Zimbra Talk V2: How to debug WebRTC/TURN?

Working with Zimbra Talk? This is your Forum, drop here your questions with the Installation, Configuration, etc.
Post Reply
User avatar
msquadrat
Advanced member
Advanced member
Posts: 183
Joined: Mon Oct 14, 2013 10:09 am

Zimbra Talk V2: How to debug WebRTC/TURN?

Post by msquadrat »

Hi folks,

I put this here since I'm afraid that in the still existing Zimbra Talk forum nobody will see the post.

I finally made Zimbra Talk V2 work on two of our test installations. The video chat works fine with people on the same network but breaks as soon as there's some NAT in between.

The solution should be a TURN/STUN server; I installed and configured one (package coturn on Ubuntu) and added it to the ZTalk config as described here:
https://wiki.zimbra.com/wiki/Talk_V2_Ad ... URN_server

Unfortunately, people are still not able to communicate through a NAT.

It is definitely possible that I made an error somewhere. When I tried my standard ways of debugging issues like these (staring at log files, the browser's network console and wireshark) it looked to me like the TURN server wasn't used by my client at all but I'm not sure if I even looked at the correct things. So my question: Has anybody debugged videochat/WebRTC/TURN before and can point me into the right direction? Is there maybe a hidden debug mode?

Cheers,
Malte
User avatar
msquadrat
Advanced member
Advanced member
Posts: 183
Joined: Mon Oct 14, 2013 10:09 am

Re: Zimbra Talk V2: How to debug WebRTC/TURN?

Post by msquadrat »

Ok, using the stun command line client and the Trickle ICE testing service I was able to verify that at least my turn server was working as expected.

I use the following turnserver.conf:

Code: Select all

external-ip=192.0.2.42
lt-cred-mech
realm=zimbra.example
cert=/opt/zimbra/ssl/zimbra/commercial/commercial.crt
pkey=/opt/zimbra/ssl/zimbra/commercial/commercial.key
syslog
verbose
And added a user via

Code: Select all

turnadmin -a -u zimbra -r zimbra.example -p password
The lt-cred-mech option was essential to enable.

Now I'd still like to know how to debug the browser/Zimbra Talk part to make sure it actually uses the TURN server.
cuoz
Posts: 16
Joined: Mon Apr 28, 2014 4:01 pm

Re: Zimbra Talk V2: How to debug WebRTC/TURN?

Post by cuoz »

I'm also trying to get a TURN server working with Talk v2. I also see video working when on the same network. When I test across NAT each party is able to initiate a session, we see our own webcam image, but the connection times out and the window disappears.

I've tried 3 different TURN servers on ubuntu, all the same result. I am currently also using coturn and I believe problem a similar setup to you.

Something on my network which I'm not sure how this affects things... My mailbox server runs in private IP space behind public facing proxy & mta servers. When I initiate a conference, I do see logs in the turn server, which I believe implies the clients are attempting to utilize it.

If you have had any luck since posting, I'd be interested to know what you did to get your environment up & running.

Cheers,
gary
User avatar
msquadrat
Advanced member
Advanced member
Posts: 183
Joined: Mon Oct 14, 2013 10:09 am

Re: Zimbra Talk V2: How to debug WebRTC/TURN?

Post by msquadrat »

I didn't have any success yet either and still have Case 00712698 on that issue open. I found a few ways of debugging this issue though (which like in your case all point into the direction that everything *should* work but doesn't). I'll update this post when I've got a spare minute.
a.antonioli
Posts: 1
Joined: Mon Jul 30, 2018 1:50 pm

Re: Zimbra Talk V2: How to debug WebRTC/TURN?

Post by a.antonioli »

Hi folks!

We had the same problem here, so after sometime debugging we found a way to solve that:

1. If you install the tunserver behind of firewall with NAT, is necessary to create the PREROUTING rules:

iptables -A PREROUTING -t nat -i [EXTERNAL_INT] -p udp -m multiport -d [EXTERNAL_IP] --dports 3478 -j DNAT --to [TURN_SERVER_IP]
iptables -A PREROUTING -t nat -i [EXTERNAL_INT] -p udp -m multiport -d [EXTERNAL_IP] --dports 49152:65535 -j DNAT --to [TURN_SERVER_IP]

2. Configure the tunserver with minimal (just to test we are using Centos 7):

user=USERNAME:XXXxxxxxXXXXxxx
listening-port=3478
listing-ip=[TURNSERVER_IP]
verbose
syslog

3. Start de server:
systemctl start turnserver
(You can see all the messages on: /var/log/messages)

4. Configure the zimlet on Zimbra to use the STUN/TURN server by user or by COS:

zxsuite chat iceServer add turn:[EXTERNAL_IP_TURNSERVER]:3478?transport=udp credential [PASSWORD] username [USERNAME] account [LOGIN@DOMAIN]

zxsuite chat iceServer add turn:[EXTERNAL_IP_TURNSERVER]:3478?transport=udp credential [PASSWORD] username [USERNAME] cos [COS]

5. Check if the COS was correctly set on zx_suite:
Ex:

zxsuite config cos get standard

cos 14d6a755-d050-XXXXX-XXXXXX
values

attribute debranded
inheritedValue false
inheritedFrom default

attribute historyEnabled
inheritedValue true
inheritedFrom default

attribute videoChatEnabled
inheritedValue true
inheritedFrom default

attribute teamChatEnabled
value true

attribute teamChatIceServerList
value

credential XXXXxxxxxXXXXX
url turn:[EXTERNAL_IP_TURNSERVER]:3478?transport=udp
username USERNAME



zxsuite config account get LOGIN@DOMAIN

account 5a81aeef-bc7b-XXXXXX-XXXXXXX
values

attribute debranded
inheritedValue false
inheritedFrom default

attribute historyEnabled
inheritedValue true
inheritedFrom default

attribute videoChatEnabled
inheritedValue true
inheritedFrom default

attribute domainAdminMaxMailQuota
inheritedValue -1
inheritedFrom default

attribute teamChatEnabled
inheritedValue true
inheritedFrom cos cos/14d6a755-d050-4214-8fb7-24cf1aba41c9

attribute teamChatIceServerList
inheritedValue

credential XXXXxxxxxXXXXX
url turn:[EXTERNAL_IP_TURNSERVER]:3478?transport=udp
username
inheritedFrom cos cos/14d6a755-d050-4214-XXXX-XXXXX


Important: If you see messages like: user <>: incoming packet message processed, error 401: Unauthorised, check again with the configuration on zx_suite chat is correctly.
eliast
Posts: 3
Joined: Sat May 15, 2021 8:37 pm

Re: Zimbra Talk V2: How to debug WebRTC/TURN?

Post by eliast »

Hi.

If you use NAT with TURN/STURN, you will need to set the external-ip option turnserver.conf, so it can map.

You can use turnutils_natdiscovery turnutils_oauth turnutils_peer turnutils_stunclient turnutils_uclient commands from "coturn" package on ubuntu.

It is the easiest way to set up a static user/pass for the turn server communication (and not a peruser one) and in " zxsuite connect iceserver add"

error 401 can also occur if you use the no-loopback-peers option and the zimbra and the turnserver sits on the smae machine.

Also, for error 401 check the realm settings and the user/realm mappings in turnserver,, and ensure that zimbra uses the smae combination.
Post Reply