From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp-bc0f.mail.infomaniak.ch (smtp-bc0f.mail.infomaniak.ch [45.157.188.15]) by mail.toke.dk (Postfix) with ESMTPS id 7B0BBA93041 for ; Thu, 24 Oct 2024 10:18:31 +0200 (CEST) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=mecadu.org header.i=@mecadu.org header.a=rsa-sha256 header.s=20230720 header.b=pP4kRwtL Received: from smtp-4-0001.mail.infomaniak.ch (smtp-4-0001.mail.infomaniak.ch [10.7.10.108]) by smtp-4-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4XYzMB4DQVzWd1; Thu, 24 Oct 2024 10:18:30 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mecadu.org; s=20230720; t=1729757910; bh=ylzbJAgPQuXWbQ/qn+fYfgu54d90qZdXG4wHBPgQsrI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pP4kRwtLkqa920FoWJ3Af5x/OnD8EuCW5kjqATkMR+BS6aXevLZNLCUZuviQBmj14 PpwlPccUc4CJLRpy+JWuyIVc+xhWnSWWmz/n21Yo4/z604TEnjKmGRPv3AgNRK7oCY usviOiL+PjwWnNxynuHMEFfqLQ8wntYx3G66+dGUlUKD1i+/JtvZfbXIsFYvOej1g8 hpZTg2PaEUA+X28GK1ZeqkdzEQZXEOSREjx3cF8sNa45tappJcj/68UfwWYNwVd/9l TwV+mB0cRRJb5DJhAUvYFW1PFZliJyBGldpHs8BHYHtikh6RA60NKHDLwt3s6cG9zj baNo+MWhsrigg== Received: from unknown by smtp-4-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4XYzMB0DdgzFTn; Thu, 24 Oct 2024 10:18:30 +0200 (CEST) From: Franck Routier To: galene@lists.galene.org Date: Thu, 24 Oct 2024 10:18:29 +0200 Message-ID: <2208574.irdbgypaU6@tibook> In-Reply-To: <172975749182.1024.2812222916835422030@gauss.local> References: <1987495.PYKUYFuaPT@tibook> <172975749182.1024.2812222916835422030@gauss.local> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="nextPart13630801.uLZWGnKmhe" Content-Transfer-Encoding: 7Bit X-Infomaniak-Routing: alpha Message-ID-Hash: MV33M2QQ5K4TPZFQIPAA4GQEDOFRHOCR X-Message-ID-Hash: MV33M2QQ5K4TPZFQIPAA4GQEDOFRHOCR X-MailFrom: alci@mecadu.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Franck Routier X-Mailman-Version: 3.3.10 Precedence: list Subject: [Galene] Re: Help needed on network settings List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This is a multi-part message in MIME format. --nextPart13630801.uLZWGnKmhe Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" It also seems it is trying to use udp ports on the galene side that are not= in the udp-range I use in the command line: =C3=89tat ICE Nomm=C3=A9 S=C3=A9lectionn=C3=A9 Candidat local Candidat distant inprogress false false my.lo.ca.lip:37763/udp(host) [non-proxied] ww.xx.yy.zz:45618/udp(relay) So it's trying to use udp 45618 on the galene side, which in not in the 181= 00-19100 range I specified and allowed on the firewall. Is this expected ? =46ranck Le jeudi 24 octobre 2024, 10:11:27 CEST Franck Routier via Galene a =C3=A9c= rit : > Hi, >=20 > using about:webrtc in firefox, I see quite a lot of attempts to initiate = ICE / STUN communication on different addresses and ports. > It seems to finally communicate, but fails with an error: >=20 > STUN-CLIENT(relay(IP4:my.lo.ca.lip:60534/UDP|IP4:ww.xx.yy.zz:1194/UDP)::T= URN): Received response; processing > STUN-CLIENT(relay(IP4:my.lo.ca.lip:60534/UDP|IP4:ww.xx.yy.zz:1194/UDP)::T= URN): XOR-MAPPED-ADDRESS is bogus > STUN-CLIENT(relay(IP4:my.lo.ca.lip:60534/UDP|IP4:ww.xx.yy.zz:1194/UDP)::T= URN): Error processing response: Invalid data, stun error code 0. > Inconsistent message method: 103 expected 001 > ICE(PC:{247ed162-d0e5-4dfc-a5bc-7c7429fd06be} 1729756871462370 (id=3D5798= 2058498 url=3Dhttps://galene.mydomain.net/group/visio/)): Message does not = correspond to any registered stun ctx >=20 > Does this make any sense to someone ? >=20 > Thanks > Franck >=20 >=20 > Le mercredi 23 octobre 2024, 08:42:33 CEST Franck Routier a =C3=A9crit : > > Hi, > >=20 > > I'm trying to setup a galene instance in the following context: > >=20 > > * one physical server (hosted at OVH) with public IP ww.xx.yy.zz > > * on this server, incus (https://linuxcontainers.org/incus/docs/main/) = is used to handle different containers: galene is in one of this containers= (running Ubuntu) > > * another container is running nginx as a reverse proxy > > * dns name galene.mydomain.net points to ww.xx.yy.zz > >=20 > > What I did is: > >=20 > > * on the main server, forward ports tcp/1194, upd/1194 and udp/18100-19= 100 to same ports on galene container > > (I tested with netcat that this port forwarding is effective) > >=20 > > * on nginx, proxypass url https://galene.mydomain.net to galene contain= er on port 10000: > >=20 > > server {=20 > > if ($host =3D galene.mydomain.net) {=20 > > return 301 https://$host$request_uri;=20 > > } > > listen 80;=20 > > server_name galene.mydomain.net;=20 > > return 301 https://$host$request_uri;=20 > > } > >=20 > > server {=20 > > listen 443 http2 ssl;=20 > > server_name galene.mydomain.net;=20 > >=20 > > location / {=20 > > proxy_pass http://10.87.94.201:10000/;=20 > > proxy_set_header Host $http_host;=20 > > proxy_set_header X-Forwarded-Host $host:$server_port;=20 > > proxy_set_header X-Forwarded-Server $host;=20 > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;=20 > > proxy_set_header X-Real-IP $remote_addr;=20 > > proxy_set_header Upgrade $http_upgrade; 188.165.192.106:45618/ud= p(relay) > > proxy_set_header Connection "Upgrade";=20 > > }=20 > >=20 > > ssl_certificate /etc/letsencrypt/live/several.mydomain.net/fullchain= =2Epem; # managed by Certbot=20 > > ssl_certificate_key /etc/letsencrypt/live/several.mydomain.net/privk= ey.pem; # managed by Certbot > >=20 > > * on galene container, systemd service is launched with 'galene -http 1= 0.87.94.201:10000 -insecure -turn ww.xx.yy.zz > > :1194 -udp-range 18100-19100' > >=20 > > systemctl status galene says: > >=20 > > =E2=97=8F galene.service - Galene=20 > > Loaded: loaded (/etc/systemd/system/galene.service; enabled; preset= : enabled)=20 > > Drop-In: /run/systemd/system/service.d=20 > > =E2=94=94=E2=94=80zzz-lxc-service.conf=20 > > Active: active (running) since Tue 2024-10-22 11:57:07 UTC; 18h ago= =20 > > Main PID: 535 (galene)=20 > > Tasks: 17 (limit: 76943)=20 > > Memory: 4.9M (peak: 9.5M)=20 > > CPU: 2.413s=20 > > CGroup: /system.slice/galene.service=20 > > =E2=94=94=E2=94=80535 /home/ubuntu/galene/galene -http 10.8= 7.94.201:10000 -insecure -turn ww.xx.yy.zz:1194 -udp-range 18100-19100=20 > >=20 > > Oct 22 11:57:07 galene galene[535]: 2024/10/22 11:57:07 Starting built-= in TURN server on ww.xx.yy.zz:1194=20 > > Oct 22 11:57:07 galene galene[535]: 2024/10/22 11:57:07 Relay test succ= essful in 12.038506ms, RTT =3D 162.921=C2=B5s=20 > > Oct 22 14:54:17 galene galene[535]: turn ERROR: 2024/10/22 14:54:17 Fai= led to handle datagram: failed to create stun message from packet: unexpect= ed EOF: not enough bytes to read header=20 > > Oct 22 18:00:47 galene galene[535]: turn ERROR: 2024/10/22 18:00:47 Fai= led to handle datagram: failed to create stun message from packet: unexpect= ed EOF: not enough bytes to read header=20 > > Oct 22 21:26:00 galene galene[535]: turn ERROR: 2024/10/22 21:26:00 Fai= led to handle datagram: failed to create stun message from packet: unexpect= ed EOF: not enough bytes to read header=20 > > Oct 22 22:37:18 galene galene[535]: turn ERROR: 2024/10/22 22:37:18 Fai= led to handle datagram: failed to create stun message from packet: unexpect= ed EOF: not enough bytes to read header=20 > > Oct 22 23:57:07 galene galene[535]: 2024/10/22 23:57:07 Relay test succ= essful in 18.841846ms, RTT =3D 203.679=C2=B5s=20 > > Oct 23 01:02:12 galene galene[535]: turn ERROR: 2024/10/23 01:02:12 Fai= led to handle datagram: failed to create stun message from packet: unexpect= ed EOF: not enough bytes to read header=20 > > Oct 23 05:03:13 galene galene[535]: turn ERROR: 2024/10/23 05:03:13 Fai= led to handle datagram: failed to create stun message from packet: unexpect= ed EOF: not enough bytes to read header=20 > > Oct 23 06:29:59 galene galene[535]: turn ERROR: 2024/10/23 06:29:59 Fai= led to handle datagram: failed to create stun message from packet: unexpect= ed EOF: not enough bytes to read header > >=20 > > Now, I can access the web UI, but it seems RTC cannot be established. > >=20 > > What am I missed ? > > I'm not a network wizard, any help is appreciated :-) > >=20 > > Franck > >=20 >=20 >=20 >=20 >=20 --nextPart13630801.uLZWGnKmhe Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="UTF-8"

