estos STUN/TURN Server

Similar documents
Pulse Redundancy. User Guide

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

Integrated Citrix Servers

IAC-BOX Network Integration. IAC-BOX Network Integration IACBOX.COM. Version English

estos uacsta Server for SIP Phones

Open Source Used In Cisco Instant Connect for ios Devices 4.9(1)

Third Party Software Used In PLEK500 (Utility for Win) v1.x.xx.xxx

Using SNMP with OnGuard

Fuse MQ Enterprise Broker Administration Tutorials

Installation Guide Supplement

ANZ TRANSACTIVE - MOBILE

IMX Mobile Proxy Administration

Using Filter as JEE LoadBalancer for Enterprise Application Integration(EAI)

Microsoft SharePoint

Spotlight Management Pack for SCOM

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

Hyper V Windows 2012 and 8. Virtual LoadMaster for Microsoft Hyper V on Windows Server 2012, 2012 R2 and Windows 8. Installation Guide

ANZ TRANSACTIVE MOBILE for ipad

RealShot Manager Compression Server software

RSA Two Factor Authentication

RSA Two Factor Authentication. Feature Description

Back-up Server DOC-OEMSPP-S/2014-BUS-EN-10/12/13

Adobe DNG Flat Field Plug-in (1.0) Software Notices and/or Additional Terms and Conditions

Simba ODBC Driver with SQL Connector for Apache Cassandra

Information on Syslog For more information on syslog, see RFC Released: December 2006 Interoperability issues: None. Table 1: Syslog at a Glance

Svn.spamsvn110. QuickStart Guide to Authentication. WebTitan Version 5

WiFiPerf User Guide 1.5

Getting Started Guide

Installing the Shrew Soft VPN Client

openssl egg Bindings to the OpenSSL SSL/TLS library Extension for Chicken Scheme Version Thomas Chust

Virtual LoadMaster for Microsoft Hyper-V

Dell Statistica Statistica Enterprise Installation Instructions

[The BSD License] Copyright (c) Jaroslaw Kowalski

EVault Software Oracle Plug-In for Windows Agent 6.85 User Guide

Digger Solutions. Intranet Open Source. Administrator s Guide

Accessing BlackBerry Data Services Using Wi-Fi Networks

Quick Start Guide UTM 110/120

Projetex 9 Workstation Setup Quick Start Guide 2012 Advanced International Translations

Log Insight Manager. Deployment Guide

DameWare Server. Administrator Guide

Installation Guide. Squid Web Proxy Cache. Websense Enterprise Websense Web Security Suite. v for use with

Release Notes for CounterPath Bria 3 for Windows Version 3.1.2

Active Directory Reporter Quick start Guide

Release Notes for. CounterPath Bria iphone Edition CounterPath Bria ipad Edition Version 3.1.0

AccuTerm 7 Cloud Edition Connection Designer Help. Copyright Zumasys, Inc.

Internet and Intranet Calling with Polycom PVX 8.0.1

Guide to Using DoD PKI Certificates in Outlook 2000

Spotlight Management Pack for SCOM

Upgrade-Preisliste. Upgrade Price List

HIGHSEC eid App Administration User Manual

Oracle Plug-in for Windows Agent 7.1 User Guide

Syslog on Polycom Phones

OpenData CKAN VM for Microsoft Azure

PAW Web Filter Version 0.30 (release) This Software is Open Source. project.sourceforge.net

Symantec AntiVirus Corporate Edition Patch Update

APPLICATION SETUP DOCUMENT

Port Following. Port Following. Feature Description

How To Connect A Webadmin To A Powerpoint (Utm) From A Usb To A Usb (Net) Or Ipa (Netlan) Device (Netbook) From Your Computer Or Ipam (Netnet

Activelock Customer Management 1.0

SDN Adaptive Load Balancing. Feature Description

System Center Virtual Machine Manager 2012 R2 Plug-In. Feature Description

COM Port Stress Test

v5.2 Installation Guide for Websense Enterprise v5.2 Embedded on Cisco Content Engine

Portions derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

Nokia E65 Internet calls

WORKFLOW INTEGRATOR INSTALLATION GUIDE

DICOM Printing Function User's Guide C610 DM / C711 DM / C831 DM / C910 DM ES6410 DM / ES7411 DM / ES8431 DM / ES9410 DM

Enterprise Manager to Enterprise Console upgrade guide. Sophos Enterprise Manager version 4.7 Sophos Enterprise Console version 4.7.

