Forum / NoMachine for Windows / WebRTC not working outside of LAN
- This topic has 11 replies, 2 voices, and was last updated 1 year, 2 months ago by Britgirl.
-
AuthorPosts
-
October 5, 2023 at 00:33 #45531pidimensionsParticipant
Hello, I am using NoMachine Cloud Server Enterprise evaluation and I have to say I am very pleased with the web client product. It has a sleek UI and the performance is good, however there is one big issue, which is that whenever WebRTC is enabled, clients cannot connect to the Windows desktop (Win server 2022) outside of LAN. Using the Google Chrome browser, when connecting outside of LAN, the client gets stuck on a spinning wheel and eventually receives the message “Error: The WebRTC peer-to-peer communication cannot be established. If the remote machine doesn’t have a public IP or is behind a firewall that blocks incoming UDP traffic, please consider to configure your server to use STUN/TURN servers for NAT traversal.” This is a deal breaker as the regular non-rtc mode has no audio and terrible graphics. Is there a way to fix this? I have configured the server to use google’s stun server which is tested and working via https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
October 5, 2023 at 12:44 #45552BritgirlKeymasterHi,
if we understand, you have set up the STUN server you need. Perfect, But STUN works by allowing the router “hole punching”, to make the connection work across firewalls. On the LAN, by the way, you don’t even need this “hole punching”. Regardless of this, on the LAN your connection works. The fact is that, outside the LAN, you need a way to make your connections work even if the “hole punching” is not possible, because the router “cannot be traversed”. You need a relay server, for that. You need a TURN server. Did you also set up the TURN server you need?
October 5, 2023 at 15:16 #45559pidimensionsParticipantHello, thank you for your reply. I have tried setting up a turn server which I have tested and it is working, but I still get the same error. Is it possible to just open some UDP ports?
This is the file
https://drive.google.com/file/d/1Lv00PQUA5BpwCkhkUgj8IWFgwdPmV_Lc/view?usp=sharing
October 5, 2023 at 21:18 #45566pidimensionsParticipantIf I understand correctly, a peer to peer connection requires open ports on both ends, which would be an issue as most people can’t open ports on their routers. However, couldn’t a TURN server be bypassed entirely by having the ports open on the server and setting up WebRTC as a client-server model where only ports would need to be opened on the server? Or, if a TURN server is neccessary, how would I go about configuring it? I have tried to use one without success (and I followed this guide)
https://kb.nomachine.com/AR07N00894October 6, 2023 at 11:33 #45584BritgirlKeymasterIf I understand correctly, a peer to peer connection requires open ports on both ends, which would be an issue as most people can’t open ports on their routers.
Here is where STUN kicks in, by allowing the “hole punching”, so even if there are no ports, opened beforehand, on the routers.
However, couldn’t a TURN server be bypassed entirely by having the ports open on the server and setting up WebRTC as a client-server model where only ports would need to be opened on the server?
Well, the TURN server is used when the “hole punching” fails to work, as it can happen with some routers and some router configurations. Here is where the user needs this TURN server. If you open the ports on your router, beforehand, you of course don’t need STUN (no “hole punching”, since the ports are already open) and you don’t need TURN (since the connections can be “direct” and so no need for the relay), but if you do so… Why the need to use WebRTC??? You could directly connect the browser to the NX server on the other side and connect through the opened ports! Clear the reason you need WebRTC, STUN and TURN? To not have to open the ports on your router!
Looking at your server.cfg, it does not show TURN as configured. What’s missing is this part:
Section “TURN”
Host
Port
User
PasswordEndSection
Take a look at the article “How to configure NoMachine servers to use WebRTC “.
https://kb.nomachine.com/AR07N00892Please do the configuration of WebRTC as documented there. You have the STUN server as you need, you have the TURN server as you must have, you miss nothing! It should work! Let us know 🙂
October 6, 2023 at 13:52 #45586pidimensionsParticipantAlright I did the TURN server setup. There is an ubuntu server VM which has ports 3478 TCP and UDP, and UDP 49152 – 65535 forwarded to it at the router level and there is no OS-level firewall. I have replaced my domain for my public IP with my.domain.com in the files and the TURN server is tested and working, but I get the same error on the nomachine website when logging in from outside LAN.
October 6, 2023 at 14:36 #45591BritgirlKeymasterI don’t understand. You say “There is an ubuntu server VM which has ports 3478 TCP and UDP, and UDP 49152 – 65535 forwarded to it”. Do you want to use, do you plan to use WebRTC, and so the TURN, STUN servers or not? As I said, you can connect directly to the nxserver in question, if you have the ports being forwarded to it. But if you want to use WebRTC, you must not forward the ports, and instead use the TURN, STUN servers, configuring these into the server.cfg as we said. Please, don’t forward the ports, don’t open the ports on your router, do the nxserver.cfg configuration as I said and tell us if WebRTC works.
October 6, 2023 at 17:53 #45598pidimensionsParticipantWhat don’t you understand? I setup the TURN server myself as the guide said, check the server.cfg. It still doesn’t work
October 6, 2023 at 17:54 #45599pidimensionsParticipantAh I should have specified. The Ubuntu Server VM is the coturn server for TURN relay
October 9, 2023 at 16:45 #45627BritgirlKeymasterThe part I don’t understand is why you are forwarding the ports to the nxserver in order to use WebRTC when in fact you use WebRTC to not have to forward the ports. But it doesn’t matter 🙂
Let’s come back to the WebRTC setup…
You’ve set up your own TURN and also google’s STUN. So, we made some further tests when using google’s STUN server. We got the same errors. Apparently the STUN servers from Google work only with Google and with the Google powered WebRTC services, for reasons we don’t know. How can we investigate more? I doubt Google is going to show us their STUN servers’ configuration. We’ll be updating the documentation accordingly.
What to do? Remove Google’s STUN and try using coturn’s STUN. Coturn can be configured as both a STUN and TURN server and it works. See point 8 of the article AR07N00894. Let us know how you get on.
October 9, 2023 at 23:31 #45630pidimensionsParticipantOk thanks for the info I got rid of google’s STUN and used only my TURN server, with no success unfortunately, same error. Also, you say that “I use WebRTC to not forward the ports.” Can I forward a ton of UDP ports and will it work to have the VP8 encoding and audio? Because the non WebRTC method doesn’t have those features, which is unfortunate.
October 10, 2023 at 16:16 #45644BritgirlKeymasterHm, possibly a misconfiguration still? It you want video and audio, then WebRTC needs to be enabled.
-
AuthorPosts
Closed because the user did not provide further feedback. Please notify us if you confirm that it is resolved or open a new topic if you have the same problem.