It also seems it is trying to use udp ports on the galene side that are = not in the udp-range I use in the command line:



=C3=89tat= ICE

  = ;     Nomm=C3=A9

  = ; S=C3=A9lectionn=C3=A9

  = ; Candidat local

  = ;            &n= bsp;            = ;            &n= bsp;           Candidat d= istant







inprogress

   false

     =      false

     =            my.lo.ca.lip:3= 7763/udp(host) [non-proxied]

   ww.xx.yy.zz:45618= /udp(relay)







So it's trying to use udp 45618 on the galene side, whic= h in not in the 18100-19100 range I specified and allowed on the firewall.<= /p>

Is = this expected ?


Franck


Le jeudi 24 octobre 2024, 10:11:27 CEST Franck Routier via Galene a =C3= =A9crit :

>= ; Hi,

>= ;

>= ; using about:webrtc in firefox, I see quite a lot of attempts to initiate = ICE / STUN communication on different addresses and ports.

>= ; It seems to finally communicate, but fails with an error:

>= ;

>= ; STUN-CLIENT(relay(IP4:my.lo.ca.lip:60534/UDP|IP4:ww.xx.yy.zz:1194/UDP)::T= URN): Received response; processing

>= ; STUN-CLIENT(relay(IP4:my.lo.ca.lip:60534/UDP|IP4:ww.xx.yy.zz:1194/UDP)::T= URN): XOR-MAPPED-ADDRESS is bogus

>= ; STUN-CLIENT(relay(IP4:my.lo.ca.lip:60534/UDP|IP4:ww.xx.yy.zz:1194/UDP)::T= URN): Error processing response: Invalid data, stun error code 0.

>= ; Inconsistent message method: 103 expected 001

>= ; ICE(PC:{247ed162-d0e5-4dfc-a5bc-7c7429fd06be} 1729756871462370 (id=3D5798= 2058498 url=3Dhttps://galene.mydomain.net/group/visio/)): Message does not = correspond to any registered stun ctx

>= ;

>= ; Does this make any sense to someone ?

>= ;

>= ; Thanks

>= ; Franck

>= ;

>= ;

>= ; Le mercredi 23 octobre 2024, 08:42:33 CEST Franck Routier a =C3=A9crit :<= /p>

>= ; > Hi,

>= ; >

>= ; > I'm trying to setup a galene instance in the following context:

>= ; >

>= ; > * one physical server (hosted at OVH) with public IP ww.xx.yy.zz

>= ; > * on this server, incus (https://linuxcontainers.org/incus/docs/main= /) is used to handle different containers: galene is in one of this contain= ers (running Ubuntu)

>= ; > * another container is running nginx as a reverse proxy

>= ; > * dns name galene.mydomain.net points to ww.xx.yy.zz

>= ; >

>= ; > What I did is:

>= ; >

>= ; > * on the main server, forward ports tcp/1194, upd/1194 and udp/18100= =2D19100 to same ports on galene container

>= ; > (I tested with netcat that this port forwarding is effective)

>= ; >

>= ; > * on nginx, proxypass url https://galene.mydomain.net to galene cont= ainer on port 10000:

>= ; >

>= ; > server {

>= ; >    if ($host =3D galene.mydomain.net) {

>= ; >        return 301 https://$host$r= equest_uri;

>= ; >    }

>= ; >    listen 80;

>= ; >    server_name galene.mydomain.net;

>= ; >    return 301 https://$host$request_uri;

>= ; > }

>= ; >

>= ; > server {

>= ; >    listen  443 http2 ssl;

>= ; >    server_name galene.mydomain.net;

>= ; >

>= ; >    location / {

>= ; >        proxy_pass http://10.87.94= =2E201:10000/;

