Coturn/turnserver:错误437:分配不匹配:事务ID(WebRTC)错误
Coturn/turnserver : error 437: Mismatched allocation: wrong transaction ID (WebRTC)
我有这样的结构:
- Web服务器:Apache。它在局域网中。它在一台具有公共静态ip的pc(Windows7)上。电脑在网络中
- 信号服务器:在同一台电脑上的虚拟机(VirtualBox Centos 6)中
- STUN/TURN服务器:Coturn"4.5.0.4"。在同一台电脑上的虚拟机(VirtualBox Centos 6)中
- 客户A:笔记本电脑,Vista。我使用三星手机和usb网络连接来连接(外部)互联网。移动设备使用"移动数据"连接互联网
- 客户端B:笔记本电脑,Windows 8(或Windows 10)。我使用三星平板电脑和usb连接来获得(外部)互联网。平板电脑使用"移动数据"连接互联网
我运行一个像这样的coturn/turnserver:
sudo turnserver -X xxx.xx.xxx.xx (this is my static external ip)
我已经创建了端口转发:
3479 -> 3478 for TCP
3479 -> 3478 for UTP
5348 -> 5349 for TCP
5348 -> 5349 for UTP
我使用的默认配置文件的coturn与这些变化:
verbose
fingerprint
lt-cred-mech
realm=mycompany.org
cert=server.crt
pkey=server.key
pkey-pwd=.... (it has been omitted)
log-file=/var/tmp/turnserver.log
simple-log
我已经创建了文件server.crt和server.key,我知道它们是正确的,因为我可以使用网络管理工具,需要它们与https 一起运行
我已经创建了管理员用户。我已经为用户"test4"创建了一个密钥,使用:
sudo turnadmin -k -u test4 -r mycompany.org -p test
我用它来创造他:
sudo turnadmin -a -b "/var/db/turndb" -u test4 -r mycompamy.org -p ......
客户端:
var STUN = {
urls: "stun:xxx.xx.xxx.xx:3479" //port forward
};
var TURN = {
urls: [
"turn:xxx.xx.xxx.xx:3479?transport=udp",
"turn:xxx.xx.xxx.xx:3479?transport=tcp",
"turn:xxx.xx.xxx.xx:3479"
],
username : "test4",
credential : "......................", (it's the key. it has been omitted)
};
我从coturn/turnserver收到的消息如下:
242: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:60113
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:60075
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: IPv4. Local relay addr: 10.0.2.15:55037
243: session 000000000000000003: new, realm=<mycompany.org>, username=<test4>, lifetime=600
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: IPv4. Local relay addr: 10.0.2.15:52683
243: session 000000000000000002: new, realm=<mycompany.org>, username=<test4>, lifetime=600
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
244: session 000000000000000002: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
244: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
244: session 000000000000000003: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
244: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
245: session 000000000000000002: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:60113, reason: allocation timeout
245: session 000000000000000002: delete: realm=<mycompany.org>, username=<test4>
245: session 000000000000000003: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:60075, reason: allocation timeout
245: session 000000000000000003: delete: realm=<mycompany.org>, username=<test4>
我在这里错过了什么?为什么我在控制台中得到"ICE失败"?
我在读https://tools.ietf.org/id/draft-ietf-behave-turn-08.html关于
"error 437: Mismatched allocation: wrong transaction ID"
上面写着
437(分配不匹配):这表示客户端选择了服务器认为已经在使用或最近使用的5元组使用中。发生这种情况的一种方式是,如果一个介入的NAT为最近被另一个分配使用的映射传输地址。客户端应该选择另一个客户端传输地址,然后重试分配请求(使用不同的事务id)。客户应该在放弃之前尝试三个不同的客户端传输地址此服务器。一旦客户端放弃服务器,就不应该尝试在服务器上创建另一个分配2分钟。
这是什么意思?
