I'm trying to set up the rfc5766-turn-server TURN server for webRTC from here.
I was able to successfully relay my video through this TURN server using a turnuserdb.conf file where I have my username and password (my_user_name:my_password).
And on the web client side I used:
"iceServers":{[
"url": "turn:my_user_name,@turn_server_ip",
"credential":"my_password"
}]
I'm trying to use the REST API feature that es with the TURN server to avoid sending the password over the network or storing it on the client side. I followed this spec and this explanation under the Rest API
However unfortunately I get a 401 and I cannot authenticate.
Here's what I did exactly:
I created a secret "my_secret" and I ran the turn server like this:
turnserver -v --syslog -a -L xx.xxx.xx.xx -X yy.yyy.yyy.yy -E zz.zzz.zz.zzz --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --static-auth-secret=my_secret --realm=north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -q 100 -Q 300 --cipher-list=ALL(I just replaced the IP address with
xx.xxx.xx.xxyy.yyy.yyy.yyzz.zzz.zz.zzz)Later I generated a timestamp that would be now + 1 hour so I ran on nodejs:
Date.now()+1000*60*60; // output 1433895918506.I generated the temporary password on this website, Using my secret, and got a result
0ca57806bdc696b3129d4cad83746945b00af77bI encoded the password to base64.
Now I tried to log municate with the turn server from the web client using the temporary username :
1433895918506:my_user_nameand password:MGNhNTc4MDZiZGM2OTZiMzEyOWQ0Y2FkODM3NDY5NDViMDBhZjc3Yg==, on the web client now I use"iceServers":"url":"turn:1433895918506:my_user_name@turn_server_ip","credential":"MGNhNTc4MDZiZGM2OTZiMzEyOWQ0Y2FkODM3NDY5NDViMDBhZjc3Yg=="}]
But it doesn't work, I get:
401 user <1433895918506:my_user_name> ining packet message processed, error 401: Unauthorised.
Can you help me figure out what's wrong?
I'm trying to set up the rfc5766-turn-server TURN server for webRTC from here.
I was able to successfully relay my video through this TURN server using a turnuserdb.conf file where I have my username and password (my_user_name:my_password).
And on the web client side I used:
"iceServers":{[
"url": "turn:my_user_name,@turn_server_ip",
"credential":"my_password"
}]
I'm trying to use the REST API feature that es with the TURN server to avoid sending the password over the network or storing it on the client side. I followed this spec and this explanation under the Rest API
However unfortunately I get a 401 and I cannot authenticate.
Here's what I did exactly:
I created a secret "my_secret" and I ran the turn server like this:
turnserver -v --syslog -a -L xx.xxx.xx.xx -X yy.yyy.yyy.yy -E zz.zzz.zz.zzz --max-bps=3000000 -f -m 3 --min-port=32355 --max-port=65535 --use-auth-secret --static-auth-secret=my_secret --realm=north.gov --cert=turn_server_cert.pem --pkey=turn_server_pkey.pem --log-file=stdout -q 100 -Q 300 --cipher-list=ALL(I just replaced the IP address with
xx.xxx.xx.xxyy.yyy.yyy.yyzz.zzz.zz.zzz)Later I generated a timestamp that would be now + 1 hour so I ran on nodejs:
Date.now()+1000*60*60; // output 1433895918506.I generated the temporary password on this website, Using my secret, and got a result
0ca57806bdc696b3129d4cad83746945b00af77bI encoded the password to base64.
Now I tried to log municate with the turn server from the web client using the temporary username :
1433895918506:my_user_nameand password:MGNhNTc4MDZiZGM2OTZiMzEyOWQ0Y2FkODM3NDY5NDViMDBhZjc3Yg==, on the web client now I use"iceServers":"url":"turn:1433895918506:my_user_name@turn_server_ip","credential":"MGNhNTc4MDZiZGM2OTZiMzEyOWQ0Y2FkODM3NDY5NDViMDBhZjc3Yg=="}]
But it doesn't work, I get:
401 user <1433895918506:my_user_name> ining packet message processed, error 401: Unauthorised.
Can you help me figure out what's wrong?
Share Improve this question edited Oct 7, 2021 at 7:13 CommunityBot 11 silver badge asked Jun 10, 2015 at 0:33 Michael PMichael P 2,0873 gold badges29 silver badges34 bronze badges1 Answer
Reset to default 8when I generated credential with your name and secret, I got 1Dj9XZ5fwvKS6YoQZOoORcFnXaI= not MGNhNTc4MDZiZGM2OTZiMzEyOWQ0Y2FkODM3NDY5NDViMDBhZjc3Yg==, check your algorithm/code for errors.
and the time is in Unix Timestamp, so in seconds and not milliseconds as you did( though this should not affect, but just makes your credentials never expire)
check if your system and the system where the TURN server is running, the clocks are in sync( at least not days apart), and in general, to avoid issue of clocks not being in sync, better to use ttl as 24 hours, so your timestamp:
timestamp= parseInt(Date.now()/1000) + 24*3600
the code for generating TURN credential:
var crypto = require('crypto');
function getTURNCredentials(name, secret){
var unixTimeStamp = parseInt(Date.now()/1000) + 24*3600,
username = [unixTimeStamp, name].join(':'),
password,
hmac = crypto.createHmac('sha1', secret);
hmac.setEncoding('base64');
hmac.write(username);
hmac.end();
password = hmac.read();
return {
username: username,
password: password
};
}