Open Relay: Free WebRTC TURN Server
What is a TURN Server?
WebRTC TURN Server is required to relay the traffic between the peers when direct connection cannot be established among them.
WebRTC protocol establishes a direct connection between the peers, but the sometimes a direct connection cannot be established for this a TURN Server is required to relay the traffic between the peers.
As peers cannot directly connect to each other the TURN Server acts as an intermediary among the peers and forwards the traffic from one peer to another.
All the traffic (video/audio + data) that passes through the TURN server is already end-to-end encrypted by the peers and the TURN Server cannot decode/read the encrypted packet, it just relays the packet to other peers.
Overview
Open Relay is a free TURN server provided by Metered Video that you can use in your WebRTC applications. The Open Relay TURN server is highly available, reliable and offers both STUN and TURN Capabilities.
The Open Relay runs on port 80 and 443 to bypass corporate firewalls, many corporate/enterprise firewall only allow port 80 or 443, it also supports turns + SSL for maximum compatibility.
- ✅ Runs on port 80 and 443
- ✅ Tested to bypass most firewall rules
- ✅ Enterprise grade reliability (99.999% uptime)
- ✅ Support TURNS + SSL to allow connections through deep packet inspection firewalls.
- ✅ Support STUN
- ✅ Supports both TCP and UDP
- ✅ Dynamic routing to the nearest server
- ✅ Production Ready
✨ How to use
You can use the Open Relay TURN Server in your Javascript Code.
Here is a sample Javascript Code with recommended configuration to allow through most firewalls:
var myPeerConnection = new RTCPeerConnection({
iceServers: [
{
urls: "stun:openrelay.metered.ca:80",
},
{
urls: "turn:openrelay.metered.ca:80",
username: "openrelayproject",
credential: "openrelayproject",
},
{
urls: "turn:openrelay.metered.ca:443",
username: "openrelayproject",
credential: "openrelayproject",
},
{
urls: "turn:openrelay.metered.ca:443?transport=tcp",
username: "openrelayproject",
credential: "openrelayproject",
},
],
});
- "stun:openrelay.metered.ca:80" Open Relay operates in both TURN and STUN mode, so we added a STUN URL to check if it is possible to route connections without the TURN server.
- "turn:openrelay.metered.ca:80" adding url to connect to TURN server on port 80
- "turn:openrelay.metered.ca:443" if the firewall rule is very strict and allows access to only port 443, then adding url to connect to TURN server on port 443
- "turn:openrelay.metered.ca:443?transport=tcp" adding the query parameter to ?transport=tcp to connect via TCP if UDP connections are blocked by the firewall.
🔖 TURN and STUN URLs
Here is the list of turn and stun URLs that you can use to connect to the Open Relay TURN/STUN servers.
URLDescription
| stun:openrelay.metered.ca:80 | STUN Server URL |
| turn:openrelay.metered.ca:80 | TURN Server URL port 80 |
| turn:openrelay.metered.ca:443 | TURN Server URL port 443 |
| turn:openrelay.metered.ca:80?transport=tcp | TURN Server URL port 80 TCP mode |
| turn:openrelay.metered.ca:443?transport=tcp | TURN Server URL port 443 TCP mode |
| turns:openrelay.metered.ca:443 | TURNS Server URL (SSL Certificate) |
| turn:staticauth.openrelay.metered.ca:80 | TURN Server URL port 80 (uses static auth) |
| turn:staticauth.openrelay.metered.ca:443 | TURN Server URL port 443 (uses static auth) |
| turn:staticauth.openrelay.metered.ca:80?transport=tcp | TURN Server URL port 80 TCP mode (uses static auth) |
| turn:staticauth.openrelay.metered.ca:443?transport=tcp | TURN Server URL port 443 TCP mode (uses static auth) |
| turns:staticauth.openrelay.metered.ca:443 | TURNS Server URL (SSL Certificate) (uses static auth) |
🔓 Credentials
You can connect to the Open Relay TURN server using the following credentials, credentials are only needed for turn server connection:
username: openrelayproject
credential/password: openrelayproject
🔐 Static Auth
Services like Nextcloud Talk or Matrix+Synapse+Riot uses static auth instead of username and password authentication for the TURN Server. To use the TURN Server with those services use the static auth url which is staticauth.openrelay.metered.ca
secret: openrelayprojectsecret
🗸 STUN Server Usage
To use just the STUN server, you can only add the stun url
var myPeerConnection = new RTCPeerConnection({
iceServers: [
{
urls: "stun:openrelay.metered.ca:80",
},
],
});
🗸 TURN Server Usage with UDP
The TURN server runs on port 80 and 443. It is recommended to add URL to connect on both ports for maximum compatibility.