更新
现在,当客户端A使用Chrome"49.02623.112 m"(我无法再更新它,因为它在Vista上)和客户端B"50.0.2661.75 m"时,coturn服务器会在几秒钟内正常工作。我这样运行服务器(我不确定这是否有帮助。XXX.XX.XXX.XX是服务器VM所在PC的公共静态IP,192.168.2.190是内部IP):
sudo turnserver -X XXX.XX.XXX.XX/192.168.2.190
以下是日志消息:
0: log file opened: /var/log/turn_3205_2016-04-15.log
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.0.4 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 4096
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 2000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 is not supported
0: TURN/STUN ALPN is not supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.1e-fips 11 Feb 2013
0:
0: SQLite supported, default database location is /var/db/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Config file found: /etc/turnserver/turnserver.conf
0: log file opened: /var/tmp/turnserver.log
0: Config file found: /etc/turnserver/turnserver.conf
0: Domain name:
0: Default realm: mycompany.org
0: Config file found: /etc/turnserver/server.crt
0: Config file found: /etc/turnserver/server.key
0: SSL23: Certificate file found: /etc/turnserver/server.crt
0: SSL23: Private key file found: /etc/turnserver/server.key
0: TLS1.0: Certificate file found: /etc/turnserver/server.crt
0: TLS1.0: Private key file found: /etc/turnserver/server.key
0: TLS1.1: Certificate file found: /etc/turnserver/server.crt
0: TLS1.1: Private key file found: /etc/turnserver/server.key
0: TLS1.2: Certificate file found: /etc/turnserver/server.crt
0: TLS1.2: Private key file found: /etc/turnserver/server.key
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /etc/turnserver/server.crt
0: DTLS: Private key file found: /etc/turnserver/server.key
0: DTLS cipher suite: DEFAULT
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 10.0.2.15
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 10.0.2.15
0: Relay address to use: ::1
0: =====================================================
0: Total: 2 relay addresses discovered
0: =====================================================
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0: relay 10.0.2.15 initialization...
0: relay 10.0.2.15 initialization done
0: relay ::1 initialization...
0: relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3479
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5350
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:3478
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:3479
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:5349
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:5350
0: IPv6. DTLS/UDP listener opened on: ::1:3478
0: IPv6. DTLS/UDP listener opened on: ::1:3479
0: IPv6. DTLS/UDP listener opened on: ::1:5349
0: IPv6. DTLS/UDP listener opened on: ::1:5350
0: Total General servers: 2
0: IO method (admin thread): epoll (with changelist)
0: ERROR: Cannot create CLI listener
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/db/turndb
1275: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:30637
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:30638
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: IPv4. Local relay addr: 10.0.2.15:52828
1275: session 001000000000000001: new, realm=<mycompany.org>, username=<test4>, lifetime=600
1275: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: IPv4. Local relay addr: 10.0.2.15:57360
1275: session 000000000000000001: new, realm=<mycompany.org>, username=<test4>, lifetime=600
1275: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1276: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1277: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1277: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1278: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1278: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1280: session 001000000000000001: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
1280: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
