Accessing a virtual device from an enterprise network

Foreword

For every asset and webpage, Genymotion instances are accessible through the HTTPS port 443. However, the display of the virtual devices use WebRTC connections through the non-standard port range 51000 to 51100 (UDP or TCP).

To workaround this, UDP and TCP are relayed by our STUN/TURN server by default if the TCP/UDP port range 51000 - 51100 is unreachable. However, this will fail (no device display) under the following circumstances:

Your local network has tight security

You may need to whitelist our STUN/TURN server IP if your local network has tight access security. To retrieve our TURN server IPs to whitelist, you can use the dig command:

dig turn-paas.genymotion.com +short

Alternatively, you can use your own TURN server to forward WebRTC connections.

The Genymotion instance has no public IP

The Virtual Device display is rendered via WebRTC. If your host machine is not directly connected to the Genymotion instance via its public IP, Genymotion instance will need to communicate with our public TURN/STUN server:

However, if the instance has no Public IP, webRTC communication will fail... and the device display will remain black:

The solution is to use your own TURN/STUN server within the virtual network to forward webRTC:

To do so, we will explain how to setup a TURN/STUN server and configure the Genymotion instance to use it.

Use your own TURN server

Installing a TURN server on Linux

We recommend using CoTURN server on Ubuntu Server 20.04LTS:

Add the Universe repository if it is not already activated:

  sudo apt-add-repository universe

Update and upgrade Ubuntu:

  sudo apt update && sudo apt upgrade

Reboot.
Install the server:

  sudo apt-get install coturn

Edit the /etc/default/coturn file and un-comment

TURNSERVER_ENABLED=1 to have CoTURN launch at boot.

Edit the file /etc/turnserver.conf, un-comment

listening-port=3478 and change it to

listening-port=443 to have the CoTURN server listen on port 443:

  # TURN listener port for UDP and TCP (Default: 3478).
  # Note: actually, TLS & DTLS sessions can connect to the
  # "plain" TCP & UDP port(s), too - if allowed by configuration.
  #
  listening-port = 443

We have chosen to use TCP port 443 to ensure best compatibility with secured networks. Also, make sure no other servers are running and listening to this port, or CoTURN won't be able to use it.

Un-comment

listening-ip and replace the default IP with your Ubuntu server IP:

  listening-ip = xxx.xxx.xxx.xxx

Add a user and password for your Genymotion virtual device by un-commenting

user=username1:password1 and replace username1 and password1 by the username and password of your choice:

  # 'Static' user accounts for long term credentials mechanism, only.
  # This option cannot be used with TURN REST API.
  # 'Static' user accounts are NOT dynamically checked by the turnserver process,
  # so that they can NOT be changed while the turnserver is running.
  #
  #user=username1:key1
  #user=username2:key2
  # OR:
  user = genymotion:123456
  #user=username2:password2

Edit the file /lib/systemd/system/coturn.service and add the line

AmbientCapabilities=CAP_NET_BIND_SERVICE in the [Service] section:

  [Service]
  User = turnserver
  Group = turnserver
  Type = forking
  RuntimeDirectory = turnserver
  PIDFile = /run/turnserver/turnserver.pid
  ExecStart = /usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid
  #FixMe: turnserver exit faster than it is finshing the setup and ready for handling the connections.
  ExecStartPost = /bin/sleep 2
  Restart = on-failure
  InaccessibleDirectories = /home
  PrivateTmp = yes
  AmbientCapabilities = CAP_NET_BIND_SERVICE

Reboot the system.
Verify that the CoTURN server started correctly and is listening to port 443:

  sudo systemctl status coturn

If everything is in order, you should get the following output:

IO method (general relay thread): epoll (with changelist)
turn server id=0 created
IO method (general relay thread): epoll (with changelist)
turn server id=1 created
Total General servers: 2
IO method (auth thread): epoll (with changelist)
IO method (admin thread): epoll (with changelist)
IO method (auth thread): epoll (with changelist)
SQLite DB connection success: /var/lib/turn/turndb
systemd[1]: Started coTURN STUN/TURN Server.

You may need to add inbound rules to your TURN/STUN server firewall to allow connections to TCP and UDP port 443 from your Genymotion instance.

Configuring the instance to use your TURN server

You need to configure your Genymotion instance to forward WebRTC to your STUN/TURN server:

Web UI
Command Line
7.0.0
Go to the Configuration panel of your instance:

In the TURN & STUN box, fill the form:

TURN and STUN server URI synthax is turn:xxx.xxx.xxx.xxx:443 and

stun:xxx.xxx.xxx.xxx:443, where

xxx.xxx.xxx.xxx is your TURN/STUN server IP or URL.

Click APPLY to apply the changes.

