Setting Up STUN/TURN Server on meetme.id

This article is about how I setup a STUN/TURN service server on my domain meetme.id, so I do not forget how to do it again later :) You can then use the STUN and/or TURN server on meetme.id from anywhere, any application that requires one or both of them.

meetme.id is a service server that I setup to test and learn the current IP communication technologies such as WebRTC, SIP and XMPP/Jabber. I also try to seriously setup and maintain it so that it can actually be useful to anyone for actual usages on a long-term.

UPDATE:

Actual deployment of STUN/TURN server on meetme.id is different than this manual. Current implementation the STUN/TURN server on meetme.id are using different port than the default setup.

Public STUN server address : stun.meetme.id:443

Public TURN server address : turn.meetme.id:443 (UDP/TCP)
Public TURN credential     : public
Public TURN username       : public

This article is divided into three parts:

  • Part 1: Installation
  • Part 2: Basic Configuration
  • Part 3: The Test

The server is using Ubuntu Server 14.04 and the STUN/TURN server software is Coturn.

Just in case you’re wondering why you should need to even use a STUN and/or TURN service server, here are some pages to start with:

Ready ? Let’s begin.

Part 1: Installation

Update Ubuntu server:

sudo apt-get -y update
sudo apt-get -y upgrade

You don’t need to update your server only when you know what you’re doing

Install development packages:

sudo apt-get -y install build-essential libssl-dev libsqlite3-dev libevent-dev libmysqlclient-dev sqlite3

Prepare source directory, all coturn related files will be put in this directory:

mkdir -p ~/src
cd ~/src

Download, compile and install coturn:

wget -c https://github.com/coturn/coturn/archive/4.5.0.3.tar.gz
tar -zxf 4.5.0.3.tar.gz 
cd coturn-4.5.0.3/
./configure
make
sudo make install

Installation is finished.

Part 2: Basic Configuration

Make sure your working directory is still in ~/src/coturn-4.5.0.3/:

cd ~/src/coturn-4.5.0.3/

Add Linux user and group for coturn:

sudo useradd turnserver

Use example config file:

sudo cp examples/etc/turnserver.conf /usr/local/etc

Edit turnserver.conf:

sudo vi /usr/local/etc/turnserver.conf

Add these options, starts from the bottom of the file:

min-port=10000
max-port=20000
verbose
lt-cred-mech
server-name=meetme.id
realm=meetme.id
no-stdout-log
log-file=/var/log/turnserver.log
simple-log
proc-user=turnserver
proc-group=turnserver

You may of course use your own domain name.

Create sqlite3 database:

sudo rm -f /usr/local/var/db/turndb
cat turndb/schema.sql | sudo sqlite3 /usr/local/var/db/turndb

Create an empty log file:

sudo touch /var/log/turnserver.log

Prepare self-signed certificate for coturn:

openssl req -new -x509 -newkey rsa:4096 -days 3650 -keyout privkey.pem -out server.pem
openssl rsa -in privkey.pem -out privkey.pem
sudo mv privkey.pem /usr/local/etc/turn_server_pkey.pem
sudo mv server.pem /usr/local/etc/turn_server_cert.pem

Please note that I actually use a USD 9 Comodo SSL certificate, not a self-signed. This is just a note should I, you, need to use one.

Set files ownership and permissions:

sudo chown turnserver.turnserver -R /usr/local/etc/turn* /usr/local/var/db /var/log/turnserver.log

Verify basic configuration by running turnserver:

sudo turnserver

You should see nothing indicating an error.

Exit turnserver for now by pressing Control+C.

Re-run turnserver, this time run as daemon:

sudo turnserver -o

Coturn will take 4 UDP and TCP ports on server, they are:

  • Port 3478
  • Port 3479
  • Port 5349
  • Port 5350

Verify ports are taken by coturn:

sudo netstat -lnptu | grep turnserver

Add a user for public use, for my test domain meetme.id:

sudo turnadmin -a -u public -r meetme.id -p public

Please note that giving the public username and credential is not recommended. I made this a public access because I believe it will benefit us, testers like me, for now.

Coturn has a REST API, and other methods, so that the external app can access it to get coturn setup a new temporary key/credential for a session only, this way only users you allowed to use your TURN service can use and eat your server’s bandwidth.

That is all.

Now everyone can use meetme.id‘s STUN/TURN server with username public and credential public on host/server address meetme.id.

Part 3: The Test

As of now STUN/TURN service is running on my domain meetme.id. Testing the TURN service might be a little complex, maybe you need to build an actual working WebRTC app. But since the STUN service also run by the same application then we can just test the STUN service to see if the service is running properly, for STUN at least.

This is how you can check the STUN service:

  • Install stun client on your PC or on different server, but better in your PC/laptop under a NAT router:
    sudo apt-get install stun
    
  • Run it againts meetme.id
    stun meetme.id
    

The result should be similar to this:

STUN client version 0.97
Primary: Independent Mapping, Independent Filter, random port, no hairpin   
Return value is 0x000012

In some cases probably you’ll receive response telling that you’re blocked, or some other status.

Update, there is a website that you can use to test your STUN/TURN server, here it is:

Visit the website, remove the default google server and add yours.

Author

This article is written by Anton Raharja, the maintainer of meetme.id.

Feedbacks are welcome. Let me know. Thanks.

One thought on “Setting Up STUN/TURN Server on meetme.id

  1. Next after habahaba project nih :D nice saya cari habahaba ngga ketemu jadinya meetme.id modeling learning project by videoconferencing sepertinya tambah menarik.

    Like

Comments are closed.