IPv4. SCTP listener opened on : 0.0.0.0:3478 1: IPv4. TCP listener opened on : 0.0.0.0:3478 1: IPv4. UDP listener opened on: 0.0.0.0:3478 1: Total General servers: 2 1: IO method (admin thread): epoll (with changelist) 1: IO method (auth thread): epoll (with changelist) 1: IO method (auth thread): epoll (with changelist) 1: SQLite DB connection success: /var/lib/turn/turndb 4: handle_udp_packet: New UDP endpoint: local addr 0.0.0.0:3478, remote addr 79.184.37.15:55434 4: session 001000000000000001: realm <webrtcserver.itstream.app> user <>: incoming packet BINDING processed, success 9: handle_udp_packet: New UDP endpoint: local addr 0.0.0.0:3478, remote addr 79.184.37.15:63833 9: session 000000000000000001: realm <webrtcserver.itstream.app> user <>: incoming packet BINDING processed, success 14: session 001000000000000001: realm <webrtcserver.itstream.app> user <>: incoming packet BINDING processed, success 19: session 000000000000000001: realm <webrtcserver.itstream.app> user <>: incoming packet BINDING processed, success

it looks like my server starting without port i specified as TLS in turnserver.conf:

tls-listening-port=5349  

[ggarber]

@ideviant @namdoel1412 It looks like your VPN is blocking the access to your TURN server. Can you check it is reachable like mentioned here https://github.com/coturn/coturn/issues/678#issuecomment-756635836 ?

Also can you check if your turn server is receiving any packet from your client with a packet sniffer?

I can take a look if you can provide that.

[tarkhil]

Okay, same problem here. TURN server is in container, I've mapped ports 3478 tcp/udp. 5349 tcp/udp, 10000-20000 udp

turnserver.conf

listening-port=3478
external-ip=my-extern-ip
min-port=10000
max-port=20000
fingerprint
verbose
no-auth
userdb=/var/lib/turn/turndb
realm=my-domain-name
syslog

tcpdump

21:14:30.691873 IP 109.252.33.32.1123 > 192.168.3.182.3478: UDP, length 20
21:14:30.692288 IP 192.168.3.182.3478 > 109.252.33.32.1123: UDP, length 92
21:14:30.752859 IP 109.252.33.32.1123 > 192.168.3.182.3478: UDP, length 28
21:14:30.753090 IP 192.168.3.182.3478 > 109.252.33.32.1123: UDP, length 88
21:14:30.824169 IP 109.252.33.32.1123 > 192.168.3.182.3478: UDP, length 68
21:14:30.824325 IP 192.168.3.182.3478 > 109.252.33.32.1123: UDP, length 64

syslog (realm omitted)

Nov 16 21:14:30 turn turnserver: 8: : session 001000000000000001: realm <> user <>: incoming packet BINDING processed, success
Nov 16 21:14:30 turn turnserver: 8: : IPv4. Local relay addr: 192.168.3.182:11868
Nov 16 21:14:30 turn turnserver: 8: : session 001000000000000001: new, realm=<>, username=<>, lifetime=600
Nov 16 21:14:30 turn turnserver: 8: : session 001000000000000001: realm <> user <>: incoming packet ALLOCATE processed, success
Nov 16 21:14:30 turn turnserver: 8: : session 001000000000000001: refreshed, realm=<>, username=<>, lifetime=0
Nov 16 21:14:30 turn turnserver: 8: : session 001000000000000001: realm <> user <>: incoming packet REFRESH processed, success
Nov 16 21:14:31 turn turnserver: 9: : session 001000000000000001: usage: realm=<>, username=<>, rp=3, rb=116, sp=3, sb=244
Nov 16 21:14:31 turn turnserver: 9: : session 001000000000000001: peer usage: realm=< >, username=<>, rp=0, rb=0, sp=0, sb=0
Nov 16 21:14:31 turn turnserver: 9: : session 001000000000000001: closed (2nd stage), user <> realm < > origin <>, local 192.168.3.182:3478, remote 109.252.33.32:1123, reason: allocation timeout
Nov 16 21:14:31 turn turnserver: 9: : session 001000000000000001: delete: realm=< >, username=<>

and "server returned code 701"

[eakraly]

Hi @tarkhil You are setting port range to 10000-20000 - can you pls verify if this port range is actually in the range of ephemeral ports that is used by OS of your container, host, and also exposed by the host? To my knowledge, it is not given that 10000-20000 will just work on any system.

I use debian based images (building my own) and setting port range to 32768-60999 and also explicitly allowing them in security group of infrastructure provider.

[tarkhil]

I've configured coturn on different server, with external IP (no port mapping).