>= ; >        proxy_set_header Host $htt= p_host;

>= ; >        proxy_set_header X-Forward= ed-Host $host:$server_port;

>= ; >        proxy_set_header X-Forward= ed-Server $host;

>= ; >        proxy_set_header X-Forward= ed-For $proxy_add_x_forwarded_for;

>= ; >        proxy_set_header  X-R= eal-IP $remote_addr;

>= ; >        proxy_set_header Upgrade $= http_upgrade; 188.165.192.106:45618/udp(relay)

>= ; >        proxy_set_header Connectio= n "Upgrade";

>= ; >    }

>= ; >

>= ; >    ssl_certificate /etc/letsencrypt/live/several.mydo= main.net/fullchain.pem; # managed by Certbot

>= ; >    ssl_certificate_key /etc/letsencrypt/live/several.= mydomain.net/privkey.pem; # managed by Certbot

>= ; >

>= ; > * on galene container, systemd service is launched with 'galene -htt= p 10.87.94.201:10000 -insecure -turn ww.xx.yy.zz

>= ; > :1194 -udp-range 18100-19100'

>= ; >

>= ; > systemctl status galene says:

>= ; >

>= ; > =E2=97=8F galene.service - Galene

>= ; >     Loaded: loaded (/etc/systemd/system/galene.s= ervice; enabled; preset: enabled)

>= ; >    Drop-In: /run/systemd/system/service.d

>= ; >           &nb= sp; =E2=94=94=E2=94=80zzz-lxc-service.conf

>= ; >     Active: active (running) since Tue 2024-10-2= 2 11:57:07 UTC; 18h ago

>= ; >   Main PID: 535 (galene)

>= ; >      Tasks: 17 (limit: 76943)

>= ; >     Memory: 4.9M (peak: 9.5M)

>= ; >        CPU: 2.413s

>= ; >     CGroup: /system.slice/galene.service

>= ; >           &nb= sp; =E2=94=94=E2=94=80535 /home/ubuntu/galene/galene -http 10.87.94.201:100= 00 -insecure -turn ww.xx.yy.zz:1194 -udp-range 18100-19100

>= ; >

>= ; > Oct 22 11:57:07 galene galene[535]: 2024/10/22 11:57:07 Starting bui= lt-in TURN server on ww.xx.yy.zz:1194

>= ; > Oct 22 11:57:07 galene galene[535]: 2024/10/22 11:57:07 Relay test s= uccessful in 12.038506ms, RTT =3D 162.921=C2=B5s

>= ; > Oct 22 14:54:17 galene galene[535]: turn ERROR: 2024/10/22 14:54:17 = =46ailed to handle datagram: failed to create stun message from packet: une= xpected EOF: not enough bytes to read header

>= ; > Oct 22 18:00:47 galene galene[535]: turn ERROR: 2024/10/22 18:00:47 = =46ailed to handle datagram: failed to create stun message from packet: une= xpected EOF: not enough bytes to read header

>= ; > Oct 22 21:26:00 galene galene[535]: turn ERROR: 2024/10/22 21:26:00 = =46ailed to handle datagram: failed to create stun message from packet: une= xpected EOF: not enough bytes to read header

>= ; > Oct 22 22:37:18 galene galene[535]: turn ERROR: 2024/10/22 22:37:18 = =46ailed to handle datagram: failed to create stun message from packet: une= xpected EOF: not enough bytes to read header

>= ; > Oct 22 23:57:07 galene galene[535]: 2024/10/22 23:57:07 Relay test s= uccessful in 18.841846ms, RTT =3D 203.679=C2=B5s

>= ; > Oct 23 01:02:12 galene galene[535]: turn ERROR: 2024/10/23 01:02:12 = =46ailed to handle datagram: failed to create stun message from packet: une= xpected EOF: not enough bytes to read header

>= ; > Oct 23 05:03:13 galene galene[535]: turn ERROR: 2024/10/23 05:03:13 = =46ailed to handle datagram: failed to create stun message from packet: une= xpected EOF: not enough bytes to read header

>= ; > Oct 23 06:29:59 galene galene[535]: turn ERROR: 2024/10/23 06:29:59 = =46ailed to handle datagram: failed to create stun message from packet: une= xpected EOF: not enough bytes to read header

>= ; >

>= ; > Now, I can access the web UI, but it seems RTC cannot be established= =2E

>= ; >

>= ; > What am I missed ?

>= ; > I'm not a network wizard, any help is appreciated :-)

>= ; >

>= ; > Franck

>= ; >

>= ;

>= ;

>= ;

>= ;


--nextPart13630801.uLZWGnKmhe--