From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp-1909.mail.infomaniak.ch (smtp-1909.mail.infomaniak.ch [185.125.25.9])
	by mail.toke.dk (Postfix) with ESMTPS id B23D2A93017
	for <galene@lists.galene.org>; Thu, 24 Oct 2024 10:11:29 +0200 (CEST)
Authentication-Results: mail.toke.dk;
	dkim=pass (2048-bit key; unprotected) header.d=mecadu.org header.i=@mecadu.org header.a=rsa-sha256 header.s=20230720 header.b=chcTYlpG
Received: from smtp-4-0001.mail.infomaniak.ch (smtp-4-0001.mail.infomaniak.ch [10.7.10.108])
	by smtp-4-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4XYzC44mMgzPlP
	for <galene@lists.galene.org>; Thu, 24 Oct 2024 10:11:28 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mecadu.org;
	s=20230720; t=1729757488;
	bh=6jGIe0zdHi7ATCdBOHClGDmi6Zipy3blaM4YQbtUn44=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=chcTYlpG4PDcI9DRvPNaT8A0wNsT19D4Y2j8PHPGye4A3YiihvORdL02s3v1nnazo
	 W3doI86mUD1LpPNK+XOjdSqqILnSph3JXQtszrZ6H/WvCw6pwv31yj5anMfbx8ELyT
	 2+mY6UYw3TcAw84RukYwD8VcG9YuSdEC0YzvXzmJWk++kDDufYqZ1Xh6yQgE28z2zT
	 S+8I5uztsgrGDhifafJbRdBA+bin3u2idkywkmNGTfq0hJfgRA0c5ch8wK4KgstG16
	 cvaDuyNtJTDiSmajSSwKROfS+SkCp1hTk8c/IoZHwiI+Kri/DmODVOkkzTiLd1lATd
	 PR12xj1FfoMZw==
Received: from unknown by smtp-4-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4XYzC423cxz9ZG
	for <galene@lists.galene.org>; Thu, 24 Oct 2024 10:11:28 +0200 (CEST)
From: Franck Routier <alci@mecadu.org>
To: galene@lists.galene.org
Date: Thu, 24 Oct 2024 10:11:27 +0200
Message-ID: <6101356.lOV4Wx5bFT@tibook>
In-Reply-To: <1987495.PYKUYFuaPT@tibook>
References: <1987495.PYKUYFuaPT@tibook>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Infomaniak-Routing: alpha
Message-ID-Hash: TGR6XITGTBUSKHQWY6AJCLKBZWHQ2EYP
X-Message-ID-Hash: TGR6XITGTBUSKHQWY6AJCLKBZWHQ2EYP
X-MailFrom: alci@mecadu.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
Subject: [Galene] Re: Help needed on network settings
List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= <galene.lists.galene.org>
Archived-At: <https://lists.galene.org/galene/6101356.lOV4Wx5bFT@tibook/>
List-Archive: <https://lists.galene.org/galene/>
List-Help: <mailto:galene-request@lists.galene.org?subject=help>
List-Owner: <mailto:galene-owner@lists.galene.org>
List-Post: <mailto:galene@lists.galene.org>
List-Subscribe: <mailto:galene-join@lists.galene.org>
List-Unsubscribe: <mailto:galene-leave@lists.galene.org>

Hi,

using about:webrtc in firefox, I see quite a lot of attempts to initiate IC=
E / STUN communication on different addresses and ports.
It seems to finally communicate, but fails with an error:

STUN-CLIENT(relay(IP4:my.lo.ca.lip:60534/UDP|IP4:ww.xx.yy.zz:1194/UDP)::TUR=
N): Received response; processing
STUN-CLIENT(relay(IP4:my.lo.ca.lip:60534/UDP|IP4:ww.xx.yy.zz:1194/UDP)::TUR=
N): XOR-MAPPED-ADDRESS is bogus
STUN-CLIENT(relay(IP4:my.lo.ca.lip:60534/UDP|IP4:ww.xx.yy.zz:1194/UDP)::TUR=
N): Error processing response: Invalid data, stun error code 0.
Inconsistent message method: 103 expected 001
ICE(PC:{247ed162-d0e5-4dfc-a5bc-7c7429fd06be} 1729756871462370 (id=3D579820=
58498 url=3Dhttps://galene.mydomain.net/group/visio/)): Message does not co=
rrespond to any registered stun ctx

Does this make any sense to someone ?

