search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.26k stars 517 forks source link

Issues with STUN/TURN on brand new installation (self-hosted) #2567

Open d-givens opened 2 months ago

d-givens commented 2 months ago

Describe the problem

Not able to route traffic among peers. After doing netbird status -d I see on all clients: Relays: [stun:netbird.mydomain.com:3478] is Unavailable, reason: stun request: context deadline exceeded [turn:netbird.mydomain.com:3478?transport=udp] is Unavailable, reason: allocate: all retransmissions failed for xxxxx

On the netbird host, the Coturn Log is below: WARN[0000] /root/netbird/infrastructure_files/artifacts/docker-compose.yml: the attribute version is obsolete, it will be ignored, please remove it to avoid potential confusion coturn-1 | 0: (1): INFO: System cpu num is 2 coturn-1 | 0: (1): INFO: log file opened: /var/tmp/turn_1_2024-09-09.log coturn-1 | 0: (1): INFO: System enable num is 2 coturn-1 | 0: (1): INFO: Coturn Version Coturn-4.6.2 'Gorst' coturn-1 | 0: (1): INFO: Coturn Version Coturn-4.6.2 'Gorst' coturn-1 | 0: (1): INFO: Max number of open files/sockets allowed for this process: 1048576 coturn-1 | 0: (1): INFO: Due to the open files/sockets limitation, max supported number of TURN Sessions possible is: 524000 (approximately) coturn-1 | 0: (1): INFO: coturn-1 | coturn-1 | ==== Show him the instruments, Practical Frost: ==== coturn-1 | coturn-1 | 0: (1): INFO: OpenSSL compile-time version: OpenSSL 3.0.14 4 Jun 2024 (0x300000e0) coturn-1 | 0: (1): INFO: TLS 1.3 supported coturn-1 | 0: (1): INFO: DTLS 1.2 supported coturn-1 | 0: (1): INFO: TURN/STUN ALPN supported coturn-1 | 0: (1): INFO: Third-party authorization (oAuth) supported coturn-1 | 0: (1): INFO: GCM (AEAD) supported coturn-1 | 0: (1): INFO: SQLite supported, default database location is /var/lib/coturn/turndb coturn-1 | 0: (1): INFO: Redis supported coturn-1 | 0: (1): INFO: PostgreSQL supported coturn-1 | 0: (1): INFO: MySQL supported coturn-1 | 0: (1): INFO: MongoDB supported coturn-1 | 0: (1): INFO: Default Net Engine version: 3 (UDP thread per CPU core) coturn-1 | 0: (1): INFO: Domain name: coturn-1 | 0: (1): INFO: Default realm: wiretrustee.com coturn-1 | 0: (1): WARNING: cannot find certificate file: /etc/coturn/certs/cert.pem (1) coturn-1 | 0: (1): WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly coturn-1 | 0: (1): WARNING: cannot find private key file: /etc/coturn/private/privkey.pem (1) coturn-1 | 0: (1): WARNING: cannot start TLS and DTLS listeners because private key file is not set properly coturn-1 | 0: (1): INFO: Certificate file found: /etc/coturn/certs/cert.pem coturn-1 | 0: (1): INFO: Private key file found: /etc/coturn/private/privkey.pem coturn-1 | 0: (1): WARNING: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED coturn-1 | 0: (1): INFO: ===========Discovering listener addresses: ========= coturn-1 | 0: (1): INFO: Listener address to use: 127.0.0.1 coturn-1 | 0: (1): INFO: Listener address to use: PUBLICIP coturn-1 | 0: (1): INFO: Listener address to use: 172.17.0.1 coturn-1 | 0: (1): INFO: Listener address to use: 172.18.0.1 coturn-1 | 0: (1): INFO: Listener address to use: ::1 coturn-1 | 0: (1): INFO: ===================================================== coturn-1 | 0: (1): INFO: Total: 3 'real' addresses discovered coturn-1 | 0: (1): INFO: ===================================================== coturn-1 | 0: (1): WARNING: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED coturn-1 | 0: (1): INFO: ===========Discovering relay addresses: ============= coturn-1 | 0: (1): INFO: Relay address to use: PUBLICIP coturn-1 | 0: (1): INFO: Relay address to use: 172.17.0.1 coturn-1 | 0: (1): INFO: Relay address to use: 172.18.0.1 coturn-1 | 0: (1): INFO: Relay address to use: ::1 coturn-1 | 0: (1): INFO: ===================================================== coturn-1 | 0: (1): INFO: Total: 4 relay addresses discovered coturn-1 | 0: (1): INFO: ===================================================== coturn-1 | 0: (1): INFO: pid file created: /var/tmp/turnserver.pid coturn-1 | 0: (1): INFO: IO method: epoll (with changelist) coturn-1 | 0: (1): WARNING: STUN CHANGE_REQUEST not supported: only one IP address is provided coturn-1 | 0: (1): INFO: Wait for relay ports initialization... coturn-1 | 0: (1): INFO: relay PUBLICIP initialization... coturn-1 | 0: (1): INFO: relay PUBLICIP initialization done coturn-1 | 0: (1): INFO: relay 172.17.0.1 initialization... coturn-1 | 0: (1): INFO: relay 172.17.0.1 initialization done coturn-1 | 0: (1): INFO: relay 172.18.0.1 initialization... coturn-1 | 0: (1): INFO: relay 172.18.0.1 initialization done coturn-1 | 0: (1): INFO: relay ::1 initialization... coturn-1 | 0: (1): INFO: relay ::1 initialization done coturn-1 | 0: (1): INFO: Relay ports initialization done coturn-1 | 0: (1): INFO: Total General servers: 2 coturn-1 | 3: (9): DEBUG: turn server id=0 created coturn-1 | 3: (10): DEBUG: turn server id=1 created coturn-1 | 3: (1): INFO: Total auth threads: 3 coturn-1 | 3: (1): INFO: prometheus collector disabled, not started

Expected behavior

No STUN/TURN errors and peer to peer routing would work

Are you using NetBird Cloud?

Self-hosted

NetBird version

netbird version - Latest

Not sure how to troubleshoot from here. Authentication with Microsoft is working correctly.

Marcus1Pierce commented 2 months ago

Try this https://docs.netbird.io/selfhosted/troubleshooting to test your coturn server

ragman1976 commented 1 month ago

Hi,

exactly same error message in the coturn container log here. Coturn Server test shows:

Screenshot 2024-09-28 221807

InsertDisc commented 1 month ago

Same exact issue. Been running for months no issue, now this.