1280: session 000000000000000001: peer XXX.XX.XX.XX lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer XXX.XX.XX.XX lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.2 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1280: session 000000000000000001: peer 10.0.2.2 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1281: session 001000000000000001: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:30638, reason: allocation timeout
1281: session 001000000000000001: delete: realm=<mycompany.org>, username=<test4>
1281: session 000000000000000001: peer 10.0.2.15 lifetime updated: 600
1281: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CHANNEL_BIND processed, success
1282: session 000000000000000001: peer 10.0.2.15 lifetime updated: 600
1282: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CHANNEL_BIND processed, success
1282: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1283: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1285: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1286: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1286: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1292: session 000000000000000001: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
1292: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
1293: session 000000000000000001: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:30637, reason: allocation timeout
1293: session 000000000000000001: delete: realm=<mycompany.org>, username=<test4>
1293: session 000000000000000001: peer XXX.XX.XX.XX deleted
1293: session 000000000000000001: peer 10.0.2.2 deleted
1293: session 000000000000000001: peer 10.0.2.15 deleted
也许,这不是一个像"软件X不工作,拿起软件Y"这样的好答案。然而,在这种情况下,它让我很开心。因此,如果您可以为您的项目选择TURN服务器软件,请查看reTurn
服务器。
以下是我的故事和答案。
在与coturn
进行斗争之后:对设置、DB、用户、领域进行实验,并读取吨的DEBUG日志。我已经放弃了。我输了。
我决定切换到reTurn
STUN/TURN服务器。我按照本手册进行了一些小修改:http://rtcquickstart.org/guide/multi/turn-reTurnServer.html
以下是堆栈详细信息:
- DigitalOcean中的操作系统
Ubuntu 16.04 LTS
安装是简单的sudo apt-get install resiprocate-turn-server
。您应该注意,软件包具有所有预配置步骤,例如密钥生成。
这是我工作/etc/reTurn/reTurnServer.config
的全部内容(包括默认设置)
TurnAddress = XXX.XXX.XXX.XXX
TurnPort = 3478
TlsTurnPort = 0
AltStunAddress = 0.0.0.0
AltStunPort = 0
LoggingType = file
SyslogFacility = LOG_DAEMON
LoggingLevel = INFO
LogFilename = /var/log/reTurnServer/reTurnServer.log
LogFileMaxLines = 10000 # May be usefull
Daemonize = true
PidFile = /var/run/reTurnServer/reTurnServer.pid
RunAsUser = return
RunAsGroup = return
AuthenticationRealm = reTurn
UserDatabaseFile = /etc/reTurn/users.txt
UserDatabaseHashedPasswords = false # For Development purposes it enougth
UserDatabaseCheckInterval = 5 # Check it every 5 seconds
NonceLifetime = 3600
AllocationPortRangeMin = 49152
AllocationPortRangeMax = 65535
DefaultAllocationLifetime = 600
MaxAllocationLifetime = 3600
TlsServerCertificateFilename = server.pem
TlsServerPrivateKeyFilename = server-key.pem
TlsTempDhFilename = /etc/reTurn/dh2048.pem
TlsPrivateKeyPassword =
和/etc/reTurn/users.txt
(只有一个记录)
cloudguy:passw0rd:reTurn:AUTHORIZED
在客户端,我使用SimpleWebRTC
和signalmaster
作为信号服务器。如何告诉客户端使用服务器:
peerConnectionConfig: {
// I force browser to use relay
iceTransports: 'relay',
iceServers: [
{
url: "stun:XXX.XXX.XXX.XXX"
},
{
urls: [
"turn:XXX.XXX.XXX.XXX:3478?transport=udp",
"turn:XXX.XXX.XXX.XXX:3478?transport=tcp",
"turn:XXX.XXX.XXX.XXX:3478"
],
credential: "passw0rd",
username: "cloudguy"
}
]
}
因此,它在以下情况下有效:
- 具有NAT的同一LAN中的两个或三个客户端
- 使用NAT的不同局域网中的两个或三个浏览器(!)
- 两个或三个客户端在不同的局域网与NAT和其中一个带有代理(哇!)
所以它就像它应该工作一样工作。耶。就是这样。如果你成功地使用了coturn
,那么很想知道你是如何做到这一点的。
谢谢。
我现在在Centos 7上使用一台服务器,有2个IP地址和真正的证书,"coturn"可以工作。所以也许解决方案是现在我使用两个IP地址
- 语法错误:缺少:在属性 ID 之后
- 未捕获错误:元素缓存中id为x的DOM元素与DOM中的元素不同
- 使用Javascript向ID数组发送通知时出现Facebook访问令牌错误
- 更改错误文本“用户 ID 或密码不正确”
- 按类划分的元素数组 - 类型错误:$.id 不是一个函数
- HERE 映射 javascript API - 抛出“指针必须有 ID”错误
- 解析 /page.xhtml 时出错:跟踪错误[行: 42] 与元素类型“id”关联的属性“{1}”应使用左引号
- DOJO 错误 ID 已注册
- Coturn/turnserver:错误437:分配不匹配:事务ID(WebRTC)错误
- 我得到未捕获的类型错误:无法读取属性'选项'即使定义了元素id,也为null
- Meteor Update集合-未捕获错误:不允许.不受信任的代码只能通过ID更新文档.[403]
- 如何修复重复的Facebook像素ID错误
- Jquery语法错误,id选择器上的表达式无法识别
- 选择id中带有双点的元素,错误:“#octo:cat”不是有效的选择器
- Node.js 在使用 id 参数时在 dpd.get 上部署 404 错误,在 dpd.put 上部署 400 错误
- JavaScript:滑块每 2 步跳转到错误的 ID
- 未捕获的语法错误:意外的令牌 .AKA 如何在 jQuery 中检查 ID
- 未捕获的引用错误: 未定义导出 ID
- 在为 jquery 自动完成设置源代码时获取“语法错误:缺少:在属性 ID 之后”
- 当我尝试附加数据 ID 时;我收到一个错误