estos STUN/TURN Server

Similar documents
estos XMPP Proxy

estos UCServer Multiline TAPI Driver

estos EWS Calendar Replicator

estos SIP Proxy

Network Requirements

estos UCServer Web Services

UDP NAT Traversal. CSCI-4220 Network Programming Spring 2015

Network Requirements

Internet Networking recitation #

NAT (NAPT/PAT), STUN, and ICE

UCServer Webservice Release. Best Practice

An Efficient NAT Traversal for SIP and Its Associated Media sessions

CSE/EE 461: Introduction to Computer Communications Networks Autumn Module 9

[MS-TURNBWM]: Traversal using Relay NAT (TURN) Bandwidth Management Extensions

Network Address Translation (NAT) Contents. Firewalls. NATs and Firewalls. NATs. What is NAT. Port Ranges. NAT Example

Installation & Configuration Guide Version 1.6

Internet and Intranet Calling with PVX

[MS-TURNBWM]: Traversal using Relay NAT (TURN) Bandwidth Management Extensions

LEAVE THE TECH TO US BLACKBOX.COM/COALESCE

[MS-ICE2]: Interactive Connectivity Establishment (ICE) Extensions 2.0

2012 Peer Small Business Data

Documentation. OpenScape Business V1 Internet Telephony Configuration Guide. Siemens Enterprise Communications

Secure Networking with NAT Traversal for Enhanced Mobility

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

LEAVE THE TECH TO US BLACKBOX.EU

SECURITY & NETWORK WHITEPAPER

CDCS: a New Case-Based Method for Transparent NAT Traversals of the SIP Protocol

Network Access Transla0on - NAT

Avaya Proprietary Use pursuant to the terms of your signed agreement or Avaya policy.

StoneGate Management Center. Release Notes for Version 5.3.2

Network Address Translators (NATs) and NAT Traversal

Collax VPN. Howto. Requirements Collax Security Gateway Collax Business Server Collax Platform Server including Collax Gatekeeper module

Internet Technology 4/29/2013

RoomWizard II Scheduling System. Classic Mode

ICE-Lite Support on CUBE

APP NOTES TeamLink and Firewall Detect

P2PSIP, ICE, and RTCWeb

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

ProCall 6 Enterprise Upgrade Process. Best Practice

TeamViewer Security Statement

Network Address Translation (NAT) Background Material for Overlay Networks Course. Jan, 2013

Access Control Lists and IP Fragments

QuickBooks 2006 Data File Scanning Utility

Internet Engineering Task Force (IETF) Request for Comments: November 2010

Perceptive Process Design Personal - Installation Guide

Welcome to MainConcept AAC Encoder - Plug-In for Adobe Flash Media Live Encoder -

Administrator Guide for Avaya Scopia Desktop Server

Remote Maintenance with WinCC flexible Communication via a Wide Area Network (WAN) Communication via an ISDN Modem Issue 12/04

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Chapter 1 Getting Started

Chapter 15 IPv6 Transition Technologies

ABC SBC: Securing the Enterprise. FRAFOS GmbH. Bismarckstr CHIC offices Berlin. Germany.

AEQ PHOENIX AUDIOCODECS. APPLICATION NOTE 0-D. Connecting AEQ Phoenix Mobile units via Internet, complexscenario

Dockit Migrator Installation Guide

Using Application Level Gateways with NAT

ControlPoint. Quick Start Guide. November 09,

Security Statement Revision Date: 23 April 2009

Intelligent IP aggregate and DHCP client

Internetwork Protocols

VPN2S. Handbook VPN VPN2S. Default Login Details. Firmware V1.12(ABLN.0)b9 Edition 1, 5/ LAN Port IP Address

Interdomain Federation for the IM and Presence Service, Release 10.x

OpenScape Business S in hosted/cloud Deployments

RealPresence Access Director System Administrator s Guide

1 Axis camera configuration IP configuration Setting up date and time Enable Anonymous viewer login...

Become a WebRTC School Qualified Integrator (WSQI ) supported by the Telecommunications Industry Association (TIA)

FREQUENTLY ASKED QUESTIONS FOR VERSION 4.0

Experian Pandora ODBC Installation & User Help

Access Gateway Client User's Guide

Lesson 3: Identifying Key Characteristics of Workgroups and Domains

ControlPoint. Installation Guide for SharePoint August 23,

Switched Multimegabit Data Service

Computer Networks with Internet Technology William Stallings. Chapter 2 Protocols and the TCP/IP Protocol Suite

Network Protocols and Architectures

Version Moodle Module v3.0 for Web Conferencing Configuration and Installation Guide

MIVOICE BORDER GATEWAY PLATFORM

Journal of Information, Control and Management Systems, Vol. X, (200X), No.X SIP OVER NAT. Pavel Segeč

IPsec NAT Transparency

High Availability Options

Dell Storage Center Update Utility Administrator s Guide

FTP Service Reference

APP NOTES Onsight Connect Network Requirements

How to Import a Certificate When Using Microsoft Windows OS

Unified Communications in RealPresence Access Director System Environments

Overview of this Integration

Deployment Overview. Logging via SiteManager EasyTunnel Client

For U.S. customers, call Customer Service or us with your comments, questions, suggestions, and concerns.