Advanced Planning PDP Client for Microsoft Excel 1.3 Install PeopleBook

GEO Sticky DNS. GEO Sticky DNS. Feature Description

windream Failover Cluster Installation

Contents Notice to Users

Shrew Soft VPN Client Configuration for GTA Firewalls

Web Remote Access. User Guide

Remote Firewall Deployment

IBM Security. Alle Risiken im Blick und bessere Compliance Kumulierte und intelligente Security Alerts mit QRadar Security Intelligence

estos SIP Proxy

The Tor VM Project. Installing the Build Environment & Building Tor VM. Copyright The Tor Project, Inc. Authors: Martin Peck and Kyle Williams

Security whitepaper. CloudAnywhere.

Installation and Testing of NMM (Windows)

technical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port

Avaya VPN Client Software Release (build 022)

Guide to Securing Microsoft Windows 2000 DHCP

Job Status Guide 3.0

Foglight Experience Monitor and Foglight Experience Viewer

Virtual LoadMaster for VMware ESX, ESXi using vsphere

Placing the BlackBerry Enterprise Server for Microsoft Exchange in a demilitarized zone

Router - Network Address Translation (NAT)

Virtual Address Mapping

Installation and Configuration Guide Simba Technologies Inc.

Remote Desktop Services

OpenScape Business V1

SwiftBroadband and IP data connections

ecatcher Talk2M Pro - Remote Connection Quick Start How To

Transcription:

estos STUN/TURN Server 5.1.30.33611

1 Welcome to estos STUN/TURN Server... 4 1.1 Chapter Overview... 4 2 Requirements... 5 3 Operating Mode... 6 3.1 Components and terms... 6 3.2 Use cases... 7 4 Installation and configuration... 10 4.1 Installation... 10 4.2 Configuration... 10 4.2.1 STUN/TURN Server Core Configuration... 10 4.2.2 TURN Configuration... 10 4.2.3 Diagnose... 10 5 Info about the estos STUN/TURN Server... 12 6 3rd Party Libraries... 13 2

3

1 Welcome to estos STUN/TURN Server Direkte Audio/Video-Kommunikation ist ein wichtiger Bestandteil moderner Zusammenarbeit geworden. Um dies technisch effizient umsetzen zu können und gleichzeit dabei interene Netzwerke sicher zu halten, müssen Rahmenbedingungen eingehalten werden, die es auf den ersten Blick schwierig machen, eine direkte Kommunikation über Netzwerkgrenzen hinaus zu etablieren. In privaten IPv4 Netzwerken wird zur Erhöhung der Sicherheit oft ein NAT-Router eingesetzt, der es einem externen Computer erschwert bzw. unmöglich macht, einen internen Client ohne Aufforderung zu kontaktieren. Leider werden hierdurch auch die für die effiziente Audio/Video-Kommunikation notwendigen Verbindungen gesperrt. Um diese und ähnliche, eigentlich gewünschten Verbindungen dennoch herstellen zu können, wurden Techniken entwickelt, die es ohne Verminderung der Sicherheit erlauben Audio/Video-Kommunikation zu betreiben. Zu diesen Techniken gehören STUN und TURN, die mit estos STUN/TURN Server umgesetzt werden. estos STUN/TURN Server consists of the following components: The estos STUN/TURN Server The Installation- und Configurationprogram estos STUN/TURN Server The Online Help The configuration program and online help is always available via the Start Menu. 1.1 Chapter Overview The chapter Functionality briefly describes how STUN and TURN works. The sectionrequirements describes the system requirements for the installation and the operation of the service. The chapter Installation and Configuration specifies the recommended installation procedure and configuration options. The chapter Info about estos STUN TURN Server describes how to obtain assistance on technical issues and questions The Chapter Third Party Libraries and Licenses specifies the utilzed 3rd party libraries and licenses. 4

