Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
TURN(1)								       TURN(1)

GENERAL	INFORMATION
       A set of	turnutils_* programs provides some utility functionality to be
       used for	testing	and for	setting	up the TURN server.

       1.     turnutils_uclient:   emulates   multiple	 UDP,TCP,TLS  or  DTLS
	      clients.	(this program is provided  for	the  testing  purposes
	      only !)  The compiled binary image of this program is located in
	      bin/ sub-directory.

       2.     turnutils_peer: a	simple stateless UDP-only "echo" server, to be
	      used  as	the  final server in relay pattern ("peer"). For every
	      incoming UDP packet, it simply echoes it back.  (this program is
	      provided for the testing purposes	only !)	 When the test clients
	      are communicating	in the client-to-client	manner (when the "tur-
	      nutils_uclient" program is used with "-y"	option)	then the  tur-
	      nutils_peer is not needed.

       The  compiled binary image of this program is located in	bin/ subdirec-
       tory.

       3.     turnutils_stunclient: a simple STUN client  example.   The  com-
	      piled  binary image of this program is located in	bin/ subdirec-
	      tory.

       4.     turnutils_rfc5769check: a	utility	that checks the	correctness of
	      the STUN/TURN protocol implementation. This utility is used only
	      for the compilation check	procedure, it is not copied to the in-
	      stallation destination.

       In the "examples/scripts" subdirectory, you will	find the  examples  of
       command	lines to be used to run	the programs. The scripts are meant to
       be run from examples/ subdirectory, for example:

       $ cd examples

       $ ./scripts/secure_relay.sh

       5.     turnutils_natdiscovery: a	utility	 that  provides	 NAT  behavior
	      discovery	 according  RFC5780. This utility discovers the	actual
	      NAT Mapping and Filtering	behavior, etc. Be aware	that  on  TURN
	      server  side two different listening IP addresses	should be con-
	      figured to be able to work properly!

       6.     turnutils_oauth: a utility that provides OAuth access_token gen-
	      eration(AEAD encryption),	validation and decryption. This	 util-
	      ity  inputs  all the keys	and lifetimes and any related informa-
	      tion that	needed for creation and	validationi of	an  access_to-
	      ken.  It	outputs	a JSON with all	OAuth PoP parameters that need
	      to pass to the client. Output is	generated  accoriding  RFC7635
	      Appendix B, Figure 8.

       For more	details, and for the access_token structure, read rfc7635, and
       see script in examples/scripts/oauth.sh.

=====================================
   NAME
	 turnutils_uclient - this client emulation application is supplied for
       the test	purposes only.

   SYNOPSIS
       $ turnutils_uclient [-tTSvsyhcxg] [options] <TURN-Server-IP-address>

   DESCRIPTION
       It was designed to simulate multiple clients. It	uses asynch IO API  in
       libevent	 to  handle  multiple clients. A client	connects to the	relay,
       negotiates the session, and sends multiple (configured number) messages
       to the server (relay), expecting	the same number	of replies. The	length
       of the messages is configurable.	 The message  is  an  arbitrary	 octet
       stream.	The number of the messages to send is configurable.

       Flags:

       -t     Use  TCP	for communications between client and TURN server (de-
	      fault is UDP).

       -b     Use SCTP for communications between client and TURN server  (de-
	      fault is UDP).

       -T     Use TCP for the relay transport (default - UDP). Implies options
	      -t, -y, -c, and ignores flags and	options	-s, -e,	-r and -g. Can
	      be used together with -b.

       -P     Passive TCP (RFC6062 with	active peer). Implies -T.

       -S     Secure  SSL  connection: SSL/TLS for TCP,	DTLS for UDP, TLS/SCTP
	      for SCTP.

       -U     Secure unencrypted connection (suite eNULL):  SSL/TLS  for  TCP,
	      DTLS for UDP.

       -v     Verbose.

       -s     Use "Send" method	in TURN; by default, it	uses TURN Channels.

       -y     Use  client-to-client  connections: RTP/RTCP pair	of channels to
	      another RTP/RTCP pair of channels.  with this option the	turnu-
	      tils_peer	 application  is not used, as the allocated relay end-
	      points are talking to each other.

       -h     Hang on indefinitely after the last sent packet.

       -c     Do not create rtcp connections.

       -x     Request IPv6 relay address (RFC6156).

       -X     IPv4 relay address explicitly requested.

       -g     Set DONT_FRAGMENT	parameter in TURN requests.

       -D     Do mandatory channel padding even	for UDP	(like pjnath).

       -N     do negative tests	(some limited cases only).

       -R     do negative protocol tests.

       -O     DOS attack mode.

       -M     Use TURN ICE Mobility.