Thanks
=46ranck


Le mercredi 23 octobre 2024, 08:42:33 CEST Franck Routier a =C3=A9crit :
> Hi,
>=20
> I'm trying to setup a galene instance in the following context:
>=20
> * one physical server (hosted at OVH) with public IP ww.xx.yy.zz
> * on this server, incus (https://linuxcontainers.org/incus/docs/main/) is=
 used to handle different containers: galene is in one of this containers (=
running Ubuntu)
> * another container is running nginx as a reverse proxy
> * dns name galene.mydomain.net points to ww.xx.yy.zz
>=20
> What I did is:
>=20
> * on the main server, forward ports tcp/1194, upd/1194 and udp/18100-1910=
0 to same ports on galene container
> (I tested with netcat that this port forwarding is effective)
>=20
> * on nginx, proxypass url https://galene.mydomain.net to galene container=
 on port 10000:
>=20
> server {=20
>    if ($host =3D galene.mydomain.net) {=20
>        return 301 https://$host$request_uri;=20
>    }
>    listen 80;=20
>    server_name galene.mydomain.net;=20
>    return 301 https://$host$request_uri;=20
> }
>=20
> server {=20
>    listen  443 http2 ssl;=20
>    server_name galene.mydomain.net;=20
>=20
>    location / {=20
>        proxy_pass http://10.87.94.201:10000/;=20
>        proxy_set_header Host $http_host;=20
>        proxy_set_header X-Forwarded-Host $host:$server_port;=20
>        proxy_set_header X-Forwarded-Server $host;=20
>        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;=20
>        proxy_set_header  X-Real-IP $remote_addr;=20
>        proxy_set_header Upgrade $http_upgrade;=20
>        proxy_set_header Connection "Upgrade";=20
>    }=20
>=20
>    ssl_certificate /etc/letsencrypt/live/several.mydomain.net/fullchain.p=
em; # managed by Certbot=20
>    ssl_certificate_key /etc/letsencrypt/live/several.mydomain.net/privkey=
=2Epem; # managed by Certbot
>=20
> * on galene container, systemd service is launched with 'galene -http 10.=
87.94.201:10000 -insecure -turn ww.xx.yy.zz
> :1194 -udp-range 18100-19100'
>=20
> systemctl status galene says:
>=20
> =E2=97=8F galene.service - Galene=20
>     Loaded: loaded (/etc/systemd/system/galene.service; enabled; preset: =
enabled)=20
>    Drop-In: /run/systemd/system/service.d=20
>             =E2=94=94=E2=94=80zzz-lxc-service.conf=20
>     Active: active (running) since Tue 2024-10-22 11:57:07 UTC; 18h ago=20
>   Main PID: 535 (galene)=20
>      Tasks: 17 (limit: 76943)=20
>     Memory: 4.9M (peak: 9.5M)=20
>        CPU: 2.413s=20
>     CGroup: /system.slice/galene.service=20
>             =E2=94=94=E2=94=80535 /home/ubuntu/galene/galene -http 10.87.=
94.201:10000 -insecure -turn ww.xx.yy.zz:1194 -udp-range 18100-19100=20
>=20
> Oct 22 11:57:07 galene galene[535]: 2024/10/22 11:57:07 Starting built-in=
 TURN server on ww.xx.yy.zz:1194=20
> Oct 22 11:57:07 galene galene[535]: 2024/10/22 11:57:07 Relay test succes=
sful in 12.038506ms, RTT =3D 162.921=C2=B5s=20
> Oct 22 14:54:17 galene galene[535]: turn ERROR: 2024/10/22 14:54:17 Faile=
d to handle datagram: failed to create stun message from packet: unexpected=
 EOF: not enough bytes to read header=20
> Oct 22 18:00:47 galene galene[535]: turn ERROR: 2024/10/22 18:00:47 Faile=
d to handle datagram: failed to create stun message from packet: unexpected=
 EOF: not enough bytes to read header=20
> Oct 22 21:26:00 galene galene[535]: turn ERROR: 2024/10/22 21:26:00 Faile=
d to handle datagram: failed to create stun message from packet: unexpected=
 EOF: not enough bytes to read header=20
> Oct 22 22:37:18 galene galene[535]: turn ERROR: 2024/10/22 22:37:18 Faile=
d to handle datagram: failed to create stun message from packet: unexpected=
 EOF: not enough bytes to read header=20
> Oct 22 23:57:07 galene galene[535]: 2024/10/22 23:57:07 Relay test succes=
sful in 18.841846ms, RTT =3D 203.679=C2=B5s=20
> Oct 23 01:02:12 galene galene[535]: turn ERROR: 2024/10/23 01:02:12 Faile=
d to handle datagram: failed to create stun message from packet: unexpected=
 EOF: not enough bytes to read header=20
> Oct 23 05:03:13 galene galene[535]: turn ERROR: 2024/10/23 05:03:13 Faile=
d to handle datagram: failed to create stun message from packet: unexpected=
 EOF: not enough bytes to read header=20
> Oct 23 06:29:59 galene galene[535]: turn ERROR: 2024/10/23 06:29:59 Faile=
d to handle datagram: failed to create stun message from packet: unexpected=
 EOF: not enough bytes to read header
>=20
> Now, I can access the web UI, but it seems RTC cannot be established.
>=20
> What am I missed ?
> I'm not a network wizard, any help is appreciated :-)
>=20
> Franck
>=20