2 Requirements For the operation of the estos STUN/TURN Server the following requirements must be met: Operating system The service can be installed on the following operating systems: Windows 7 (x86 / x64), Microsoft Windows 8 (x86/x64), Microsoft Windows 8.1 (x86/x64), Microsoft Windows Server 2008 (x86/x64), Microsoft Windows Server 2008 R2, Microsoft Windows Small Business Server 2008 Standard, Microsoft Windows Small Business Server 2008 Premium, Microsoft Windows Small Business Server 2011 Essentials, Microsoft Windows Small Business Server 2011 Standard, Microsoft Windows Server 2012, Microsoft Windows Server 2012 R2. Consider the limit of concurrent network connections when choosing the operating system. TCP / IP protocol support with the corresponding connectivity to the Internet Due to the function of a TURN server to terminate and forward media streams, the requirements are dependent on the type of streams supported and increase with the number of possible simultaneous connections. The following numbers may give a hint: An single ProCall VideoChat requires between 300kbit/s and 2,3 Mbit/s per direction An single ProCall AudioChat requires typically 45 kbit/s per direction 5

3 Operating Mode The estos STUN/TURN Server is implemented as system service which provides STUN- und TURN-Server functionality. The following briefly describes what a STUN/TURN service is and which problems can be solved with it in the audio/video communication environment. Subsequently, the main use cases are being described. This description is intended to give a basic understanding of the subject without going too much into detail. 3.1 Components and terms NAT - Network Address Translation (RFC 2663) NAT describes the translation of "internal" IPv4 address space on the LAN to "external" IPv4 addresses (and ports) on the Internet. This increases the security of the internal network, by preventing direct, unwanted access to internal addresses from outside. A NAT device is e.g. a router connecting a LAN to the Internet. Symmetric NAT In addition to a normal NAT, the router keeps track of not only the internal client address, but also of the destination address, so that data will only be accepted from known destinations. A third party Client cannot send data to the internal client, even if the IP addresses (and ports) were known. In this scenario audio/video communication is only possible by using a TURN server. NAT Traversal refers to techniques for establishing and maintaining connections through a NAT device. These techniques include STUN and TURN. STUN (RFC5389) This protocol allows an ICE client behind a NAT, to identify its own public IP address(es). The calling client is now able to inform the called client about his IP address (and port number) to enable direct communication ("peer-to-peer" connection). TURN (RFC5766) A TURN server on the Internet allows two clients to exchange data without a direct connection ("relay server"). This is necessary if there is no way to establish a direct client-to-client connection. ICE (RFC5245) Two clients can exchange determined connection information (and other data) using the ICE protocol. The transmission of the ICE information must be done by using other services ("Signaling Server"). This service must be accessible from both clients. Creating an ICE message occurs within the client, possibly with the help of STUN and TURN configuration data. For this purpose, the client collects various candidates (possible IP addresses and ports) on which media transfer connections can be established. The two clients exchange these candidates and then try to reach each other with the help of this information. Signaling Server Signaling Server are used for indirect exchange of data between two clients. This may be a service that is accessible from both clients (eg a UCServer in a network) or more services, which are interconnected by federation (eg two UCServer of two companies which have established a XMPP Federation). 6

3.2 Use cases In the following the main use cases of STUN/TURN services are described in more detail. Direct communication is possible (no STUN/TURN service is needed) To receive media streams from Client B, Client A has to send his contact information (IP address and port) to Client B. This is usually done via a signaling server to which both clients must have a connection. While there are both clients on a LAN, this is no problem. Fig. 1 illustrates this. In step 1 Client A sends its IP address and port using the Signaling Server to Client B. Then Client B can begin to send a media stream to Client A in step 2. Fig. 1: A client is directly accessible. Client B can send the media stream directly to client A. A client is behind a NAT router Client A and Client B are in different LANs which are separated by a NAT, so the above scenario will fail. Because Client A does not know that he would send Client B his local IP and port in step 1. But because this address is not reachable for Client B, establishing a connection for the media streams would fail. (see Fig. 2). Fig. 2: Client A is behind a NAT. Establishing a media stream connection from Client B fails. The above problem can be solved by using a STUN server as shown in Fig. 3. With the STUN server Client A can determine its public IP address / port in step 1. Now he can transmit the correct information to Client B, which can now establish a media stream connection to the public IP address of the NAT. The NAT forwards the media stream connection then to Client A. 7

