TURN Server Installation and Configuration
Configure your Existing TURN Server (Non-Genesys)
If you already have a TURN server deployed in your network and prefer to use it instead of the Genesys Collaboration TURN Server, then do the following:
- For the Application Server setting for TURN server, check Configure TURN in Collaboration Application Server Settings.
- In the TURN server settings, add a new user mcu with password. The same password as configured in TURN Configuration in Application Server Settings should also be set here.
Install and Configure Genesys Collaboration TURN Server
- RHEL/CentOS 6.x.
- At least two vCPUs, 4GB Memory. SSD may be used, but is not mandatory.
- The most important factor is the networking performance. Make sure that your network has:
- High packet per second (PPS) performance
- Low network jitter (<= 30ms)
- Low latencies (<= 150ms)
For example, if you are deploying the TURN server in an AWS instance, then Enhanced Networking is only available on instances launched with HVM AMIs. Preferably, use C3/C4/R3 instances. For details on AWS EC2 instance types, check here.
TURN server port requirements are described in the Port Usage section.
The Collaboration TURN Server IP for TURN server is available with this release and must be installed on a separate server. If you want to install the TURN server in the same machine as the Application Server, make sure there is no port conflict.
You must have root access to install the TURN server. To configure the server:
- If you are using a 64-bit OS, the /etc/yum.conf file must include multilib_policy=all.
- Ensure Selinux is disabled by editing the /etc/sysconfig/selinux file, and make sure that this line is set to disabled:
- Turn off the firewall by running:
sudo chkconfig iptables off
Note: The firewall can be turned on again and configured as per your requirements at a later date.
- Reboot the server by running:
- After the server has rebooted, log in and verify Selinux is disabled using the command:
This returns Disabled.
- Create the directory /opt/zenon by running:
sudo mkdir -p /opt/zenon
- Place the files from your Collaboration TURN Server IP to /opt/zenon.
- After unpacking, you will see the directories: sh, trn, trnssl, extras and files: root_cron and zenon_zs.
- Make sure that the .sh and some other files have execute permission:
sudo chmod -R +x *.sh
sudo chmod +x zenon_zs
sudo chmod +x trn/bin/turnserver
sudo chmod +x trnssl/bin/turnserver
- Run the extras/install.sh file to install the pre-requisite libraries:
- Copy the contents of root_cron. Then run:
sudo crontab -e
- Paste the contents of root_cron and save.
- The zenon_zs file is the startup script used by the server to start the TURN services after reboot. Copy this file to the folder /etc/init.d, and then make the file executable.
- Create a link to it in /etc/rc3.d as follows:
sudo ln -s /etc/init.d/zenon_zs S99zenonzsstart
Note: This presumes that the runlevel of the server is 3. Typing sudo runlevel at the command line will confirm this. If 5 is returned, create the link in /etc/rc5.d
- To configure the TURN services for UDP on port 14049:
sudo ./configure_trn.sh yourdomain.com X.X.X.X
Where X.X.X.X is the IP of the TURN server interface it will be listening on (typically eth0).
- To configure the TURN service for SSL on port 443:
sudo ./configure_trnssl.sh yourdomain.com X.X.X.X
- An MCU password is required for the TURN server to communicate with it, and is stored in these files:
- The line starting with mcu: must be noted (or edited in both files if a change is required). The same password as configured in TURN Configuration in Application Server Settings should also be set here.
- Finally, reboot the server by typing sudo reboot, and TURN services should be running when the server is brought back up. This can be confirmed using the command sudo ps -elf | grep trn that returns output like this (example output):
root 25313 0.0 0.0 106480 1676 ? S Jul04 107:29 /bin/sh /opt/zenon/sh/trnserver.sh
root 25351 0.0 0.0 163860 16052 ? Ssl Jul04 32:32 /opt/zenon/trnssl/bin/turnserver -v -o -X 220.127.116.11 -a -b /opt/zenon/trnssl/bin/turnuserdb.conf -f -r mac1.saypage.com
root 26443 0.3 0.0 304676 9264 ? Ssl Jul04 579:24 /opt/zenon/trn/bin/turnserver -v -o -X 18.104.22.168 --no-tls -a -b /opt/zenon/trn/bin/turnuserdb.conf -f -r mac1.saypage.com
Configure TURN Behind-NAT Settings
Note: You only need to perform this step if your TURN server is behind NAT.
- When the TURN server is behind NAT, you must modify the following files:
- Before modification, the first run.sh file will look like this:
/opt/zenon/trn/bin/turnserver -v -o -X <local_ip> --no-tls -a -b /opt/zenon/trn/bin/turnuserdb.conf -f -r <public_realm>
- After NAT modification, the file looks like this:
/opt/zenon/trn/bin/turnserver -o -X <public_ip>/<local_ip> --no-tls -a -b /opt/zenon/trn/bin/turnuserdb.conf -f -r <public_realm>
- Before modification, the second run.sh file for TURN via SSL looks like this:
/opt/zenon/trnssl/bin/turnserver -v -o -X <local_ip> -a -b /opt/zenon/trnssl/bin/turnuserdb.conf -f -r <public_realm>
- After NAT modification, the file looks like this:
/opt/zenon/trnssl/bin/turnserver -v -o -X <public_ip/local_ip> -a -b /opt/zenon/trnssl/bin/turnuserdb.conf -f -r <public_realm>
Verifying your TURN Server
To verify whether your TURN server is running properly and is accessible, go to the following demo page:
This page tests the trickle ICE functionality in a WebRTC implementation. It creates a PeerConnection with the specified STUN/TURN servers, and then starts candidate gathering for a session with a single audio stream. As candidates are gathered, they are displayed in a text box, along with an indication when candidate gathering is complete.
Select and remove the default STUN server that is populated in this page, and then add your TURN server(s) instead. For example, if you have installed the Genesys TURN server in turn.example.net and set password as genesys for mcu user, add both:
- turn:turn.example.net:14049 (and user/password as mcu/genesys)
- turn:turn.example.net:443?transport=tcp (and user/password as mcu/genesys)
Then press Gather candidates and specifically check for relay candidates in the result (see example below). If no relay candidates are generated, either your TURN server is not running properly or is not accessible from your network.
Also, the type of candidates released to the application can be controlled via the IceTransports constraint.