I'm a noob, and I'm starting to learn about webRTC, recently I found a web page called simplewebrtc, I read about the demo, but I don't understand how they manage the firewalls and NAT traversal in a network, I know that webRTC uses STUN Servers but I can't find them in the source code of the demo from simplewebRTC, can anybody explain me that please?
Thank you
Currently SimpleWebRTC uses the public google STUN server as default, check this line.
About the NAT/firewall traversal: as you already pointed out this is done using a STUN (or TURN) server. The STUN protocol simply allows clients that are trying to establish a connection to discover each others public IPs, with which they can establish direct connections. If some client is behind a symmetric NAT then a TURN server that acts as a relay will be necessary.
You can find a more detailed explanation about STUN/TURN here.
Related
This is less of a "what is wrong with my code" and more of a "is this possible or even required". I've been working on this CLI chat using socket.io and socket.io, and then I thought "what if this was a production server exposed to the internet - does this need security?"
I've seen a lot of stuff online about using nginx or express (or both) to achieve this - but no mention of any type of encryption if you were trying to do this via CLI (eg, "node file.js" for this to emit traffic to the webserver but securely). I've tried a few examples (as they were provided) and then adapted my existing code to incorporate the same config, but now I'm starting to think that perhaps it isn't possible because they are already secure? (In my understanding the server listening port is just for the server to bind client to another port to send data)
I can't seem to find a cut and dry answer (past forum posts seem to contradict each other on this) from what I've found.
I tried running my server and connecting up via 2 clients (one localhost on the same as the server and one on another IP on my LAN) and ran wireshark to see if I could see my other host (which I couldn't) but I could see unencrypted traffic being sent... So while this isn't broadcast traffic to all, how easy would this be to snoop on if you knew the exact port server & client were using to communicate?
Hope someone can help explain these nuances
The long answer is complex. The short one is:
Anything you send through a Wire is easy to spoof. This is why TCP over TLS exists. Any communication through a TLS secured channel would assure your data between client & server will be secret (as long as you trust the server you are good-to-go).
Socket.io uses WebSocket under the hood, (same as there is HTTPS for HTTP over TLS) there is WSS for WS over TLS. So if you set up your server to accept WSS (maybe only WSS to be sure there is no unencrypted connection going on) and you make sure to connect the client to a wss://.... endpoint, you have achieved client-server security. It's that simple.
If you can not trust the server, and what you are doing is essentially a message broker, you can go further and experiment with end-to-end encryption (https://en.wikipedia.org/wiki/End-to-end_encryption).
I am using the simple-peer js library to create peer to peer connections in the browser. I have setup proper signaling through socket.io and most of the time everything works fine; hand-shake is successful and p2p connection is established.
But sometimes despite proper hand-shake, p2p connection does not initiate, no error is thrown. This happens consistently on a VPN but sometimes it can happen without VPN. I am using the default google STUN server for now and there is no TURN server provided.
Any enlightenment as to what could be the cause will be appreciated.
Problem is that sometimes one of the peers "sits" behind the doubled NAT or symmetric NAT, VPN is a good example. You use only STUN server, STUN could not solve internal<->external IP of the client behind the doubled NAT. You need to set up TURN server for that. You can test with free TURN, however, this is only to test the problem, not as a permanent solution. For permanent solution better to use your own TURN server.
Is there a way to use webrtc without any server or cost and without downloading anything? I'm trying to make a peer to peer network without a server of any kind (I can't set up my own). Every tutorial that I've found needs some kind of server, or downloading node.js, or using some service that you pay for with a subscription. Is there a way to do this?
WebRTC is actually a Peer to Peer RTC Protocol which happens between browser.
But you got it in wrong way. For establishing the direct link between two systems WebRTC requires,
The topology between itself, and the peer it wants to communicate with
Establish connectivity on the best path through a given topology
Have a fallback mechanism if all else fails.
WebRTC standards require the use of three IEFT NAT traversal standards to address these issues:
Interactive Connectivity Establishment (ICE) – RFC 5245
Session Traversal Utilities for NAT (STUN) – RFC 5389
Traversal Using Relay NAT (TURN) – RFC 5766
So, the final answer is it's not possible with WebRTC.
I'm trying to setup an a cordova plugin for iOS which implements the webrtc functions without using any server and it will only be used on a local network. I know there is this plugin, which looks promising but i have some problems with it.
My plan is not to use a TRUN, STUN or any kind of signaling server.
Maybe you think right now: "Ok this is not possible. No signaling equals no connection." But let me explain first. As pointed out here and
here it's possible to avoid using a TRUN, STUN or ICE server. I think this is a good way to start my project but there is still an open question. How shall the devices find each other if there isn't any kind signaling (in the example they use a Node.js server)? Right now i'm playing with the idea of an QR-Code which contains all the necessary information.
