search

pradt2 / always-online-stun

A list of publicly available STUN servers, refreshed every hour.
MIT License
573 stars 49 forks source link

A TURN list would be amazing! #13

Closed TheRook closed 1 year ago

TheRook commented 1 year ago

I love the STUN list, but if you could also have a list of servers that allow anonymous TURN that would be A+.

Anyway, thanks for the list!

pradt2 commented 1 year ago

Hi, thanks for opening the issue.

I agree that a TURN server list would be awesome.

I don't know of any publicly available TURN servers though, do you?

If we could compile a sizeable list (a dozen or so of working servers), I would be willing to add support for TURN testing.

TheRook commented 1 year ago

Yeah there are at least two open source projects that run TURN servers and many of the STUN list also supports TURN.

These guys run three https://status.peerjs.com/

Here is another: https://www.metered.ca/tools/openrelay/

On Fri, Jul 7, 2023, 6:35 AM pradt2 @.***> wrote:

Hi, thanks for opening the issue.

I agree that a TURN server list would be awesome.

I don't know of any publicly available TURN servers though, do you?

If we could compile a sizeable list (a dozen or so of working servers), I would be willing to add support for TURN testing.

— Reply to this email directly, view it on GitHub https://github.com/pradt2/always-online-stun/issues/13#issuecomment-1625426715, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAD7MNYOG4GH5SCFPQAG4BLXPAGDHANCNFSM6AAAAAA2A4KLWU . You are receiving this because you authored the thread.Message ID: @.***>

pradt2 commented 1 year ago

I see. Okay, I'll take a look at this this week.

TheRook commented 1 year ago

@pradt2 Here is some python that will do the trick: pip install aiortc

import asyncio
import socket
from aiortc import RTCIceServer, RTCPeerConnection, RTCSessionDescription
from aiortc.contrib.signaling import object_from_string, object_to_string

async def check_turn_connection(turn_server, turn_port):
    try:
        # Create an RTCIceServer with the TURN server details
        ice_server = RTCIceServer(urls=f"turn:{turn_server}:{turn_port}", username=None, credential=None)

        # Create a peer connection with the TURN server as the only ICE server
        pc = RTCPeerConnection(ice_servers=[ice_server])

        # Create an offer to gather ICE candidates
        offer = await pc.create_offer()
        await pc.set_local_description(offer)

        # Wait for ICE gathering to complete
        while not pc.iceGatheringState == 'complete':
            await asyncio.sleep(0.1)

        # Check if an ICE candidate with an empty 'usernameFragment' exists
        anonymous_turn_supported = any(
            candidate.get('usernameFragment') == '' for candidate in pc.localDescription.sdp_candidates)

        if anonymous_turn_supported:
            print(f"The server at {turn_server}:{turn_port} supports anonymous TURN.")
        else:
            print(f"The server at {turn_server}:{turn_port} does not support anonymous TURN.")

    except Exception as e:
        print(f"Error occurred while checking {turn_server}:{turn_port}: {e}")

    finally:
        # Close the peer connection
        await pc.close()

async def main():
    # Read the list of IP:PORT pairs from a file
    with open('turn_servers.txt', 'r') as file:
        turn_servers = [line.strip() for line in file]

    # Check TURN connection for each server in the list
    tasks = [check_turn_connection(turn_server.split(':')[0], int(turn_server.split(':')[1]))
             for turn_server in turn_servers]

    await asyncio.gather(*tasks)

if __name__ == "__main__":
    asyncio.run(main())
pradt2 commented 1 year ago

Hi, I did some work on this and what I found out that indeed there are STUN providers that also support unauthenticated TURN requests, but these providers are usually some niche online telephony companies.

I worry that, unlike STUN, directing potentially significant amounts of TURN traffic to these services might be disruptive for the company/customers or at least it might rack up their hosting costs.

So, unlike what I do with STUN (opt-out if a company wishes to be removed), being on an open TURN list should probably be opt-in.

To sum up, if a TURN service provider comes here and says they agree to be on the list, I will gladly add them and enable TURN checks, but until then, I'll be offering STUN links only.

Do you agree?

pradt2 commented 1 year ago

BTW neither peerjs nor openrelay offer unauthenticated TURN anymore.

TheRook commented 1 year ago

BTW neither peerjs nor openrelay offer unauthenticated TURN anymore.

Hmm, that is unfortunate. I also noticed that nmap NSE doesn't seem to detect TURN-ability. The https://veilid.com/ project is running TURN servers and webrtc, but these are ephemeral addresses on a new protocol.

Well thanks for looking into it, and thanks for keeping the STUN list active!