gortcd

The gortcd is work-in-progress TURN and STUN server implementation in go. As part of gortc project, gortcd shares it's goals and principles. Based on gortc/stun package.

The goal is feature parity with coturn. Please use only for experiments until beta.

Install

See releases for latest binaries and packages or snapshot artifacts for bleeding-edge ones.

PIE version

Note that gortcd-*-linux-arm64.tar.gz archive also contains the gortcd-pie binary which is position-independent executable version. The gortcd-pie is installed with gortcd-*-linux-arm64.deb too, but not used by default.

Configuration

Please see gortc.yml for configuration tips. Server listens on all available interfaces by default, STUN is public, TURN is private and no valid credentials are provided.

Server searches for gortc.yml in current directory, in the /etc/gortcd/ and in home directory.

auth:
# Put here valid credentials.
# So, if you are passing to RTCPeerConnection 
# something like that: 
#  {
#    urls: "turn:turnserver.example.org",
#    username: "webrtc",
#    credential: "turnpassword"
#  }
# Use the following:
  static:
    - username: webrtc
      password: turnpassword

If you want TURN without auth, set auth.public to true.

Docker

The gortcd docker image is automatically built on every release from the release.Dockerfile which is based on scratch. Also each release is available as separate tagged image, e.g. gortc/gortcd:v0.5.1.

# Run with default config:
$ docker run --name turn -d -p 3478:3478/udp gortc/gortcd

# You can supply custom config file, for example `gortcd.yml` 
# from current directory:
$ docker run --name turn -d -p 3478:3478/udp \
  -v $(pwd)/gortcd.yml:/etc/gortc/gortc.yml \
  gortc/gortcd --config /etc/gortc/gortc.yml

Supported specifications

TURN specs:

• RFC 5766 - base TURN specs

STUN specs:

• RFC 5389 - base "new" STUN specs
• RFC 5769 - test vectors for STUN protocol testing

The implementation fully supports the following client-to-TURN-server protocols:

• UDP (per RFC 5766)

Supported relay protocols:

• UDP (per RFC 5766)

Supported message integrity digest algorithms:

• HMAC-SHA1, with MD5-hashed keys (as required by STUN and TURN standards)

Supported TURN authentication mechanisms:

• 'classic' long-term credentials mechanism;

Project supports all platforms that supports go.

Testing

Server behavior is tested and verified in many ways:

• End-To-End with long-term credentials
  • webrtc: Two browsers using gortcd as relay for WebRTC data channels (linux)
  • gortc: The gortc/turn client (windows)
  • coturn: The coturn uclient (linux)
• Bunch of code static checkers (linters)
• Standard unit-tests with coverage reporting

See TeamCity project and e2e directory for more information. Also the Wireshark .pcap files are available for some of e2e tests in artifacts for build.

Artifact origin verification

Each release is signed with PGP key 1D14 A82D 2E31 1045.

$ gpg --keyserver keyserver.ubuntu.com --recv 2E311045
$ gpg --decrypt gortcd-*-checksums.txt.sig

# to check gortcd-*-linux-amd64.deb:
$ grep -F "$(sha256sum gortcd-*-linux-amd64.deb)" gortcd-*-checksums.txt
4316f8f7b66bdba636a991198701914e12d11935748547fca1d97386808ce323  gortcd-0.4.0-linux-amd64.deb

License