At the end it should look like this (black arrwos are more important):
The idea is that everyone who comes into a room has to scan a QR-Code on the RP and then the device knows the IP, port, etc. of the RP and a WebRTC connection with a DataChannel will be established.
I've been looking for an answer for days now, but due to the fact (or at least one of the reasons) that WebRTC is not even supported on iOS nativly there aren't many WebRTC examples out there which work on iOS and no one for a local network.
So my question is: Am I on the right way or is this not even possible? (I found no example for this anywhere, but if I put all the posts I read together, I think it should be possible.)
First of all, TURN and STUN are not signaling server. Signaling server is the term normally associated with the backend server that let's you relay the messages between two peers before the connection is established. The signaling server is thus used to establish the connection. Once the connection is established, there is no role of the signaling server in the communication, unless you intend to make any changes to the connection parameters.
TURN and STUN servers, on the other hand, are used during the connection establishment process. It helps the two peers find a direct path to each other. So when the connection is established, the peers can talk directly with each other and they don't require the signaling server to relay the messages anymore.
Now coming to your question, short answer is, no, your plan is incomplete.
Here are some changes that you'd need in order to make it work:
QR Code is not adequate to convey all required information. According to this answer, they can store roughly 4kb of maximum data. Thus it is not sufficient to pass all candidates.
Not to mention that WebRTC requires both devices to share the candidates. So, you'd need a display and QR code scanner on the Raspberry PI.
You might want to explore alternatives such as Wifi to allow for two-way data sharing between the device and Raspberry Pi. Once setup, the Wifi connection will act as the Signaling server.
Though I am not well versed in iOS or Raspberry Pi. So I would recommend that you ask a separate question about the choice of communication channel if you are unsure about what to choose. Keep in mind that you need Raspberry Pi to be able to communicate with the device for a short period of time in order to allow WebRTC connection to be established.
Coming to STUN and TURN servers, you may be able to get away without using them. I have seen a few cases when my app is able to establish connection to peers within the local network without STUN and TURN servers.
However, I would strongly recommend that you use at least a STUN server. They are often available for free of charge. Google and Firefox also provide their own STUN servers that you can use in any of your WebRTC apps. You can search on internet to get their details.
TURN servers are required only when the two peers are behind NAT's. In such cases STUN servers are sometimes incapable of finding a direct route between them, and you need the TURN server to relay the audio/video/message stream.
Your plan to establish the WebRTC channel between Raspberry Pi and the phones (the black arrows) seem fine to me. It would help you establish further connections between two phones whenever required.
However, if you eventually decide to implement something like Wifi on your Raspberry Pi, the WebRTC connection may be redundant. After all, you could use Wifi to pass the data back and forth, and don't really need an additional layer of WebRTC channel to do that.
Since you run your app on a local network you don't need STUN and TURN servers. But still you need a signaling server. Signaling can't be done with QR-codes, read more about WebRTC and you will understand why.
But a signaling server can be very simple. Since you have that raspberry pi in your local network, you can use this as your signaling server. Just install node, express and socket.io on it. You need only one simple javascript file, mine is only 23 lines of code. Stop wasting your time with QR-codes and you will have your signaling server up and running in no time. You can look at Google Codelab for an example. Hopes this helps you !!
Recently I was working on a webRTC project that displays media stream in users browser. However this was only on the client side. What if I want to stream this media to other users browser. As I looked around I found that it was possible by connecting to peers and setting up signalling servers (STUN & TURN). I went through all details that was mentioned on one of the articles on html5rocks website.
I am making use of simplewebRTC but that isn't enough I have to set up my own signalling server in order to be actually able to video chat.
My question is what actually is needed in order to implement a live video chat application embedded within website apart from the api provided by webRTC and how do I set up my own signailling server.
signalmaster was built as a signaling server for simplewebrtc and used by talky.io. It's a node application, start it with "node server.js" and then hook up simplewebrtc to the socket.io endpoint provided.
STUN and TURN servers are not signaling servers. They just help with punching a hole through NAT. The most popular option is rfc-5766-turn-server, restund performs quite well too.
You should provide more detail about your project to get a good answer. Are you planning on making only browser to browser calls? SIP calls? These would be a factor in the signalling server you choose. I went with a SIP signalling server (SIPML5.org) and integrated it with an Asterisk server for call control. This also let me integrate my existing corporate telepresence devices into the PBX. If you want to read up on the basics of signalling and on Webrtc in general Muaz Khan has done some very good work on it.
https://github.com/muaz-khan/WebRTC-Experiment/blob/master/Signaling.md