2021-02-01 Ubuntu16.04 cotrun 安装

阿里云服务器申请7天免费

内网ip ：172.16.109.44

外网ip ：47.117.125.228

1.安装依赖

sudo su root #先切换到root

apt-get  install  build-essential #(可选)，如果后面的./configure失败时，可先安装gcc

apt-get install openssl libssl-dev make

wget https://github.com/libevent/libevent/releases/download/release-2.1.10-stable/libevent-2.1.10-stable.tar.gz

tar -zxvf libevent-2.1.10-stable.tar.gz

cd libevent-2.1.10-stable

./configure

make && make install

apt-get install sqlite libsqlite3-dev

2.安装coturn

wget https://github.com/coturn/coturn/archive/4.5.1.1.tar.gz

tar -zxvf 4.5.1.1.tar.gz

cd coturn-4.5.1.1

./configure

make & make install

检测安装路径

which turnserver

/usr/local/bin/turnserver

3.安装ssl证书

生成证书

openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes

root@iZuf67hpr0q1ld5wyjtrj6Z:/home/workSoft/coturn-4.5.1.1# openssl req -x509 -newkey rsa:2048 -keyout /etc/turn_server_pkey.pem -out /etc/turn_server_cert.pem -days 99999 -nodes 
Generating a 2048 bit RSA private key
..........................................................................+++
....+++
writing new private key to '/etc/turn_server_pkey.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:leparts
Organizational Unit Name (eg, section) []:leparts
Common Name (e.g. server FQDN or YOUR name) []:Carn
Email Address []:can_all@163.com
查看生成文件

root@iZuf67hpr0q1ld5wyjtrj6Z:/home/workSoft/coturn-4.5.1.1# ls /etc/turn_server*

/etc/turn_server_cert.pem  /etc/turn_server_pkey.pem
 

4.配置coturn

root@iZuf67hpr0q1ld5wyjtrj6Z:/home/workSoft/coturn-4.5.1.1# turnadmin -a -u iotCarn -p iot.carn.com -r carn
root@iZuf67hpr0q1ld5wyjtrj6Z:/home/workSoft/coturn-4.5.1.1# cp /usr/local/etc/turnserver.conf.default /usr/local/etc/turnserver.conf
root@iZuf67hpr0q1ld5wyjtrj6Z:/home/workSoft/coturn-4.5.1.1# vi /usr/local/etc/turnserver.conf

打开设置

listening-device=eth0

listening-port=3478

listening-ip=172.16.109.44

relay-ip=172.16.109.44

external-ip=47.117.125.228

min-port=49152
max-port=65535

user=iotCarn:iot.carn.com

realm=carn

jjjcert=/etc/turn_server_cert.pem

pkey=/etc/turn_server_pkey.pem（路径要对否则将出现0: WARNING: cannot find certificate file: /usr/local/etc/turn_server_cert.pem (1)
                                                                 0: WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
                                                                 0: WARNING: cannot find private key file: /usr/local/etc/turn_server_pkey.pem (1)
                                                                 0: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly）

cli-password=iot.carn.com (没有这一项将出现0: ERROR: 
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!)

5.启动coturn

root@iZuf67hpr0q1ld5wyjtrj6Z:/home/workSoft# turnserver -o -a -f -user=iotCarn:iot.carn.com -r carn
0: log file opened: /var/log/turn_11391_2021-02-01.log
0: Listener address to use: 172.16.109.44
0: Relay address to use: 172.16.109.44
0: Config file found: /usr/local/etc/turnserver.conf
0: 
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 'dan Eider'
0: 
Max number of open files/sockets allowed for this process: 65535
0: 
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 32500 (approximately)
0: 

==== Show him the instruments, Practical Frost: ====

0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.2g  1 Mar 2016 (0x1000207f)
0: 
0: SQLite supported, default database location is /usr/local/var/db/turndb
0: Redis is not supported
0: PostgreSQL supported
0: MySQL is not supported
0: MongoDB is not supported
0: 
0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

0: Domain name: 
0: Default realm: carn
0: SSL23: Certificate file found: /etc/turn_server_cert.pem
0: SSL23: Private key file found: /etc/turn_server_pkey.pem
0: TLS1.0: Certificate file found: /etc/turn_server_cert.pem
0: TLS1.0: Private key file found: /etc/turn_server_pkey.pem
0: TLS1.1: Certificate file found: /etc/turn_server_cert.pem
0: TLS1.1: Private key file found: /etc/turn_server_pkey.pem
0: TLS1.2: Certificate file found: /etc/turn_server_cert.pem
0: TLS1.2: Private key file found: /etc/turn_server_pkey.pem
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /etc/turn_server_cert.pem
0: DTLS: Private key file found: /etc/turn_server_pkey.pem
0: DTLS1.2: Certificate file found: /etc/turn_server_cert.pem
0: DTLS1.2: Private key file found: /etc/turn_server_pkey.pem
0: DTLS cipher suite: DEFAULT
root@iZuf67hpr0q1ld5wyjtrj6Z:/home/workSoft# 
 

