PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Coturn hört nicht auf TLS trotz Zertifikat

tekcld
2020-09-01, 04:09:50
Moin

root@coturn:~# vim /etc/turnserver.conf
listening-port=3478
tls-listening-port=443
external-ip=88.99.14.147
fingerprint use-auth-secret static-auth-secret=kaesekuchen
cert=/etc/letsencrypt/live/turn.xxxx.de/fullchain.pem
pkey=/etc/letsencrypt/live/turn.xxxx.de/privkey.pem
cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA +AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
dh2066
syslog
no-tlsv1
no-tlsv1_1

`root@coturn:~# turnserver -v -o
0: Config file found: /root/../etc/turnserver.conf
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 1048576
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0:

==== Show him the instruments, Practical Frost: ====

0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.1.1f 31 Mar 2020 (0x1010106f)
0:
0: SQLite supported, default database location is /var/lib/turn/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

0: Domain name:
0: Default realm:
0: ERROR:
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
0:
CONFIGURATION ALERT: you did specify the long-term credentials usage
but you did not specify the default realm option (-r option).
Check your configuration.
0: SSL23: Certificate file found: /etc/letsencrypt/live/turn.xxxx.de/fullchain.pem
0: SSL23: Private key file found: /etc/letsencrypt/live/turn.xxxx.de/privkey.pem
0: TLS1.2: Certificate file found: /etc/letsencrypt/live/turn.xxxx.de/fullchain.pem
0: TLS1.2: Private key file found: /etc/letsencrypt/live/turn.xxxx.de/privkey.pem
0: TLS cipher suite: ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA +AESGCM:RSA+AES:!aNULL:!MD5:!DSS
0: DTLS: Certificate file found: /etc/letsencrypt/live/turn.xxxx.de/fullchain.pem
0: DTLS: Private key file found: /etc/letsencrypt/live/turn.xxxx.de/privkey.pem
0: DTLS1.2: Certificate file found: /etc/letsencrypt/live/turn.xxxx.de/fullchain.pem
0: DTLS1.2: Private key file found: /etc/letsencrypt/live/turn.xxxx.de/privkey.pem
0: DTLS cipher suite: ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA +AESGCM:RSA+AES:!aNULL:!MD5:!DSS
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 88.99.14.147
0: Listener address to use: ::1
0: Listener address to use: 2a01:4f8:c17:ce3d::1
0: =====================================================
0: Total: 2 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 88.99.14.147
0: Relay address to use: 2a01:4f8:c17:ce3d::1
0: =====================================================
0: Total: 2 relay addresses discovered
root@coturn:~# netstat -npta | grep turnserver
tcp 0 0 88.99.14.147:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 88.99.14.147:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 88.99.14.147:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 88.99.14.147:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 88.99.14.147:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 88.99.14.147:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 88.99.14.147:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 88.99.14.147:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN 2833/turnserver
tcp6 0 0 ::1:3478 :::* LISTEN 2833/turnserver
tcp6 0 0 2a01:4f8:c17:ce3d::3478 :::* LISTEN 2833/turnserver
tcp6 0 0 ::1:3478 :::* LISTEN 2833/turnserver
tcp6 0 0 ::1:3478 :::* LISTEN 2833/turnserver
tcp6 0 0 ::1:3478 :::* LISTEN 2833/turnserver
tcp6 0 0 2a01:4f8:c17:ce3d::3478 :::* LISTEN 2833/turnserver
tcp6 0 0 2a01:4f8:c17:ce3d::3478 :::* LISTEN 2833/turnserver
tcp6 0 0 ::1:3478 :::* LISTEN 2833/turnserver
tcp6 0 0 2a01:4f8:c17:ce3d::3478 :::* LISTEN 2833/turnserver
tcp6 0 0 ::1:3478 :::* LISTEN 2833/turnserver
tcp6 0 0 2a01:4f8:c17:ce3d::3478 :::* LISTEN 2833/turnserver
tcp6 0 0 ::1:3478 :::* LISTEN 2833/turnserver
tcp6 0 0 2a01:4f8:c17:ce3d::3478 :::* LISTEN 2833/turnserver
tcp6 0 0 ::1:3478 :::* LISTEN 2833/turnserver
tcp6 0 0 2a01:4f8:c17:ce3d::3478 :::* LISTEN 2833/turnserver
tcp6 0 0 2a01:4f8:c17:ce3d::3478 :::* LISTEN 2833/turnserver
`

habe es mit der bigbluebutton anleitung versucht. Läuft net so richtig.
Sephiroth
2020-09-01, 19:00:32
hm, kenne mich damit nicht aus aber das hier

fingerprint use-auth-secret static-auth-secret=kaesekuchen

sollte gemäß example (https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf) jeweils auf einer eigenen zeile stehen
tekcld
2020-09-13, 13:09:16
ist es.

ich habe die Datei zusammen gekürzt und anscheinend einen umbruch gelöscht.

Also daran liegt es nicht.