var myPeerConnection = new RTCPeerConnection({
iceServers: [
{
urls: "turn:openrelay.metered.ca:80",
username: "openrelayproject",
credential: "openrelayproject",
},
{
urls: "turn:openrelay.metered.ca:443",
username: "openrelayproject",
credential: "openrelayproject",
},
],
});
🗸 TURN Server Usage with TCP
Adding the query parameter ?transport=tcp allows the TURN server to connect over TCP. Some corporate firewalls block UDP connections, this allows the TURN server to connect over TCP.
var myPeerConnection = new RTCPeerConnection({
iceServers: [
{
urls: "turn:openrelay.metered.ca:443?transport=tcp",
username: "openrelayproject",
credential: "openrelayproject",
},
],
});
TURN Server for Nextcloud Talk
Open Relay Project also works with Nextcloud talk, follow the instructions below to learn how to configure Nextcloud talk to work with Open Relay.
Nextcloud talk require the auth-secret-authentication so we have to use the Open Relay Project's TURN Server with auth-secret-authentication. Use the turn server url staticauth.openrelay.metered.ca with Nextcloud talk and turn secret: openrelayprojectsecret.
- Go to Nextcloud-> Settings -> Talk and under TURN Servers press the + button
- Then select turn:only
- Under turnserver:port enter staticauth.openrelay.metered.ca:80
- Under secret enter openrelayprojectsecret
Add another entry for port 443
- Select turn:only
- Under turnserver:port enter staticauth.openrelay.metered.ca:443
- Under secret enter openrelayprojectsecret
🧰 Testing the TURN Server
You can test the TURN Server using:
- Trickle ICE
- ICE Test
- Using JavaScript
Trickle ICE
Go to the Trickle ICE website at https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ and enter the TURN Server credentials.
Don't forget to turn: or stun: prefix and add port to the url. e.g: turn:openrelay.metered.ca:80, turn:openrelay.metered.ca:443, stun:openrelay.metered.ca:80 (don't forget to add turn: or stun: and :80 or :443 ).
ICE Test
Go to ICE Test website at https://icetest.info/ and enter the turn server URL and credentials to test.
🛡️Security
All the WebRTC traffic is end-to-end encrypted using DTLS-SRTP and the TURN server just relays the traffic. The TURN server only parse the UDP layer of WebRTC packet for routing purposes, and do not (and cannot) touch the DTLS encryption.
All the application layer data, include video and datachannel is encrypted using DTLS+SRTP and the TURN server cannot decrypt that data and it only relays the encrypted data among the peers.
You can read more about it here: https://webrtc-security.github.io/
To read more about the TURN proposed standard refer to RFC 5766
ℹ️ Contact
If you have any questions, comments or suggestions you can email us at contact[at]openrelayproject.org
🚀 Powered by Metered Video
Metered Video provides enterprise grade WebRTC video calling apis that you can use to create video conferencing applications that can scale upto thousands of simultaneous online users, with live streaming and recording capabilities.
Terms and Conditions
By using Open Relay Project Website or TURN server, you agree to our terms and conditions.
'Study > WEBRTC' 카테고리의 다른 글
| Public Stun Server List (0) | 2022.06.24 |
|---|---|
| Stun Servers and Friends (0) | 2022.06.24 |
| WebRTC 배우기 리소스 (0) | 2022.02.10 |
| WebRTC 및 NodeJS로 화상회의를 구현하는 방법 (1) | 2022.02.10 |
| coturn - WebRTC 외부에서 사용 해보기 (0) | 2022.02.02 |
|
|
|
|
|