Setting up RadioSky Spectrograph (RSS) Software to Stream Data

ConteraWS. Cloud Managed Web Services. IT Network Pre-Deployment Requirements

Document Revision: C

Alkit Reflex RTP reflector/mixer

W52P IP DECT Phones (with firmware version 30 or later)

NAT Traversal for VoIP

Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 10.5(1)

VPN Tracker for Mac OS X

TechNote. Mitel MiVoice Office R5 May 18,

ControlPoint. Advanced Installation Guide. September 07,

ESTOS ECSTA for OmniPCX. Version:

BSc. (Hons) Web Technologies. Examinations for 2017 / Semester 1

NSG50/100/200 Nebula Cloud Managed Security Gateway

Relay Proxy User Guide

Transcription:

estos STUN/TURN Server 5.1.110.44786

1 Welcome to estos STUN/TURN Server...4 1.1 Chapter Overview...4 2 Requirements...5 3 Operating Mode...6 3.1 Components and terms...6 3.2 Use cases...7 4 Installation and configuration...10 4.1 Installation...10 4.2 Configuration...10 4.2.1 General...10 4.2.2 TURN Configuration...10 4.2.3 Diagnose...10 5 Info about estos STUN/TURN Server...12 2

3

1 Welcome to estos STUN/TURN Server Direct audio/video communication has become an important component of modern collaboration. To be able to implement this efficiently, while keeping internal networks secure, framework conditions that would appear to make direct communication difficult to establish outside of network boundaries at first glance must be maintained. A NAT router, which often makes in difficult or impossible for an external computer to contact with an internal client without a request, is often used in private IP4 networks to increase security. Unfortunately, this also blocks the connections necessary for efficient audio/video communications. In order to produce these desired compounds, these techniques include STUN and TURN, which are implemented in the estos STUN/TURN Server. estos STUN/TURN Server consists of the following components: The estos STUN/TURN Server The Installation- und Configurationprogram The Online Help The configuration program and online help is always available via the Start Menu. 1.1 Chapter Overview Terms and scenarios for use involving STUN and TURN will be described in the Functionality section. The sectionrequirements describes the system requirements that are necessary for the installation and operation of the service. The chapter Installation and Configuration specifies the recommended installation procedure and configuration options. The chapter information describes about the estos STUN/TURN Server how to obtain support for technical questions and concerns. 4

2 Requirements For the operation of the estos STUN/TURN Server the following requirements must be met: Operating system The service can be installed on the following operating systems: o Windows 7 o Windows 8 o Windows 8.1 o Windows 10 o Windows Server 2008 o Windows Server 2008 R2 o Windows Server 2012 o Windows Server 2012 R2 TCP / IP protocol support with the corresponding connectivity to the Internet Due to the function of a TURN server to terminate and forward media streams, the requirements are dependent on the type of streams supported and increase with the number of possible simultaneous connections. The following numbers may give a hint: An single VideoChat requires between 300kbit/s and 2,3 Mbit/s per direction. An single AudioChat requires typically 45 kbit/s per direction. 5

3 Operating Mode The estos STUN/TURN Server is implemented as system service which provides STUN- und TURN-Server functionality. The following briefly describes what a STUN/TURN service is and which problems can be solved with it in the audio/video communication environment. Subsequently, the main use cases are being described. This description is intended to give a basic understanding of the subject without going too much into detail. 3.1 Components and terms NAT - Network Address Translation (RFC 2663) NAT describes the translation of "internal" IPv4 address space on the LAN to "external" IPv4 addresses (and ports) on the Internet. This increases the security of the internal network, by preventing direct, unwanted access to internal addresses from outside. A NAT device is e.g. a router connecting a LAN to the Internet. Symmetric NAT In addition to a normal NAT router, these routers will not only track internal client addresses, but also destination addresses contacted by you and permit data from these addresses only to enter the internal network. A third party Client cannot send data to the internal client, even if the IP addresses (and ports) were known. In this scenario audio/video communication is only possible by using a TURN server. NAT Traversal NAT Traversal refers to techniques for setting up and maintaining connections through a devices implementing NAT. These techniques include STUN and TURN. STUN stands for Session Traversal Utilities for NAT (see RFC5389) This protocol makes identification of a client behind a NAT device possible through its public IP address. The client on the LAN making the call can then provide its IP address (and port number) to the client to be called, in order to make direct communication (a peer-to-peer connection) possible. TURN means Traversal Using Relays around NAT (see RFC5766) A server on the Internet implementing TURN will permit two clients to exchange data without a direct connection (relay server). This option will be necessary when a direct client-to-client connection cannot be constructed. ICE means Interactive Connectivity Establishment (see RFC5245) With the help of STUN and TURN, two clients can exchange the connection information (and other data) detected with the help of the ICE protocol. The information must be transmitted using an internal service (a so-called signaling server). This service must be accessible from both clients. Both clients will be collected ICE information, so-called ICE candidates. For this purpose, both clients will collect various candidates (potential protocols and the associated IP addresses with ports) from their LANs. Both clients will exchange these candidates in an exclusive manner through the signaling server and then try to reach the other respectively using the most appropriate candidate. Signaling Server Signaling Server are used for indirect exchange of data between two clients. This may be a service that is 6

accessible from both clients (eg a UCServer in a network) or more services, which are interconnected by federation (eg two UCServer of two companies which have established a XMPP Federation). 3.2 Use cases In the following the main use cases of STUN/TURN services are described in more detail. Direct communication is possible (STUN & TURN services are not needed) To receive media streams from Client B, Client A has to send his contact information (IP address and port) to Client B. This is usually done via a signaling server to which both clients must have a connection. As long as both clients are in the same LAN, direct communication is not a problem. Fig. 1 clarifies this situation. In Step 1, Client A will send its IP address and port to Client B using the signaling server. In Step 2, Client B can begin sending a media stream to Client A. Fig. 1: A client is directly accessible. Client B can send the media stream directly to client A. One client is behind a NAT router If both Client A and Client B are in different LANs and separated by a NAT router, the scenario above will fail. Because Client A does not know that it should use the public IP address and port for the NAT router for transferring to Client B, Client will tell Client B to use the local IP address and port. Because that address is not accessible for Client B, transferring the media stream will fail in Step 2 (see Fig. 2). Fig. 2: Unsuccessful connection setup through a NAT router. The non-accessibility problem can be solved by using a STUN server as shown in Fig. 3. With the help of the STUN server, Client A can determine its public IP address & port in Step 1. It can then transmit the correct information to Client B, which can then send its media stream to the public IP address of the NAT router. The NAT router will then forward the media stream to Client A. 7

Fig. 3: Successful communication with the help of a STUN server At least one client cannot be reached from outside the network (symmetric NAT router). The previous solution will not work for all NAT implementations. There is a class of NAT systems, indicated by the term symmetric NAT, which open a port not just for one LAN Client A, but rather open a port for each individual connection. As a consequence, Client A can still request its public IP address & port from the STUN server, which would be invalid for connections with Client B. Fig. 4: Unsuccessful communication attempt through a symmetric NAT setup Because the correct public port cannot be determined from the STUN server, sending the media stream from Client B will fail. In order to solve the problem with the a "Symmetric NAT", a TURN server is needed (see Fig. 5). Once Client A determines that direct and STUN connections are not possible (step 1), he may notify Client B via the Signaling Server about a common known TURN server (step 2). In step 3, both clients are connected through the TURN server and are able to communicate. 8

Fig. 5: Unsuccessful communication attempt through a symmetric NAT system by using a TURN server Because the useful data will be transferred directly through the TURN server, a TURN server must fulfill very high demands with regard to bandwidth, in particular given multiple parallel connections. For this reason, this solution will only be chosen when there are no other options for transferring data. 9

4 Installation and configuration 4.1 Installation The installation and setup of estos STUN/TURN Server will be started simply by double-clicking on the installation package. Doing so will start the installation wizard, which will then execute the installation of the service on the computer. The configuration wizard, which will perform the steps individually necessary for setup, will be started afterwards. The service can be used afterwards. 4.2 Configuration Several settings will be required for operation of estos STUN/TURN Server. estos STUN/TURN Server's administration program will be used to make these settings. 4.2.1 General That clients are able to request the service a network interface must be set up. IP Address Configure the IP interface via the client can reach the services. Port Default setting for the port is 3478. 4.2.2 TURN Configuration Password Because transferring media data between clients will place high bandwidth demands on the interface, access is protected by a password. This password must also be entered in UCServer. 4.2.3 Diagnose The service can be stopped and started in this dialog. It shows its current status. Configuration of the logging to help diagnose problems. State Buttons to start and stop the service. If the STUN/TURN Server is terminated unexpected, an error code will be displayed. Logging Log Level Sets whether debug information is written into the log files. Maximun size of a log file. There are several log files written. Each log file is cyclically re-created when the size set here is exceeded. Log Directory The log files are stored in this directory. Note that the service requires appropriate write permissions. 10

Delete Log Files Log files in the log directory will be deleted. This is available only while the STUN/TURN Server is running. Provide Log Files Log files in the log directory will be packed into a ZIP-file. The location and name of the ZIP-file can be set in a dialog. Info General Service Information 11

5 Info about estos STUN/TURN Server The estos STUN/TURN Server is a product of estos GmbH. Copyright (C) 2017 estos GmbH. You will find product updates at http://www.estos.de/ Frequently asked questions and answers and also support are available at http://support.estos.de Windows Server, Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All brands and product names used in this document are for identification purposes only and may be trademarks or registered trademarks of their respective owners. 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback