1
У меня есть эта структура:Coturn/turnserver: Ошибка 437: Несовместимость распределение: неправильно идентификатор транзакции (WebRTC)
- веб-сервер: Apache. он находится в локальной сети. Он находится на компьютере (Windows 7), который имеет открытый статический ip. ПК находится в сети.
- Сервер сигналов: на виртуальной машине (VirtualBox Centos 6) на том же ПК.
- STUN/TURN сервер: Coturn "4.5.0.4". В виртуальной машине (VirtualBox Centos 6) на том же ПК.
- Клиент A: Ноутбук, Vista. Я использую мобильный телефон Samsung и USB-шлюз, чтобы получить (внешний) интернет. Mobile использует «мобильные данные» для подключения к Интернету.
- Клиент B: Ноутбук, Windows 8 (или Windows 10). Я использую планшет Samsung и USB-модем, чтобы получить (внешний) интернет. Планшет использует «мобильные данные» для подключения к Интернету.
Я бегу coturn/turnserver так:
sudo turnserver -X xxx.xx.xxx.xx (this is my static external ip)
Я создал порт вперед:
3479 -> 3478 for TCP
3479 -> 3478 for UTP
5348 -> 5349 for TCP
5348 -> 5349 for UTP
Я использую файл конфигурации по умолчанию в coturn с этими изменениями:
verbose
fingerprint
lt-cred-mech
realm=mycompany.org
cert=server.crt
pkey=server.key
pkey-pwd=.... (it has been omitted)
log-file=/var/tmp/turnserver.log
simple-log
Я создал файлы server.crt и server.key a nd Я знаю, что они правы, потому что я могу использовать инструмент веб-администратора, который им нужен, чтобы работать с https
Я создал пользователя admin. Я создал ключ для пользователя "test4" с помощью:
sudo turnadmin -k -u test4 -r mycompany.org -p test
и я использую его, чтобы создать его:
sudo turnadmin -a -b "/var/db/turndb" -u test4 -r mycompamy.org -p ......
На клиенте:
var STUN = {
urls: "stun:xxx.xx.xxx.xx:3479" //port forward
};
var TURN = {
urls: [
"turn:xxx.xx.xxx.xx:3479?transport=udp",
"turn:xxx.xx.xxx.xx:3479?transport=tcp",
"turn:xxx.xx.xxx.xx:3479"
],
username : "test4",
credential : "......................", (it's the key. it has been omitted)
};
сообщения, я получаю от coturn/turnerver:
242: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:60113
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:60075
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: IPv4. Local relay addr: 10.0.2.15:55037
243: session 000000000000000003: new, realm=<mycompany.org>, username=<test4>, lifetime=600
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: IPv4. Local relay addr: 10.0.2.15:52683
243: session 000000000000000002: new, realm=<mycompany.org>, username=<test4>, lifetime=600
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
244: session 000000000000000002: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
244: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
244: session 000000000000000003: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
244: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
245: session 000000000000000002: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:60113, reason: allocation timeout
245: session 000000000000000002: delete: realm=<mycompany.org>, username=<test4>
245: session 000000000000000003: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:60075, reason: allocation timeout
245: session 000000000000000003: delete: realm=<mycompany.org>, username=<test4>
Что мне здесь не хватает? Почему я нахожу «ICE failed» в консоли?
Я прочитал в https://tools.ietf.org/id/draft-ietf-behave-turn-08.html о
"error 437: Mismatched allocation: wrong transaction ID"
это говорит
437 (Allocation Несовпадение): Это указывает на то, что клиент выбрал 5-кортеж, который сервер видит, как уже или недавно был использован . Один из способов это может произойти, если промежуточный NAT назначил сопоставленный транспортный адрес , который недавно использовался другим распределением. Клиент ДОЛЖЕН выбрать другой транспортный адрес клиента и повторить запрос на выделение (используя другой идентификатор транзакции). Клиент СЛЕДУЕТ попробуйте три разных клиентских транспортных адреса перед тем, как отказаться от этого сервера.Как только клиент откажется от сервера, НЕ ДОЛЖЕН пробовать , чтобы создать еще одно распределение на сервере в течение 2 минут.
Что это значит?
UPDATE
Теперь, когда клиент А использует Chrome "49.02623.112 м" (я не могу обновить его больше, потому что на Vista) и клиент B "50.0.2661.75 M" coturn сервер работает штраф в течение нескольких секунд. Я запускаю сервер таким образом (я не уверен, что это помогает. XXX.XX.XXX.XX - общедоступный статический IP-адрес ПК, на котором находится виртуальная машина сервера, а 192.168.2.190 - внутренний IP-адрес):
sudo turnserver -X XXX.XX.XXX.XX/192.168.2.190
это сообщения журнала:
0: log file opened: /var/log/turn_3205_2016-04-15.log
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.0.4 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 4096
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 2000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 is not supported
0: TURN/STUN ALPN is not supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.1e-fips 11 Feb 2013
0:
0: SQLite supported, default database location is /var/db/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Config file found: /etc/turnserver/turnserver.conf
0: log file opened: /var/tmp/turnserver.log
0: Config file found: /etc/turnserver/turnserver.conf
0: Domain name:
0: Default realm: mycompany.org
0: Config file found: /etc/turnserver/server.crt
0: Config file found: /etc/turnserver/server.key
0: SSL23: Certificate file found: /etc/turnserver/server.crt
0: SSL23: Private key file found: /etc/turnserver/server.key
0: TLS1.0: Certificate file found: /etc/turnserver/server.crt
0: TLS1.0: Private key file found: /etc/turnserver/server.key
0: TLS1.1: Certificate file found: /etc/turnserver/server.crt
0: TLS1.1: Private key file found: /etc/turnserver/server.key
0: TLS1.2: Certificate file found: /etc/turnserver/server.crt
0: TLS1.2: Private key file found: /etc/turnserver/server.key
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /etc/turnserver/server.crt
0: DTLS: Private key file found: /etc/turnserver/server.key
0: DTLS cipher suite: DEFAULT
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 10.0.2.15
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 10.0.2.15
0: Relay address to use: ::1
0: =====================================================
0: Total: 2 relay addresses discovered
0: =====================================================
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0: relay 10.0.2.15 initialization...
0: relay 10.0.2.15 initialization done
0: relay ::1 initialization...
0: relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3479
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5350
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:3478
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:3479
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:5349
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:5350
0: IPv6. DTLS/UDP listener opened on: ::1:3478
0: IPv6. DTLS/UDP listener opened on: ::1:3479
0: IPv6. DTLS/UDP listener opened on: ::1:5349
0: IPv6. DTLS/UDP listener opened on: ::1:5350
0: Total General servers: 2
0: IO method (admin thread): epoll (with changelist)
0: ERROR: Cannot create CLI listener
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/db/turndb
1275: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:30637
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:30638
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: IPv4. Local relay addr: 10.0.2.15:52828
1275: session 001000000000000001: new, realm=<mycompany.org>, username=<test4>, lifetime=600
1275: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: IPv4. Local relay addr: 10.0.2.15:57360
1275: session 000000000000000001: new, realm=<mycompany.org>, username=<test4>, lifetime=600
1275: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1276: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1277: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1277: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1278: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1278: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1280: session 001000000000000001: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
1280: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
1280: session 000000000000000001: peer XXX.XX.XX.XX lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer XXX.XX.XX.XX lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.2 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1280: session 000000000000000001: peer 10.0.2.2 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1281: session 001000000000000001: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:30638, reason: allocation timeout
1281: session 001000000000000001: delete: realm=<mycompany.org>, username=<test4>
1281: session 000000000000000001: peer 10.0.2.15 lifetime updated: 600
1281: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CHANNEL_BIND processed, success
1282: session 000000000000000001: peer 10.0.2.15 lifetime updated: 600
1282: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CHANNEL_BIND processed, success
1282: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1283: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1285: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1286: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1286: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1292: session 000000000000000001: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
1292: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
1293: session 000000000000000001: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:30637, reason: allocation timeout
1293: session 000000000000000001: delete: realm=<mycompany.org>, username=<test4>
1293: session 000000000000000001: peer XXX.XX.XX.XX deleted
1293: session 000000000000000001: peer 10.0.2.2 deleted
1293: session 000000000000000001: peer 10.0.2.15 deleted
как вы используете сервер TURN на общедоступном IP-адресе? – mido
@mido. Я не уверен, понимаю ли я ваш вопрос. Я набираю: sudo turnerver -X xxx.xx.xxx.xx (xxx.xx.xxx.xx - общедоступный ip ПК, где VM (centos 6) живет там, где живет оборотень) – user1621010
это мое сомнение, как вы уверены этот сервер доступен из общедоступного IP-адреса, как правило, я использую экземпляр AWS для запуска TURN в общедоступном ip, вы используете аналогичную настройку? – mido