Ports are opened on firewall (checked)

here is my tcpdump

listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:41:55.466592 IP 109.252.33.32.1340 > 88.212.205.9.3478: UDP, length 20
21:41:55.466759 IP 88.212.205.9.3478 > 109.252.33.32.1340: UDP, length 96
21:41:55.527076 IP 109.252.33.32.1340 > 88.212.205.9.3478: UDP, length 28
21:41:55.527206 IP 88.212.205.9.3478 > 109.252.33.32.1340: UDP, length 80
21:41:55.589623 IP 109.252.33.32.1340 > 88.212.205.9.3478: UDP, length 68
21:41:55.589705 IP 88.212.205.9.3478 > 109.252.33.32.1340: UDP, length 56
^C

here is my config (not too complex)

listening-port=3478
no-auth
userdb=/usr/local/var/db/turndb

here is my log

11: : session 003000000000000002: realm <> user <>: incoming packet BINDING processed, success
11: : IPv4. Local relay addr: 88.212.205.9:64668
11: : session 003000000000000002: new, realm=<>, username=<>, lifetime=600
11: : session 003000000000000002: realm <> user <>: incoming packet ALLOCATE processed, success
11: : session 003000000000000002: refreshed, realm=<>, username=<>, lifetime=0
11: : session 003000000000000002: realm <> user <>: incoming packet REFRESH processed, success
12: : session 003000000000000002: usage: realm=<>, username=<>, rp=3, rb=116, sp=3, sb=232
12: : session 003000000000000002: peer usage: realm=<>, username=<>, rp=0, rb=0, sp=0, sb=0
12: : session 003000000000000002: closed (2nd stage), user <> realm <> origin <>, local 88.212.205.9:3478, remote 109.252.33.32:1074, reason: allocation timeout
12: : session 003000000000000002: delete: realm=<>, username=<>

allocation timeout? What and how?

[tarkhil]

Hi @tarkhil You are setting port range to 10000-20000 - can you pls verify if this port range is actually in the range of ephemeral ports that is used by OS of your container, host, and also exposed by the host? To my knowledge, it is not given that 10000-20000 will just work on any system.

I use debian based images (building my own) and setting port range to 32768-60999 and also explicitly allowing them in security group of infrastructure provider.

I've used an unfirewalled virtual box with Ubuntu

My home PC talks something to port 3478, but

185: handle_udp_packet: New UDP endpoint: local addr 0.0.0.0:3478, remote addr 109.252.45.213:1113 185: session 003000000000000001: realm user <>: incoming packet BINDING processed, success 195: session 003000000000000001: realm user <>: incoming packet BINDING processed, success 205: session 003000000000000001: realm user <>: incoming packet BINDING processed, success 215: session 003000000000000001: realm user <>: incoming packet BINDING processed, success 245: session 003000000000000001: usage: realm=, username=<>, rp=4, rb=80, sp=4, sb=352 245: session 003000000000000001: closed (2nd stage), user <> realm origin <>, local 0.0.0.0:3478, remote 109.252.45.213:1113, reason: allocation watchdog determined stale session state

something goes wrong and I have no idea at all what could be wrong

I'm trying to make my config as small as possible

listening-ip=0.0.0.0
#external-ip=
listening-port=3478
#tls-listening-port=443
realm=over.ru
#cert=/usr/local/etc/turn_server_cert.pem
#pkey=/usr/local/etc/turn_server_pkey.pem
use-auth-secret
static-auth-secret=shiturn
log-file=/var/log/turnserver.log
verbose
no-tlsv1
no-tlsv1_1
no-tlsv1_2

What can timeout?

[eakraly]

Stale session means that the allocation was not used for 600s (default value) and then closed How did you test it? Did the application work - is it possible that whatever application you used did not need turn server?

[k4mmm]

Hello I can't connect via webRTC, maybe someone can contact me and help me /connectionstate=failed On webrtc debugger i have this from pc1 (call start): From pc2 (join call):

Maybe one of you can help me? Or do you need some additional information? Thank you everyone!

[tarkhil]

Switched to eturnal, it works fine.

[holopekochan]

The tool does not work for me if I use chrome. I also got 701 with chrome But it works great for me when using Firefox

Try it out

[eakraly]

@k4mmm
Whatever it is this is not a valid IP address or URL for a STUN server - no wonder Chrome cannot resolve it. %C2%A0 should not be there I guess you have some copy-paste error in the configuration somewhere?

[liangguohao66]

after I disable ZeroTier One connection， 701 error is gone

[tomchang1019]

firefox works for me, thank you. @holopekochan

[nowjean]

Overall above comments, chrome get 701 error and firefox is OK. For me, when ice trickle test with mobile and chrome get 701 error but, mobile and firefox is OK. (When i ice test with PC, chrome and firefox are OK.)

Than, does coturn running correctly? Shoud i better use firefox for mobile connection?

[1797918430]

this error could be caused by ipv6 ice failure.your local or server network does not support ipv6 . You can confirm this by check event onicecandidate

RTCPeerConnectionIceErrorEvent isTrusted: true address: "[0:0:0:x:x:x:x:x]"

[whatisor]

Switched to eturnal, it works fine.

I got same error if using transport=udp. It only works with transport=tcp

[whatisor]

Update: I got it run on Ubuntu without any issue, but not windows(even turn off all firewall)

[whatisor]

The tool does not work for me if I use chrome. I also got 701 with chrome But it works great for me when using Firefox

Try it out

I found root cause of Chrome related issue. Chrome requires a realm value, so you need to set it in turnserver.conf. Make sure you set it to your server domain or ANY dummy domain for development purpose

[avvvet]

@whatisor (Thank you, realm solution works)

[hudson-s]

Dear @misi,

Thanks for supporting me. Im suspecting the problem is that there are some un-open ports between min-port 49152 and max-port 65535, because i checked stun/turn url on browser and both port 3478 and 5349 are open. This is the list of detail specs:

I would appreciate it very much if you could provide me with a more detailed explanation or support, since my experience with setting up the server is still quite limited.

Thank you very much!

How is this page displayed?