[Operators] State of XEP-0215 implementations

Niklaus vimja Hofer niklaus at mykolab.ch
Mon Jan 30 18:15:27 UTC 2017

On Sun, 2017-01-29 16:04, Ed - 0x1b, Inc. wrote:
> On Sun, Jan 29, 2017 at 8:53 AM, Niklaus Hofer <niklaus at mykolab.ch> wrote:
> > I've recently setup a STUN / TURN server to complement my XMPP server. I
> > would like to hand out short-term STUN credentials to users by the means
> > described in XEP-0215 "3.3 Requesting Credentials".
> OT a bit, out of curiosity which STUN/TURN server did you use - how
> was the deployment? have any troubles with the firewall?
> Thanks v.much, asking because I may be doing this same thing this spring -  Ed

I didn't have too much trouble in the sense of it not working. I was
however surprised by how sparsely this topic is documented. I did not
find any good tutorials or even just introductions to the topic at all.
When it gets to integrating STUN with any particular XMPP server it gets
even worse.

I deployed it to a server on an Open Stack cloud. This means that the
server itself is behind a 1:1 NAT. It has it's own public IP address,
but it can't bind that address directly to its interface, instead it
binds a local IP.

It turns out that coturn [0] has support for exactly that feature
(promoting a different public IP than the server process binds to and
then mapping those two). Also coturn's default configuration file is
very well commented.

I ended up not setting a password for STUN and publishing the TURN
credentials to all interested users because I wasn't sure about 0215.

The last challenge to overcome was testing. I used the Stun client from
[1] but that seems to only test RFC 3489. I also used the online WebRTC
tester from [2]. Both tests were successful. However, I was not able to
find a simple testing program to test the specific part of TURN that
requires credentials.

I would be greatful for some tips on testing STUN / TURN.

[0] https://github.com/coturn/coturn
[1] https://sourceforge.net/projects/stun/
[2] https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
Niklaus 'vimja' Hofer
niklaus at mykolab.ch
xmpp: vimja at xmpp.honet.ch

More information about the Operators mailing list