This plugin provides a TURN/STUN Server for Openfire
License: Apache License 2.0
HTML 4.50%Java 95.50%
openfire-pionturn-plugin's Introduction
Openfire Pion TURN Plugin
This plugin provides a TURN/STUN Server for Openfire.
CI Build Status
Overview
This plugin uses the Pion Turn Project (https://github.com/pion/turn) to create a TURN/STUN server for Openfire. A TURN/STUN server is used to help users who are on uncooperative networks connect their calls or video calls.
For this plugin to work, you will also need to install the plugin "External Service Discovery" in order to expose this service to the clients.
Known Issues
This version has embedded binaries for only Linux 64 and Windows 64.
Installation
Copy the pionturn.jar file to the OPENFIRE_HOME/plugins directory.
Configure the admin properties page.
Configuration of the External Service Discovery
Head to
'Server>Media Services>External Service Discovery' and set the fields:
Host*: With your server's external IP address if you have a static IP (highly recommended) or with your domain name (if you are running with dynamicIP)
Port: Here choose a port number (you will have to allow this port in your firewall as UDP only and also port forward in case you are behind a NAT).
Description: In this one you can write anything you want, but it is recommended to write something (it will help Pionturn identify the configuration, otherwise you will see it as "null").
Transport: "UDP"
Type*: "TURN"
Credentials: Here you have 2 options, but it is highly recommended that you go with "Shared Secret (for generating ephemeral passwords)" and then set a secret. But be aware some characters might cause some issues. So it's better to stick with alphanumericals.
After that, just click on the button "Add Service".
Configuration of the Pion Turn Plugin
Head to 'Server>Media Services>Pion Turn/Stun' and set the fields:
Check the box for "Enabled"
Service: Here you select the field which matches with your External Service Discovery Description(Pionturn will then grab all the info you did set there).
UDP Port Range Min: this will be your lower port on the UDP range used by the TURN server. You will have to allow it on the firewall and also port forward (the whole range) in case you are behind NAT.
UDP Port Range Max: this will be your higher port on the UDP range used by the TURN server. You will have to allow it on the firewall and also port forward (the whole range) in case you are behind NAT.
After that just click "Save" and don't forget to go to 'Plugins' and restart the Pionturn plugin.
For people that are running their servers in a dynamic IP environment using the Pionturn plugin for Openfire is a challenge.
every time the IP changes server admins will have to open the admin panel and update the IP manually on the Pionturn side.
this issue will be even bigger with the new release, requiring the users to re config everything in the External Service Discovery then going to the plugin to catch again the settings from the External Service Discovery and then reloading the plugin again.
Some comments about this made me believe that this mechanism that is already implemented by Pionturn itself would solve this issue by looking up the DNS name:(pion/turn#244). however i did not succeed in implementing this mechanism into the Pionturn binaries.
although this also could be solved by other ways for example something in your java code to do something like: check the external IP if the same do nothing, if changed then apply the new IP + reload the plugin? doing this like every 10 minutes?
but it certainly also uses more resources and if an user actually have an static IP this would not even be necessary.
As of the latest upgrade of the Pionturn plugin version 0.0.5 the introduction of the Port Range as a setting the plugin no longer is required to be in a "Non Natted" environment. All one user have to do to make this work is to portfoward the 3478/UDP (or
the chosen customized port) and also portfoward the range(Default 50000:55000, that can also be customized)
Hello, With the latest code of the Pionturn plugin, it is now possible to use the more secure Ephemeral secret (TURN REST compatible now with the Openfire External Service Discovery plugin) as the credentials. this mechanism greatly improves the security of the TURN server making it impossible for someone eaves dropping to be able to actually know the real password. it would improve the Openfire Pionturn plugin to a much better standard (along side with your new addition the Port Range of course). Thanks for reading. here is a link to the new format: https://github.com/pion/turn/tree/master/examples/turn-server/lt-cred-turn-rest
The plugin UI could be improved to make it easier for users to choose the authentication method. Even better would be to integrate it with External services plugin and use the same password.