       -I     Do not set permissions on	TURN relay endpoints (for testing  the
	      non-standard server relay	functionality).

       -G     Generate extra requests (create permissions, channel bind).

       -B     Random disconnect	after a	few initial packets.

       -Z     Dual allocation (SSODA). Implies -c option.

       -J     Use oAuth	with default test key kid='north'.

       Options with required values:

       -l     Message length (Default: 100 Bytes).

       -i     Certificate file (for secure connections only, optional).

       -k     Private key file (for secure connections only).

       -E     CA  file for server certificate verification, if the server cer-
	      tificate to be verified.

       -p     TURN Server port (Defaults: 3478 unsecure, 5349 secure).

       -n     Number of	messages to send (Default: 5).

       -d     Local interface device (optional,	Linux only).

       -L     Local IP address (optional).

       -m     Number of	clients	(Default: 1, 2 or 4, depending on options).

       -e     Peer address.

       -r     Peer port	(Default: 3480).

       -z     Per-session packet interval in milliseconds (Default: 20).

       -u     STUN/TURN	user name.

       -w     STUN/TURN	user password.

       -W     TURN REST	API secret. The	"plain text" secret e.g. "north"  that
	      is  stored  in  the value	column of the turn_secret table	in the
	      database if dynamic, or the static-auth-secret value set in  the
	      configuration file if using static.

       -C     This  is	the timestamp/username separator symbol	(character) in
	      TURN REST	API. The default value is :.

       -F     Cipher suite for TLS/DTLS. Default value is DEFAULT.

       -o     the ORIGIN STUN attribute	value.

       -a     Bandwidth	for the	bandwidth request  in  ALLOCATE.  The  default
	      value is zero.

       See the examples	in the "examples/scripts" directory.

======================================
   NAME
	turnutils_peer - a simple UDP-only echo	backend	server.

   SYNOPSIS
       $ turnutils_peer	[-v] [options]

   DESCRIPTION
       This  application is used for the test purposes only, as	a peer for the
       turnutils_uclient application.

       Options with required values:

       -p     Listening	UDP port (Default: 3480).

       -d     Listening	interface device (optional)

       -L     Listening	address	of turnutils_peer server.  Multiple  listening
	      addresses	 can  be  used,	 IPv4  and  IPv6.   If no listener ad-
	      dress(es)	defined, then it listens on  all  IPv4	and  IPv6  ad-
	      dresses.

       -v     Verbose

========================================
   NAME
	turnutils_stunclient - a basic STUN client.

   SYNOPSIS
       $ turnutils_stunclient [options]	<STUN-Server-IP-address>

   DESCRIPTION
       It  sends  a "new" STUN RFC 5389	request	(over UDP) and shows the reply
       information.

       Options with required values:

       -p     STUN server port (Default: 3478).

       -L     Local address to use (optional).

       -f     Force RFC	5780 processing.

       The turnutils_stunclient	program	checks the results of  the  first  re-
       quest,  and  if	it  finds  that	the STUN server	supports RFC 5780 (the
       binding response	reveals	that) then the	turnutils_stunclient  makes  a
       couple  more requests with different parameters,	to demonstrate the NAT
       discovery capabilities.

       This utility does not support the "old" "classic"  STUN	protocol  (RFC
       3489).

=====================================
   NAME
	 turnutils_rfc5769check	- a utility that tests the correctness of STUN
       protocol	implementation.

   SYNOPSIS
       $ turnutils_rfc5769check

   DESCRIPTION
       turnutils_rfc5769check tests the	correctness of STUN protocol implemen-
       tation against the test vectors predefined in RFC 5769 and  prints  the
       results	of  the	tests on the screen. This utility is used only for the
       compilation check procedure, it is not copied to	the installation  des-
       tination.

       Usage:

       $ turnutils_rfc5769check

=====================================
   NAME
	turnutils_natdiscovery - a utility that	discovers NAT mapping and fil-
       tering behavior according RFC5780.

   SYNOPSIS
       $ turnutils_natdiscovery	[options] <STUN-Server-FQDN-or-IP-address>

   DESCRIPTION
       turnutils_natdiscovery  discovers  the NAT Mapping and Filtering	behav-
       ior, to determine if that NAT is	currently using	 Endpoint-Independent,
       Address-Dependent,  or Address and Port-Dependent Mapping and/or	to de-
       termine if  that	 NAT  is  currently  using  Endpoint-Independent,  Ad-
       dress-Dependent,	or Address and Port-Dependent Filtering.

       Use either -m, -f, -c, -H flag to discover NAT behavior.