在freeSwitch中验证coturn

freeswitch@iZuf67hpr0q1ld5wyjtrj6Z> stun 47.117.125.228

47.117.125.228:58021（此处返回公网IP为可行）

否则将出现错误如下：

freeswitch@iZuf67hpr0q1ld5wyjtrj6Z> stun 47.117.125.228

-STUN Failed! [Timeout]
 

记得在阿里云上安全组中设置端口开放

6.结语

还有一个疑惑尚且不明白

2021-02-01 11:36:38.193914 [ERR] sofia_reg.c:2474 outGateway1 Failed Registration with status Forbidden [403]. failure #3
如有大神知道求点拨下。

outGateway1.xml 内容

<include>
  <gateway name="outGateway1">
  <!--/// account username *required* ///-->
  <param name="username" value="iotCarn"/>（可能是无运营商sip账号，填的一个coturn的账号）
  <!--/// auth realm: *optional* same as gateway name, if blank ///-->
  <param name="realm" value="47.117.125.228"/>
  <!--/// username to use in from: *optional* same as  username, if blank ///-->
  <!--<param name="from-user" value="cluecon"/>-->
  <!--/// domain to use in from: *optional* same as  realm, if blank ///-->
  <!--<param name="from-domain" value="outGateway1"/>-->
  <!--/// account password *required* ///-->
  <param name="password" value="iot.carn.com"/>
  <!--/// extension for inbound calls: *optional* same as username, if blank ///-->
  <!--<param name="extension" value="cluecon"/>-->
  <!--/// proxy host: *optional* same as realm, if blank ///-->
  <param name="proxy" value="47.117.125.228"/>
  <!--/// send register to this proxy: *optional* same as proxy, if blank ///-->
  <!--<param name="register-proxy" value="mysbc.com"/>-->
  <!--/// expire in seconds: *optional* 3600, if blank ///-->
  <!--<param name="expire-seconds" value="60"/>-->
  <!--/// do not register ///-->
  <param name="register" value="true"/>
  <!-- which transport to use for register -->
  <!--<param name="register-transport" value="udp"/>-->
  <!--How many seconds before a retry when a failure or timeout occurs -->
  <!--<param name="retry-seconds" value="30"/>-->
  <!--Use the callerid of an inbound call in the from field on outbound calls via this gateway -->
  <!--<param name="caller-id-in-from" value="false"/>-->
  <!--extra sip params to send in the contact-->
  <!--<param name="contact-params" value=""/>-->
  <!-- Put the extension in the contact -->
  <!--<param name="extension-in-contact" value="true"/>-->
  <!--send an options ping every x seconds, failure will unregister and/or mark it down-->
  <!--<param name="ping" value="25"/>-->
  <!--<param name="cid-type" value="rpid"/>-->
  <!--rfc5626 : Abilitazione rfc5626 ///-->
  <!--<param name="rfc-5626" value="true"/>-->
  <!--rfc5626 : extra sip params to send in the contact-->
  <!--<param name="reg-id" value="1"/>-->
  </gateway>
</include>
 

freeSwitch使用命令：

sofia profile external rescan reloadxml

sofia global siptrace on （开启后可以看到sip所有注册通信内容，同时遇到了一个有趣的事情，有个145.239.51.233的在扫描sip协议，以及142.44.212.109的两个先后都扫描了，及时的给禁止了，同时设置140.xx.xx.xx的全部禁止，这些多数都是国外IP）

ssh 保活 

客户端

/etc/ssh/ssh_config

ServerAliveInterval 60

ServerAliveCountMax 60

ICE测试

https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
打开上面的测试地址，分别测试stun和turn服务器，只有relay地址回来的是你的ip才算穿透成功。

turnserver -o -a -f -user=username:password -r realm   或者   /usr/local/bin/turnserver -c /usr/local/etc/turnserver.conf -o     均可启动服务

在服务端启动 peer

turnutils_peer -v -p 2345

root@xxxxx-ubuntu:~# turnutils_peer -v -p 2345
0: udp_create_server_socket:66:start
0: udp_create_server_socket:98:end
0: udp_create_server_socket:66:start
0: udp_create_server_socket:98:end
0: udp_create_server_socket:66:start
0: udp_create_server_socket:98:end
0: udp_create_server_socket:66:start
0: udp_create_server_socket:98:end
 

