我有这样的结构:
- 网络服务器:Apache。它在局域网中。它位于具有公共(public)静态 IP 的 PC(Windows 7)上。 PC 在网络中。
- 信号服务器:位于同一台电脑上的虚拟机 (VirtualBox Centos 6) 中。
- STUN/TURN 服务器:Coturn“4.5.0.4”。在同一台电脑上的 VM (VirtualBox Centos 6) 中。
- 客户端 A:笔记本电脑,Vista。我使用三星手机和 USB 网络共享来获取(外部)互联网。移动设备使用“移动数据”连接到互联网。
- 客户端 B:笔记本电脑、Windows 8(或 Windows 10)。我使用三星平板电脑和 USB 网络共享来获取(外部)互联网。该平板电脑使用“移动数据”连接到互联网。
我像这样运行 coturn/turnserver:
sudo turnserver -X xxx.xx.xxx.xx (this is my static external ip)
我已经创建了端口转发:
3479 -> 3478 for TCP
3479 -> 3478 for UTP
5348 -> 5349 for TCP
5348 -> 5349 for UTP
我使用 coturn 的默认配置文件并进行了这些更改:
verbose
fingerprint
lt-cred-mech
realm=mycompany.org
cert=server.crt
pkey=server.key
pkey-pwd=.... (it has been omitted)
log-file=/var/tmp/turnserver.log
simple-log
我已经创建了文件 server.crt 和 server.key,我知道它们是正确的,因为我可以使用需要它们通过 https 运行的 Web 管理工具
我已经创建了管理员用户。我使用以下命令为用户“test4”创建了 key :
sudo turnadmin -k -u test4 -r mycompany.org -p test
我用它来创造他:
sudo turnadmin -a -b "/var/db/turndb" -u test4 -r mycompamy.org -p ......
在客户端:
var STUN = {
urls: "stun:xxx.xx.xxx.xx:3479" //port forward
};
var TURN = {
urls: [
"turn:xxx.xx.xxx.xx:3479?transport=udp",
"turn:xxx.xx.xxx.xx:3479?transport=tcp",
"turn:xxx.xx.xxx.xx:3479"
],
username : "test4",
credential : "......................", (it's the key. it has been omitted)
};
我从 coturn/turnserver 收到的消息如下:
242: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:60113
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:60075
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: IPv4. Local relay addr: 10.0.2.15:55037
243: session 000000000000000003: new, realm=<mycompany.org>, username=<test4>, lifetime=600
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: IPv4. Local relay addr: 10.0.2.15:52683
243: session 000000000000000002: new, realm=<mycompany.org>, username=<test4>, lifetime=600
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
244: session 000000000000000002: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
244: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
244: session 000000000000000003: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
244: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
245: session 000000000000000002: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:60113, reason: allocation timeout
245: session 000000000000000002: delete: realm=<mycompany.org>, username=<test4>
245: session 000000000000000003: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:60075, reason: allocation timeout
245: session 000000000000000003: delete: realm=<mycompany.org>, username=<test4>
我在这里缺少什么?为什么我在控制台中收到“ICE 失败”?
我读到https://tools.ietf.org/id/draft-ietf-behave-turn-08.html 关于
"error 437: Mismatched allocation: wrong transaction ID"
它说
437 (Allocation Mismatch): This indicates that the client has picked a 5-tuple which the server sees as already in use or which was recently in use. One way this could happen is if an intervening NAT assigned a mapped transport address that was recently used by another allocation. The client SHOULD pick another client transport address and retry the Allocate request (using a different transaction id). The client SHOULD try three different client transport addresses before giving up on this server. Once the client gives up on the server, it SHOULD NOT try to create another allocation on the server for 2 minutes.
这是什么意思?
更新
现在,当客户端 A 使用 Chrome“49.02623.112 m”(我无法再更新它,因为在 Vista 上)和客户端 B“50.0.2661.75 m”时,coturn 服务器可以正常工作几秒钟。我这样运行服务器(我不确定这是否有帮助。XXX.XX.XXX.XX是服务器虚拟机所在的PC的公共(public)静态IP,192.168.2.190是内部IP):
sudo turnserver -X XXX.XX.XXX.XX/192.168.2.190
这些是日志消息:
0: log file opened: /var/log/turn_3205_2016-04-15.log
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.0.4 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 4096
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 2000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 is not supported
0: TURN/STUN ALPN is not supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.1e-fips 11 Feb 2013
0:
0: SQLite supported, default database location is /var/db/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Config file found: /etc/turnserver/turnserver.conf
0: log file opened: /var/tmp/turnserver.log
0: Config file found: /etc/turnserver/turnserver.conf
0: Domain name:
0: Default realm: mycompany.org
0: Config file found: /etc/turnserver/server.crt
0: Config file found: /etc/turnserver/server.key
0: SSL23: Certificate file found: /etc/turnserver/server.crt
0: SSL23: Private key file found: /etc/turnserver/server.key
0: TLS1.0: Certificate file found: /etc/turnserver/server.crt
0: TLS1.0: Private key file found: /etc/turnserver/server.key
0: TLS1.1: Certificate file found: /etc/turnserver/server.crt
0: TLS1.1: Private key file found: /etc/turnserver/server.key
0: TLS1.2: Certificate file found: /etc/turnserver/server.crt
0: TLS1.2: Private key file found: /etc/turnserver/server.key
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /etc/turnserver/server.crt
0: DTLS: Private key file found: /etc/turnserver/server.key
0: DTLS cipher suite: DEFAULT
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 10.0.2.15
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 10.0.2.15
0: Relay address to use: ::1
0: =====================================================
0: Total: 2 relay addresses discovered
0: =====================================================
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0: relay 10.0.2.15 initialization...
0: relay 10.0.2.15 initialization done
0: relay ::1 initialization...
0: relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3479
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5350
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:3478
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:3479
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:5349
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:5350
0: IPv6. DTLS/UDP listener opened on: ::1:3478
0: IPv6. DTLS/UDP listener opened on: ::1:3479
0: IPv6. DTLS/UDP listener opened on: ::1:5349
0: IPv6. DTLS/UDP listener opened on: ::1:5350
0: Total General servers: 2
0: IO method (admin thread): epoll (with changelist)
0: ERROR: Cannot create CLI listener
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/db/turndb
1275: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:30637
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:30638
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: IPv4. Local relay addr: 10.0.2.15:52828
1275: session 001000000000000001: new, realm=<mycompany.org>, username=<test4>, lifetime=600
1275: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: IPv4. Local relay addr: 10.0.2.15:57360
1275: session 000000000000000001: new, realm=<mycompany.org>, username=<test4>, lifetime=600
1275: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1276: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1277: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1277: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1278: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1278: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1280: session 001000000000000001: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
1280: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
1280: session 000000000000000001: peer XXX.XX.XX.XX lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer XXX.XX.XX.XX lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.2 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1280: session 000000000000000001: peer 10.0.2.2 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1281: session 001000000000000001: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:30638, reason: allocation timeout
1281: session 001000000000000001: delete: realm=<mycompany.org>, username=<test4>
1281: session 000000000000000001: peer 10.0.2.15 lifetime updated: 600
1281: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CHANNEL_BIND processed, success
1282: session 000000000000000001: peer 10.0.2.15 lifetime updated: 600
1282: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CHANNEL_BIND processed, success
1282: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1283: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1285: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1286: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1286: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1292: session 000000000000000001: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
1292: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
1293: session 000000000000000001: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:30637, reason: allocation timeout
1293: session 000000000000000001: delete: realm=<mycompany.org>, username=<test4>
1293: session 000000000000000001: peer XXX.XX.XX.XX deleted
1293: session 000000000000000001: peer 10.0.2.2 deleted
1293: session 000000000000000001: peer 10.0.2.15 deleted
最佳答案
也许,这不是一个像“软件X不起作用,选择软件Y”这样的好答案。然而,在这种情况下,它让我很高兴。因此,如果您可以为您的项目选择 TURN 服务器软件,请查看 reTurn 服务器。
这是我的故事和答案。
在与coturn战斗之后:尝试设置、数据库、用户、领域,并阅读大量的DEBUG日志。我已经放弃了。我打败了。
我决定切换到 reTurn STUN/TURN 服务器。我按照本手册进行了一些细微的修改:
http://rtcquickstart.org/guide/multi/turn-reTurnServer.html
以下是堆栈详细信息:
- DigitalOcean 中的操作系统
Ubuntu 16.04 LTS
安装很简单sudo apt-get install resiprocate-turn-server。
您应该注意包包含所有预配置步骤,例如 key 生成。
这是我工作中有意义的部分/etc/reTurn/reTurnServer.config(所有内容均未注释,包括默认设置)
TurnAddress = XXX.XXX.XXX.XXX
TurnPort = 3478
TlsTurnPort = 0
AltStunAddress = 0.0.0.0
AltStunPort = 0
LoggingType = file
SyslogFacility = LOG_DAEMON
LoggingLevel = INFO
LogFilename = /var/log/reTurnServer/reTurnServer.log
LogFileMaxLines = 10000 # May be usefull
Daemonize = true
PidFile = /var/run/reTurnServer/reTurnServer.pid
RunAsUser = return
RunAsGroup = return
AuthenticationRealm = reTurn
UserDatabaseFile = /etc/reTurn/users.txt
UserDatabaseHashedPasswords = false # For Development purposes it enougth
UserDatabaseCheckInterval = 5 # Check it every 5 seconds
NonceLifetime = 3600
AllocationPortRangeMin = 49152
AllocationPortRangeMax = 65535
DefaultAllocationLifetime = 600
MaxAllocationLifetime = 3600
TlsServerCertificateFilename = server.pem
TlsServerPrivateKeyFilename = server-key.pem
TlsTempDhFilename = /etc/reTurn/dh2048.pem
TlsPrivateKeyPassword =
和/etc/reTurn/users.txt(仅一条记录)
cloudguy:passw0rd:reTurn:AUTHORIZED
在客户端,我使用 SimpleWebRTC 和 signalmaster 作为信号服务器。如何告诉客户端使用服务器:
peerConnectionConfig: {
// I force browser to use relay
iceTransports: 'relay',
iceServers: [
{
url: "stun:XXX.XXX.XXX.XXX"
},
{
urls: [
"turn:XXX.XXX.XXX.XXX:3478?transport=udp",
"turn:XXX.XXX.XXX.XXX:3478?transport=tcp",
"turn:XXX.XXX.XXX.XXX:3478"
],
credential: "passw0rd",
username: "cloudguy"
}
]
}
因此它在以下情况下有效:
- 两个或三个客户端位于具有 NAT 的同一 LAN 中
- 不同 LAN 中的两到三个浏览器,具有 NAT (!)
- 不同 LAN 中的两三个客户端具有 NAT 和...其中一个具有代理(哇!)
所以它就像它应该的那样工作。耶。这就对了。如果您成功使用了 coturn,我们很想知道您是如何做到这一点的。
谢谢。
关于javascript - Coturn/turnserver : error 437: Mismatched allocation: wrong transaction ID (WebRTC),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36627529/