From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) by mail.toke.dk (Postfix) with ESMTPS id DA1869C9AD6 for ; Fri, 2 Dec 2022 15:19:18 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20210112 header.b=CQa5e30F Received: by mail-pf1-x434.google.com with SMTP id k79so5017916pfd.7 for ; Fri, 02 Dec 2022 06:19:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=ZUrT7/gg9YKf8AX77i8KJVS1Oc5iIEClbhAmV5RtUHk=; b=CQa5e30F9TZpU6QA+nCmPMO/yyps5mYFTJWBlZzCsEkjO4vJyIZGZa82+V6hSrwmCT 8xLjjp3eTQw1jwpRnL5k/5/51UdewAm0VUc5kv5ja5A0w8wiDr06nj5JdvgqZSmoboPi v2c/9CdOR7IrXWlAisV0rQQegcbVx981RG8pIyqlAEOUTBpAhzmerw9eVq0F0cCZKcpC H6pHmUyI37TzsDNe01eXYXA15Ci31aITZSuojdNJGUn7S2vhW3WjtomaBt3ehcIjgS6b 8MKz/k8HANyj591tDTz/5/TlkxFN41HK0BjocZdiyxSMRrUooAVOuf5Dep6UD3xwDYoI sBpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZUrT7/gg9YKf8AX77i8KJVS1Oc5iIEClbhAmV5RtUHk=; b=6PusHbss9iqPRhf3sguhL6r/G8P1ty1VGykRUdArcYxeJXspNGZUb6o8VIVY3HHSGq jw2ASrCjTlZYxYp67HxHl7g89t1GYYkm1vBMZtnKNqRCmPPSZFRCx1XwzUVXppEKtnhG TKTlS1Yw5YElBu2iA50Q/UdgZTsUuP5DVH7c0VGBkV0xYnoyyZg6Lzlzkox1aAkt4+07 ou8xvmXR0BpBFs51KPGFsLNLD2i+sqkSl8e/sq/yXa+7QeZcWl1a/4GiEUeTegTkEKv5 ILxwvdNZRFLu5cqhSdblkjcpJwGfOuQV8bgcBd7XfYE1hh/k4qAi3s0ZSz9daHNcSxJA +LSw== X-Gm-Message-State: ANoB5plmnVoVsqdEolHgOJvQWyXoDmh5fYkwQD7gRkOnyvXpBJLa2ULR 19M9rorK9uFA4ZHsTuQ+Hx0ZdRFdvVM= X-Google-Smtp-Source: AA0mqf5eA3isn6zH4ANZanE6EeAA+Lrkc7nGmA1mj85QQPkohswUv6/h0SF0Bd6Z/z+RhURadY/t9A== X-Received: by 2002:a63:e712:0:b0:477:7f69:2749 with SMTP id b18-20020a63e712000000b004777f692749mr44415665pgi.372.1669950547443; Thu, 01 Dec 2022 19:09:07 -0800 (PST) Received: from smtpclient.apple (pool-96-241-128-233.washdc.fios.verizon.net. [96.241.128.233]) by smtp.gmail.com with ESMTPSA id n1-20020aa79841000000b00574ffc5976fsm197722pfq.159.2022.12.01.19.09.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 01 Dec 2022 19:09:06 -0800 (PST) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Han So Mime-Version: 1.0 (1.0) Date: Thu, 1 Dec 2022 22:08:55 -0500 Message-Id: <832DF7B0-0821-466F-9738-0C4E88E98FDB@gmail.com> References: <87lensavpa.wl-jch@irif.fr> In-Reply-To: <87lensavpa.wl-jch@irif.fr> To: Juliusz Chroboczek X-Mailer: iPhone Mail (20B101) Message-ID-Hash: AKW6UBD4HYIC3ZRHOCW67W5QONR3FRCZ X-Message-ID-Hash: AKW6UBD4HYIC3ZRHOCW67W5QONR3FRCZ X-MailFrom: hansolo2218@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.7 Precedence: list Subject: [Galene] Re: Federated servers or multiple turns? List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Attempted what you said, but it turned out we couldn=E2=80=99t even get a si= mple external turn server working. We tried to use a pion go turn server, a= simple one, then the log one, and also tried a coturn server. As a last di= tch effort we copied the galene local turn server and moved it externally an= d that didn=E2=80=99t work. In all cases the initial connection was fine, r= elay test was successful, but the moment we enable the video and audio, it f= ails. This was prior to doing any code changes to attempt multiple turns. A= ny hints on how to make external turns work? Hans > On Nov 30, 2022, at 6:06 PM, Juliusz Chroboczek wrote: >=20 > =EF=BB=BF >>=20 >> This is really to improve security and anonymity >=20 > What's your attack model? Are you assuming that the server is controlled > by an attacker? >=20 >> Currently they both access the same turn so both individuals would see >> the same ip addresses they are connected to. >=20 > You can easily use a different TURN server for each client. Just change > this line: >=20 > https://github.com/jech/galene/blob/master/rtpconn/webclient.go#L1189 >=20 > However, given that most clients don't go through a TURN server but > connect directly to Galene, I fail to see how that would improve > anonymity. >=20 > -- Juliusz