From: Dirk-Willem van Gulik <dirkx@webweaving.org>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: galene@lists.galene.org
Subject: [Galene] Re: udp-port range and subsequent "turn" use of ports outside that range
Date: Sun, 11 Feb 2024 21:53:47 +0100 [thread overview]
Message-ID: <FD04091B-6A7B-4CC0-81D1-612926749422@webweaving.org> (raw)
In-Reply-To: <87o7cmhole.wl-jch@irif.fr>
> On 11 Feb 2024, at 18:56, Juliusz Chroboczek <jch@irif.fr> wrote:
>
>> I've got a minor puzzle in a fairly simple setup; where galene is behind
>> a reverse proxy & in a freebsd jail (to co-exist with another
>> video/blackboard/sip servers).
>
> This is described in the section "Configure your server's firewall" of the
> documentation.
:) which was followed to the letter - and works as advertised with the
exception of limiting galene to the (large) range provided.
> Galene uses :
>
> - one TCP port for the web server, as specified by the option "-http" ;
>
> - one TCP and one UDP port for the TURN server, as specified by the
> option "-turn" ;
>
> - many UDP ports (one per media stream), which are chosen randomly in
> the ephemeral port range of your system, and may be restricted using
> the option "-udp-range".
Right - and as per the email - all this was done exactly in this fashion.
> The use of "-udp-range" is not recommended, since giving Galene too few
> ports will cause issues when the range runs out.
Correct - but the issue that surprised me was the error:
turn ERROR: 2024/02/11 14:26:36 Failed to handle datagram:
unable to handle ChannelData from 127.0.1.12:32895:
failed writing to socket: write udp4 127.0.1.12:24074->DESTINATION_IP:54924:
sendto: permission denied
for the very first packet ever sent out.
I.e where specifically the ports selected are outside the 10.000 (ten thousand) ports made available. This large, 10k, number was chosen to prevent Galene from running out. However it appears - even for the very first connection - to not select from this range.
Does something other than the flags:
-turn <outside-ip-address>:1194 -udp-range 18100-19100
need to be set to constrain the TURN port choice ?
Dw
next prev parent reply other threads:[~2024-02-11 20:57 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-11 14:39 [Galene] " Dirk-Willem van Gulik
2024-02-11 17:56 ` [Galene] " Juliusz Chroboczek
2024-02-11 20:53 ` Dirk-Willem van Gulik [this message]
2024-02-11 22:14 ` Juliusz Chroboczek
2024-02-15 15:02 ` Dirk-Willem van Gulik
2024-02-15 18:09 ` Juliusz Chroboczek
2024-02-15 18:12 ` Dirk-Willem van Gulik
2024-02-22 22:38 ` Juliusz Chroboczek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=FD04091B-6A7B-4CC0-81D1-612926749422@webweaving.org \
--to=dirkx@webweaving.org \
--cc=galene@lists.galene.org \
--cc=jch@irif.fr \
--subject='[Galene] Re: udp-port range and subsequent "turn" use of ports outside that range' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox