ZxChat with a TURN server/Annex: Installing a TURN server on Centos 7

From ZeXtras Suite Wiki

Jump to: navigation, search
Language: English  • español • português

DISCLAIMER

  • This guide refers to products not developed nor supported by ZeXtras and is intended as a practical example of implementation. Please use this as a guideline and refer to your OS and TURN server's online resources when setting up a production environment.
  • A TURN server requires a relevant amount of bandwidth depending on the number of videocalls being handled at the same time.

TURN on CentOS 7 with reTurn

reTurn is a highly efficient C++ open-source STUN/TURN server and client library. It is an implementation of the latest STUN/TURN RFCs: RFC5389 (STUN), and RFC5766 (TURN). It's our platform of choice for internal testing during the development of ZeXtras Chat and for our production environment.

This guide will only focus on the TURN component, as STUN is natively implemented in ZeXtras Suite.

Package information and dependencies

reTurn cannot be found in CentOS' official repository. The resiprocate-turn-server package however can be found in Fedora's EPEL package (albeit this doesn't work out of the box on CentOS)

[root@localhost ~]# yum info resiprocate-turn-server

Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: centos.fastbull.org
 * epel: mirrors.n-ix.net
 * extras: centos.fastbull.org
 * updates: centos.fastbull.org
Available Packages
Name        : resiprocate-turn-server
Arch        : x86_64
Version     : 1.10.0
Release     : 21.el7
Size        : 195 k
Repo        : epel/x86_64
Summary     : ICE/STUN/TURN server
URL         : http://www.resiprocate.org
License     : VSL
Description : reTurn is the TURN server developed as part of the reSIProcate project.
            : TURN (RFC 5766) provides a standardised solution for VoIP applications
            : to find the most efficient way to route media streams when NAT and
            : firewall devices may be present.
            : reTurn provides a high-quality, low maintenance solution for serving
            : small and large IP telephony installations.  It has been used successfully
            : with a variety of SIP and Jabber applications, including Lumicall,
            : Jitsi, Empathy and Psi.
            : reSIProcate is a framework that aims to fully implement the SIP protocol
            : in first class C++.  It is intended for use in other applications,
            : such as the repro SIP proxy.

Installation and setup

Building the RPM package

Install rpmbuild:

 [root@localhost ~]# yum -y install rpm-build

Install all the package's dependencies:

 [root@localhost ~]# yum install gcc-c++ libtool automake autoconf \
   asio-devel boost-devel cajun-jsonapi-devel c-ares-devel \
   cppunit-devel gperf db4-cxx-devel db4-devel openssl-devel \
   mysql-devel pcre-devel perl popt-devel python-devel \
   python-pycxx-devel freeradius-client-devel xerces-c-devel postgresql-devel

Download the latest tgz package from the reSIProcate website at http://www.resiprocate.org/files/pub/reSIProcate/releases/

Build the rpm from the downloaded package:

 [root@localhost ~]# rpmbuild -tb reciprocate-1.10.1.tar.gz

Once done, you'll find the appropriate RPM files in rpmbuild/RPMS/x86_64

Package installation

 [root@localhost ~]# rpm -ivh rpmbuild/RPMS/x86_64/resiprocate-turn-server-1.10.1-1.el7.centos.x86_64.rpm

reTurn won't start automatically, so you need to manually start it by running:

[root@localhost ~]# /usr/sbin/reTurnServer /etc/reTurn/reTurnServer.config

Make sure that the server is up by running: [root@localhost ~]# netstat -npl | grep -i turn

The expeted output is something like:

tcp        0      0 0.0.0.0:3478            0.0.0.0:*               LISTEN      28885/reTurnServer  
tcp6       0      0 :::3478                 :::*                    LISTEN      28885/reTurnServer   
udp        0      0 0.0.0.0:3478            0.0.0.0:*                           28885/reTurnServer  
udp6       0      0 :::3478                 :::*                                28885/reTurnServer  


Configuration

The main configuration file is /etc/reTurn/reTurnServer.config, and the only strictly required edit to that is the TurnAddress setting which must be set to the IP address of the server. If you wish to set up SSL/TLS check out the # SSL/TLS Certificate Settings section of the file, while network settings can be found in the # Transport Settings one.

Set up a TURN server user

By default, reTurn uses the /etc/reTurn/users.txt file as its user database.

As described in the # Authentication settings section of the config file, the files uses the following format:

login:password:realm:state

furthermore, password hashes are stored by default (UserDatabaseHashedPasswords setting).

ZeXtras Chat authenticates with a single user, specified in the zimlet's comfiguration. I strongly suggest to generate a strong random password using apg:

root@ubuntu:~# apg -M SNCL -m32 -x32 -n1
tixcowdEmEiguc5OxApnalbOmCogfok(

To create a hashed password, you can use the md5sum utility

     echo -n user:realm:password | md5sum

e.g:

root@centos:~# echo -n "zextraschat:reTurn:tixcowdEmEiguc5OxApnalbOmCogfok(" | md5sum
9dc1355c06c65b0b7abaa829a80f8e6c - 

After generating a strong password, add the relevant line to the aforementioned users.txt file, e.g.:

user - zextraschat

hashed pass - 9dc1355c06c65b0b7abaa829a80f8e6c

realm - reTurn (the default realm, can be changed in the config file)

state - authorized

zextraschat:9dc1355c06c65b0b7abaa829a80f8e6c:reTurn:authorized

Once the server is running and the user is set up, you can proceed to configure the ZeXtras Chat Zimlet to use your new TURN server.

Logging

reTurn's default logfile is located in /var/log/reTurnServer/reTurnServer.log, and the logging settings can be changed in the #Logging Settings section of the config file.

Personal tools