       Flags:

       -m     NAT mapping behavior discovery

       -f     NAT filtering behavior discovery

       -t     NAT mapping lifetime behavior discovery Requires a timer (-T)

       -c     NAT collision behavior discovery

       -H     NAT hairpinning behavior discovery

       -P     Add  1500	byte Padding to	the behavior discovery Applicable with
	      all except NAT mapping Lifetime discovery

       Options with required values:

       -p     STUN server port (Default: 3478)

       -L     Local address to use (optional)

       -l     Local port to use	(use with -L)

       -A     Secondary	Local address (optional) Required for  collision  dis-
	      covery

       -T     Mapping  lifetime	 timer (sec) Used by mapping lifetime behavior
	      discovery

       Usage:

       $ turnutils_natdiscovery	-m -f stun.example.com

=====================================
   NAME
	turnutils_oauth	- a utility  that  helps  OAuth	 access_token  genera-
       tion/encryption and validation/decyption

   SYNOPSIS
       $ turnutils_oauth [options]

   DESCRIPTION
       turnutils_oauth	utility	provides help in OAuth access_token encryption
       and/or decryption with AEAD (Atuthenticated Encryption with  Associated
       Data).  It  helps for an	Auth Server in access_token creation, and also
       for debugging purposes it helps the access_token	validation and decryp-
       tion. This utility inputs all the keys and lifetimes  and  any  related
       information  that  are  needed  for  encryption or decryption of	an ac-
       cess_token. It outputs a	JSON with all OAuth PoP	parameters  that  need
       to  pass	to the client. Output is generated accoriding RFC7635 Appendix
       B, Figure 8. This utility could help to build an	Auth  Server  service,
       but  be	awere  that  this  utility  does  not generate "session	key" /
       "mac_key" and not verifies lifetime of "session	key"  /	 "mac_key"  or
       "Auth key".  For	more details, and for the access_token structure, read
       rfc7635,	and see	the example in examples/scripts/oauth.sh.

       Use either -e and/or -d flag to encrypt or decrypt access_token.

       Flags:

       -h, --help
	      usage

       -v, --verbose
	      verbose mode

       -e, --encrypt
	      encrypt token

       -d, --decrypt
	      decrypt validate token

       Options with required values:

       -i, --server-name
	      server name (max.	255 char)

       -j, --auth-key-id
	      Auth key id (max.	32 char)

       -k, --auth-key
	      base64 encoded Auth key

       -l     --auth-key-timestamp	 Auth key timestamp (sec since epoch)

       -m, --auth-key-lifetime
	      Auth key lifetime	in sec

       -n, --auth-key-as-rs-alg
	      Authorization  Server(AS)	- Resource Server(RS) encryption algo-
	      rithm

       -o, --token-nonce
	      base64 encoded nonce base64(12 octet) = 16 char

       -p, --token-mac-key
	      base64 encoded MAC key base64(32 octet) =	44 char

       -q, --token-timestamp
	      timestamp	in format 64 bit unsigned (Native format -  Unix),  so
	      48  bit  for secs	since epoch UTC	+ 16 bit for 1/64000 fractions
	      of a  second.   e.g.:  the  actual  unixtimestamp	 16  bit  left
	      shifted. (Default: actual	gmtime)

       -r, --token-lifetime
	      lifetime in sec (Default:	3600)

       -t, --token
	      base64 encoded encrypted token for validation and	decryption

       -u, --hmac-alg
	      stun client hmac algorithm

       Usage:

       $ turnutils_natdiscovery

===================================
DOCS
       After installation, run the command:

       $ man turnutils

       or in the project root directory:

       $ man -M	man turnutils

       to see the man page.

=====================================
FILES
       /etc/turnserver.conf

       /var/db/turndb

       /usr/local/var/db/turndb

       /var/lib/turn/turndb

       /usr/local/etc/turnserver.conf

=================================
DIRECTORIES
       /usr/local/share/turnserver

       /usr/local/share/doc/turnserver

       /usr/local/share/examples/turnserver

===================================
STANDARDS
       new STUN	RFC 5389

TURN RFC 5766
       TURN-TCP	extension RFC 6062

       TURN IPv6 extension RFC 6156

       STUN/TURN test vectors RFC 5769

       STUN NAT	behavior discovery RFC 5780

====================================
SEE ALSO
       turnserver, turnadmin

======================================
   WEB RESOURCES
       project page:

       https://github.com/coturn/coturn/

       Wiki page:

       https://github.com/coturn/coturn/wiki

       forum:

       https://groups.google.com/forum/?fromgroups=#!fo-
       rum/turn-server-project-rfc5766-turn-server/

======================================
   AUTHORS
       See the AUTHORS.md file in the coturn source distribution.

				 05 June 2021			       TURN(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=turnutils_stunclient&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help