在客户端启动：测试udp 数据穿越

turnutils_uclient -v -u user -w password 47.117.125.228 -p 3478 -e 47.117.125.228 -r 2345 47.117.125.228

root@yex-Ubuntu:/home/sambaFile/workSoft/VoIP_backupFiles/coturn-4.5.1.1# turnutils_uclient -v -u user -w password serverip -p 3478 -e serverip -r 2345 serverip
0: IPv4. Connected from: 192.168.9.10:58346
0: IPv4. Connected to: serverip:3478
0: allocate sent
0: allocate response received: 
0: allocate sent
0: allocate response received: 
0: success
0: IPv4. Received relay addr: serverip:56358
0: clnet_allocate: rtv=13087939328683864521
0: refresh sent
0: refresh response received: 
0: success
0: IPv4. Connected from: 192.168.9.10:55894
0: IPv4. Connected to: serverip:3478
0: IPv4. Connected from: 192.168.9.10:48787
0: IPv4. Connected to: serverip:3478
0: allocate sent
0: allocate response received: 
0: allocate sent
0: allocate response received: 
0: success
0: IPv4. Received relay addr:serverip:56359
0: clnet_allocate: rtv=0
0: refresh sent
0: refresh response received: 
0: success
0: allocate sent
0: allocate response received: 
0: allocate sent
0: allocate response received: 
0: success
0: IPv4. Received relay addr: serverip:50518
0: clnet_allocate: rtv=2133614103385733960
0: refresh sent
0: refresh response received: 
0: success
0: channel bind sent
0: cb response received: 
0: success: 0x752b
0: channel bind sent
0: cb response received: 
0: success: 0x752b
0: channel bind sent
0: cb response received: 
0: success: 0x6f36
0: channel bind sent
0: cb response received: 
0: success: 0x6f36
0: channel bind sent
0: cb response received: 
0: success: 0x4a78
0: Total connect time is 0
1: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
2: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
3: start_mclient: msz=2, tot_send_msgs=5, tot_recv_msgs=5, tot_send_bytes ~ 500, tot_recv_bytes ~ 500
4: start_mclient: msz=2, tot_send_msgs=5, tot_recv_msgs=5, tot_send_bytes ~ 500, tot_recv_bytes ~ 500
5: start_mclient: msz=2, tot_send_msgs=5, tot_recv_msgs=5, tot_send_bytes ~ 500, tot_recv_bytes ~ 500
5: done, connection 0x7fc1088ed010 closed.
5: done, connection 0x106e620 closed.
5: start_mclient: tot_send_msgs=10, tot_recv_msgs=10
5: start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000
5: Total transmit time is 5
5: Total lost packets 0 (0.000000%), total send dropped 0 (0.000000%)
5: Average round trip delay 4.300000 ms; min = 3 ms, max = 5 ms
5: Average jitter 0.500000 ms; min = 0 ms, max = 1 ms

tcp穿越

turnutils_uclient -v -t -T -u user -w password 47.117.125.228 -p 3478

root@yex-Ubuntu:/home/sambaFile/workSoft/VoIP_backupFiles/coturn-4.5.1.1# turnutils_uclient -v -t -T -u user -w password serverip -p 3478
0: IPv4. Connected from: 192.168.9.10:46036
0: IPv4. Connected to: serverip:3478
0: allocate sent
0: allocate response received: 
0: allocate sent
0: allocate response received: 
0: success
0: IPv4. Received relay addr:serverip:61013
0: clnet_allocate: rtv=0
0: refresh sent
0: refresh response received: 
0: success
0: IPv4. Connected from: 192.168.9.10:46038
0: IPv4. Connected to: serverip:3478
0: IPv4. Connected from: 192.168.9.10:46040
0: IPv4. Connected to: serverip:3478
0: allocate sent
0: allocate response received: 
0: allocate sent
0: allocate response received: 
0: success
0: IPv4. Received relay addr:serverip:52697
0: clnet_allocate: rtv=0
0: refresh sent
0: refresh response received: 
0: success
0: allocate sent
0: allocate response received: 
0: allocate sent
0: allocate response received: 
0: success
0: IPv4. Received relay addr:serverip:50328
0: clnet_allocate: rtv=0
0: refresh sent
0: refresh response received: 
0: success
0: create perm sent: serverip:50328
0: cp response received: 
0: success
0: create perm sent: serverip:52697
0: cp response received: 
0: success
0: tcp connect sent
0: connection bind sent
0: connect bind response received: 
0: success
0: IPv4. TCP data network connected to: serverip:3478
0: connection bind sent
0: connect bind response received: 
0: success
0: IPv4. TCP data network connected to:serverip:3478
0: Total connect time is 0
0: 2 connections are completed
1: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
2: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
3: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
4: start_mclient: msz=2, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
5: start_mclient: msz=2, tot_send_msgs=5, tot_recv_msgs=5, tot_send_bytes ~ 500, tot_recv_bytes ~ 500
6: start_mclient: msz=2, tot_send_msgs=5, tot_recv_msgs=5, tot_send_bytes ~ 500, tot_recv_bytes ~ 500
6: done, connection 0x1787620 closed.
6: done, connection 0x7f648b49d010 closed.
6: start_mclient: tot_send_msgs=10, tot_recv_msgs=10
6: start_mclient: tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000
6: Total transmit time is 6
6: Total lost packets 0 (0.000000%), total send dropped 0 (0.000000%)
6: Average round trip delay 8.400000 ms; min = 0 ms, max = 29 ms
6: Average jitter 12.000000 ms; min = 3 ms, max = 28 ms