javascript - 转机/转机服务器 : error 437: Mismatched allocation: wrong transaction ID (WebRTC)

Question

我有这个结构:

• 网络服务器:Apache。它在局域网中。它位于具有公共(public)静态 ip 的 pc (windows 7) 上。 PC 在网络中。
• 信号服务器:在同一台电脑上的虚拟机 (VirtualBox Centos 6) 中。
• STUN/TURN 服务器:Coturn“4.5.0.4”。在同一台电脑上的虚拟机 (VirtualBox Centos 6) 中。
• 客户 A:笔记本电脑，Vista。我使用三星手机和 USB 网络共享来获取(外部)互联网。手机使用“移动数据”连接到互联网。
• 客户端 B:笔记本电脑，Windows 8(或 Windows 10)。我使用三星平板电脑和 USB 网络共享来获取(外部)互联网。平板电脑使用“移动数据”连接到互联网。

我像这样运行一个 coturn/turnserver:

sudo turnserver -X xxx.xx.xxx.xx (this is my static external ip)

我已经创建了端口转发:

3479 -> 3478 for TCP
3479 -> 3478 for UTP
5348 -> 5349 for TCP
5348 -> 5349 for UTP

我使用 coturn 的默认配置文件进行了这些更改:

verbose
fingerprint
lt-cred-mech
realm=mycompany.org
cert=server.crt
pkey=server.key
pkey-pwd=.... (it has been omitted)
log-file=/var/tmp/turnserver.log
simple-log

我已经创建了文件 server.crt 和 server.key，我知道它们是正确的，因为我可以使用需要它们通过 https 运行的 Web 管理工具

我已经创建了管理员用户。我使用以下方法为用户“test4”创建了一个 key :

sudo turnadmin -k -u test4 -r mycompany.org -p test

我用它来创造他:

sudo turnadmin -a -b "/var/db/turndb" -u test4 -r mycompamy.org -p ......

在客户端:

var STUN = {
    urls: "stun:xxx.xx.xxx.xx:3479" //port forward
};

var TURN = {
    urls: [
        "turn:xxx.xx.xxx.xx:3479?transport=udp", 
        "turn:xxx.xx.xxx.xx:3479?transport=tcp",
        "turn:xxx.xx.xxx.xx:3479"
    ], 
    username : "test4",
    credential : "......................", (it's the key. it has been omitted)
};

我从 coturn/turnserver 得到的消息是这样的:

242: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:60113
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:60075
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet BINDING processed, success
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
242: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000003: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: session 000000000000000002: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
243: IPv4. Local relay addr: 10.0.2.15:55037
243: session 000000000000000003: new, realm=<mycompany.org>, username=<test4>, lifetime=600
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: IPv4. Local relay addr: 10.0.2.15:52683
243: session 000000000000000002: new, realm=<mycompany.org>, username=<test4>, lifetime=600
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
243: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
243: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
244: session 000000000000000002: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
244: session 000000000000000002: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
244: session 000000000000000003: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
244: session 000000000000000003: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
245: session 000000000000000002: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:60113, reason: allocation timeout
245: session 000000000000000002: delete: realm=<mycompany.org>, username=<test4>
245: session 000000000000000003: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:60075, reason: allocation timeout
245: session 000000000000000003: delete: realm=<mycompany.org>, username=<test4>

我在这里错过了什么？为什么我在控制台中收到“ICE 失败”消息？

我读入了https://tools.ietf.org/id/draft-ietf-behave-turn-08.html关于

"error 437: Mismatched allocation: wrong transaction ID"

它说

437 (Allocation Mismatch): This indicates that the client has picked a 5-tuple which the server sees as already in use or which was recently in use. One way this could happen is if an intervening NAT assigned a mapped transport address that was recently used by another allocation. The client SHOULD pick another client transport address and retry the Allocate request (using a different transaction id). The client SHOULD try three different client transport addresses before giving up on this server. Once the client gives up on the server, it SHOULD NOT try to create another allocation on the server for 2 minutes.

这是什么意思？

更新

现在，当客户端 A 使用 Chrome“49.02623.112 m”(我无法再更新它，因为在 Vista 上)和客户端 B“50.0.2661.75 m”时，coturn 服务器可以正常工作几秒钟。我这样运行服务器(我不确定这是否有帮助。XXX.XX.XXX.XX 是服务器 VM 所在的 PC 的公共(public)静态 IP，192.168.2.190 是内部 IP):

sudo turnserver -X XXX.XX.XXX.XX/192.168.2.190

这些是日志消息:

0: log file opened: /var/log/turn_3205_2016-04-15.log
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.0.4 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 4096
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 2000 (approximately)
0:

==== Show him the instruments, Practical Frost: ====

0: TLS supported
0: DTLS supported
0: DTLS 1.2 is not supported
0: TURN/STUN ALPN is not supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.0.1e-fips 11 Feb 2013
0:
0: SQLite supported, default database location is /var/db/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

0: Config file found: /etc/turnserver/turnserver.conf
0: log file opened: /var/tmp/turnserver.log
0: Config file found: /etc/turnserver/turnserver.conf
0: Domain name:
0: Default realm: mycompany.org
0: Config file found: /etc/turnserver/server.crt
0: Config file found: /etc/turnserver/server.key
0: SSL23: Certificate file found: /etc/turnserver/server.crt
0: SSL23: Private key file found: /etc/turnserver/server.key
0: TLS1.0: Certificate file found: /etc/turnserver/server.crt
0: TLS1.0: Private key file found: /etc/turnserver/server.key
0: TLS1.1: Certificate file found: /etc/turnserver/server.crt
0: TLS1.1: Private key file found: /etc/turnserver/server.key
0: TLS1.2: Certificate file found: /etc/turnserver/server.crt
0: TLS1.2: Private key file found: /etc/turnserver/server.key
0: TLS cipher suite: DEFAULT
0: DTLS: Certificate file found: /etc/turnserver/server.crt
0: DTLS: Private key file found: /etc/turnserver/server.key
0: DTLS cipher suite: DEFAULT
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 10.0.2.15
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 10.0.2.15
0: Relay address to use: ::1
0: =====================================================
0: Total: 2 relay addresses discovered
0: =====================================================
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0:   relay 10.0.2.15 initialization...
0:   relay 10.0.2.15 initialization done
0:   relay ::1 initialization...
0:   relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: Cannot create TLS listener
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3478
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:3479
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5350
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:3478
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:3479
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:5349
0: IPv4. DTLS/UDP listener opened on: 10.0.2.15:5350
0: IPv6. DTLS/UDP listener opened on: ::1:3478
0: IPv6. DTLS/UDP listener opened on: ::1:3479
0: IPv6. DTLS/UDP listener opened on: ::1:5349
0: IPv6. DTLS/UDP listener opened on: ::1:5350
0: Total General servers: 2
0: IO method (admin thread): epoll (with changelist)
0: ERROR: Cannot create CLI listener
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/db/turndb
1275: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:30637
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: handle_udp_packet: New UDP endpoint: local addr 10.0.2.15:3478, remote addr 10.0.2.2:30638
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet BINDING processed, success
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 000000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: session 001000000000000001: realm <mycompany.org> user <>: incoming packet message processed, error 401: Unauthorized
1275: IPv4. Local relay addr: 10.0.2.15:52828
1275: session 001000000000000001: new, realm=<mycompany.org>, username=<test4>, lifetime=600
1275: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: IPv4. Local relay addr: 10.0.2.15:57360
1275: session 000000000000000001: new, realm=<mycompany.org>, username=<test4>, lifetime=600
1275: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1275: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet ALLOCATE processed, success
1276: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1276: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1277: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1277: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1278: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1278: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1280: session 001000000000000001: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
1280: session 001000000000000001: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
1280: session 000000000000000001: peer XXX.XX.XX.XX lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer XXX.XX.XX.XX lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.2 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1280: session 000000000000000001: peer 10.0.2.2 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1280: session 000000000000000001: peer 10.0.2.15 lifetime updated: 300
1280: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CREATE_PERMISSION processed, success
1281: session 001000000000000001: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:30638, reason: allocation timeout
1281: session 001000000000000001: delete: realm=<mycompany.org>, username=<test4>
1281: session 000000000000000001: peer 10.0.2.15 lifetime updated: 600
1281: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CHANNEL_BIND processed, success
1282: session 000000000000000001: peer 10.0.2.15 lifetime updated: 600
1282: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet CHANNEL_BIND processed, success
1282: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1283: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet message processed, error 437: Mismatched allocation: wrong transaction ID
1285: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1286: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1286: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet BINDING processed, success
1292: session 000000000000000001: refreshed, realm=<mycompany.org>, username=<test4>, lifetime=0
1292: session 000000000000000001: realm <mycompany.org> user <test4>: incoming packet REFRESH processed, success
1293: session 000000000000000001: closed (2nd stage), user <test4> realm <mycompany.org> origin <>, local 10.0.2.15:3478, remote 10.0.2.2:30637, reason: allocation timeout
1293: session 000000000000000001: delete: realm=<mycompany.org>, username=<test4>
1293: session 000000000000000001: peer XXX.XX.XX.XX deleted
1293: session 000000000000000001: peer 10.0.2.2 deleted
1293: session 000000000000000001: peer 10.0.2.15 deleted