Fig. 3: Client A determines its public IP address / port via a STUN server. Client B can now send the media stream to this address and the media stream is received and forwarded by the NAT to Client A. At least one Client cannot be reached from the internet. However, the previous solution does not work for all NAT. There is a class of NATs, called "Symmetric NAT", which opens up a port not only for the Client A from inside the LAN to the Internet, but also an own Port for each connection from outside to the Client A. Thus, Client A can still get its public IP address / port from the STUN server, but this would not work for connections established from Client B. Fig. 4: Client A is behind a "Symmetric NAT". Since the correct public port can not be determined from the STUN server, Client B fails to establish a media stream connection. Da der korrekte öffentliche Port über den STUN-Server nicht ermittelt werden kann, schlägt das Senden eines Medienstroms von Client B fehl. In order to solve the problem with the a "Symmetric NAT", a TURN server is needed (see Fig. 5). Once Client A determines that direct and STUN connections are not possible (step 1), he may notify Client B via the Signaling Server about a common known TURN server (step 2). In step 3, both clients are connected through the TURN server and are able to communicate. 8

Fig. 5: With using a TURN server Client B's media stream can be sent to Client A despite a "Symmetric NAT". While user data flows directly through the TURN server and a TURN server will have several parallel active connections this solution has a very high bandwidth requirement. Therefore, this solution should only be used if there is no other way for data transmission. 9

4 Installation and configuration 4.1 Installation To install and setup of estos STUN/TURN Server please run the installer with administrator privileges. Anschließend startet der Konfigurationsassistent, der durch die einzelnen, notwendigen Einrichtungsschritte führt. Danach ist der Dienst einsatzbereit. 4.2 Configuration To operate estos STUN/TURN Server it has be configured. The administration program of estos STUN/TURN Server serves this purpose. 4.2.1 STUN/TURN Server Core Configuration Damit Clients Anfragen an den Dienst stellen können muss die Netzwerkschnittstelle eingerichtet werden. UDP Listen IP Listen adress of the local UDP socket. Default port is 3478 - "well known" STUN Port. TCP Listen IP Listen adress of the local UDP socket. Default port is 3478 - "well known" STUN Port. 4.2.2 TURN Configuration Der TURN Server benötigt noch weitere, nur für seine Aufagben bestimmte Einstellungen. Relay IP IP Adress of data relay. Password Da der Transfer der Mediadaten zwischen den Clients eine hohe Bandbreitenanforderungen an die Schnittstelle stellt, ist der Zugriff durch ein Passwort geschützt. Dieses muss im UCServer ebenfalls eingegeben werden. 4.2.3 Diagnose The service can be stopped and started in this dialog. It shows its current status. Configuration of the logging to help diagnose problems. State Buttons to start and stop the service. If the STUN/TURN Server is terminated unexpected, an error code will be displayed. Logging Debug Sets whether debug information is written into the log files. 10

Maximun size of a log file. There are several log files written. Each log file is cyclically re-created when the size set here is exceeded. Log Directory The log files are stored in this directory. Note that the service requires appropriate write permissions. Delete Log Files Log files in the log directory will be deleted. This is available only while the STUN/TURN Server is running. Provide Log Files Log files in the log directory will be packed into a ZIP-file. The location and name of the ZIP-file can be set in a dialog. Info General Service Information 11

5 Info about the estos STUN/TURN Server The estos STUN/TURN Server is a product of estos GmbH. You will find product updates at http://www.estos.de/ Frequently asked questions and answers are available at http://www.estos.de/help/faq Access to Support http://support.estos.de The estos STUN/TURN Server is realized using Open Source Components. The corresponding information is displayed here. 12

6 3rd Party Libraries The estos STUN/TURN Server is using Open Source Components with the following license information Library Version License Download restund 0.4.2 License Source libre 0.4.7 License Source libre-0.4.7 license: Copyright (c) 2010-2014, Alfred E. Heggestad Copyright (c) 2010-2014, Richard Aas Copyright (c) 2010-2014, Creytiv.com All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the Creytiv.com nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 13

IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. restund-0.4.2 license: Copyright (c) 2010-2012, Alfred E. Heggestad Copyright (c) 2010-2012, Richard Aas Copyright (c) 2010-2012, Creytiv.com All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the Creytiv.com nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 14

WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information