Answer 1

也许，像“软件X 不工作，选择软件Y”这样的答案可能不太好。然而，在这种情况下，它让我很高兴。因此，如果您可以为您的项目选择 TURN-server 软件，请查看 reTurn 服务器。

这是我的故事和答案。

在与 coturn 战斗之后:尝试设置、DB、用户、领域，并阅读大量 DEBUG 日志。我已经放弃了。我打败了。

我决定切换到 reTurn STUN/TURN 服务器。我按照本手册稍作修改: http://rtcquickstart.org/guide/multi/turn-reTurnServer.html

堆栈详情如下:

• DigitalOcean 中的操作系统 Ubuntu 16.04 LTS

安装很简单 sudo apt-get install resiprocate-turn-server。您应该注意到包具有所有预配置步骤例如 key 生成。

这是我的工作 /etc/reTurn/reTurnServer.config 中有意义的部分(所有未修改的部分，包括默认设置)

TurnAddress = XXX.XXX.XXX.XXX
TurnPort = 3478
TlsTurnPort = 0
AltStunAddress = 0.0.0.0
AltStunPort = 0
LoggingType = file
SyslogFacility = LOG_DAEMON
LoggingLevel = INFO
LogFilename = /var/log/reTurnServer/reTurnServer.log
LogFileMaxLines = 10000 # May be usefull
Daemonize = true
PidFile = /var/run/reTurnServer/reTurnServer.pid
RunAsUser = return
RunAsGroup = return
AuthenticationRealm = reTurn
UserDatabaseFile = /etc/reTurn/users.txt
UserDatabaseHashedPasswords = false # For Development purposes it enougth
UserDatabaseCheckInterval = 5 # Check it every 5 seconds
NonceLifetime = 3600
AllocationPortRangeMin = 49152
AllocationPortRangeMax = 65535
DefaultAllocationLifetime = 600
MaxAllocationLifetime = 3600
TlsServerCertificateFilename = server.pem
TlsServerPrivateKeyFilename = server-key.pem
TlsTempDhFilename = /etc/reTurn/dh2048.pem
TlsPrivateKeyPassword =

和/etc/reTurn/users.txt(仅一条记录)

cloudguy:passw0rd:reTurn:AUTHORIZED

在客户端，我使用 SimpleWebRTC 和 signalmaster 作为信号服务器。如何告诉客户端用完服务器:

peerConnectionConfig: {
  // I force browser to use relay
  iceTransports: 'relay',
  iceServers: [
    {
      url: "stun:XXX.XXX.XXX.XXX"
    },
    {
      urls: [
        "turn:XXX.XXX.XXX.XXX:3478?transport=udp",
        "turn:XXX.XXX.XXX.XXX:3478?transport=tcp",
        "turn:XXX.XXX.XXX.XXX:3478"
      ],
      credential: "passw0rd",
      username: "cloudguy"
    }
  ]
}

因此它适用于以下情况:

• 两个或三个客户端使用 NAT 在同一个 LAN 中
• 不同 LAN 中的两个或三个浏览器，使用 NAT (!)
• 不同 LAN 中的两三个客户端使用 NAT 并且...其中一个使用代理(哇!)

所以它就像它应该工作的那样工作。耶。这就对了。如果您成功使用 coturn，很想知道您是如何做到这一点的。

谢谢。