ADB SSH 11.0.0 Info

TURNServerIP and STUN_IP are your STUN/TURN server public IP

username1 and password1 are the username and password set in the

turnserver.conf file.

geny_instance_IP is Genymotion instance IP.

Setup and connect the instance to ADB

  adb shell setprop persist.webrtcd.turn-uri turn:TURNServerIP:443
  adb shell setprop persist.webrtcd.stun-uri stun:STUN_IP:443
  adb shell setprop persist.webrtcd.turn-username username1
  adb shell setprop persist.webrtcd.turn-password password1

With a script

  #!/bin/bash
  adb shell "setprop persist.webrtcd.turn-uri turn:TURNServerIP:443;\
  setprop persist.webrtcd.stun-uri stun:STUN_IP:443;\
  setprop persist.webrtcd.turn-username username1;\
  setprop persist.webrtcd.turn-password password1"

11.0.0 Info

TURNServerIP and STUN_IP are your STUN/TURN server public IP

username1 and password1 are the username and password set in the

turnserver.conf file.

geny_instance_IP is Genymotion instance IP.

Setup SSH

Connect to the instance shell:

  ssh -i key.pem shell@geny_instance_IP

Set your turn server IP:

  setprop persist.webrtcd.turn-uri turn:TURNServerIP:443

Set the STUN IP:

  setprop persist.webrtcd.stun-uri stun:STUN_IP:443

Set your turn server username and password:

  setprop persist.webrtcd.turn-username username1

  setprop persist.webrtcd.turn-password password1

With a script

  #!/bin/bash
  ssh -i key.pem shell@geny_instance_IP \
  "\"setprop persist.webrtcd.turn-uri turn:TURNServerIP:443;\
  setprop persist.webrtcd.stun-uri stun:STUN_IP:443;\
  setprop persist.webrtcd.turn-username username1;\
  setprop persist.webrtcd.turn-password password1\""

The instance now uses your TURN/STUN server on port 443 for WebRTC connections.

---

The solution is to use your own TURN/STUN server within the virtual network to forward webRTC

(Visual diagrams illustrating Virtual Cloud Network.) To do so, we will explain how to setup a TURN/STUN server and configure the Genymotion instance to use it.

Use your own TURN server

Installing a TURN server on Linux

We recommend using CotURN server on Ubuntu Server 20.04LTS:

1. Add the Universe repository if it is not already activated:

   sudo apt-add-repository universe

2. Update and upgrade Ubuntu:

   sudo apt update && sudo apt upgrade

3. Reboot. 4. Install the server:

   sudo apt-get install coturn

5. Edit the /etc/default/coturn file and un-comment TURNSERVER_ENABLED=1 to have CotURN launch at boot. 6. Edit the file /etc/turnserver.conf, un-comment listening-port=3478 and change it to listening-port=443 to have the CotURN server listen on port 443:

   # TURN listener port for UDP and TCP (Default: 3478).
   # Note: actually, TLS & DTLS sessions can connect to the
   # "plain" TCP & UDP port(s), too - if allowed by configuration.
   #
   listening-port = 443

We have chosen to use TCP port 443 to ensure best compatibility with secured networks. Also, make sure no other servers are running and listening to this port, or CoTURN won't be able to use it. 7. Un-comment listening-ip and replace the default IP with your Ubuntu server IP:

   listening-ip = xxx.xxx.xxx.xxx

8. Add a user and password for your Genymotion virtual device by un-commenting user=username1:password1 and replace username1 and password1 by the username and password of your choice:

   # 'Static' user accounts for long term credentials mechanism, only.
   # This option cannot be used with TURN REST API.
   # 'Static' user accounts are NOT dynamically checked by the turnserver process,
   # so that they can NOT be changed while the turnserver is running.
   #
   #user=username1:key1
   #user=username2:key2
   # OR:
   user = genymotion:123456
   #user=username2:password2

9. Edit the file /lib/systemd/system/coturn.service and add the line AmbientCapabilities=CAP_NET_BIND_SERVICE in the [Service] section:

   [Service]
   User=turnserver
   Group=turnserver
   Type=forking
   RuntimeDirectory=turnserver
   PIDFile=/run/turnserver/turnserver.pid
   ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid
   #FixMe: turnserver exit faster than it is finshing the setup and ready for handling the connections.
   ExecStartPost=/bin/sleep 2
   Restart=on-failure
   InaccessibleDirectories=/home
   PrivateTmp=yes
   AmbientCapabilities=CAP_NET_BIND_SERVICE

10. Reboot the system. 11. Verify that the CoTURN server started correctly and is listening to port 443:

    sudo systemctl status coturn

If everything is in order, you should get output indicating active coturn and that the server is listening on port 443. 12. You may need to add inbound rules to your TURN/STUN server firewall to allow connections to TCP and UDP port 443 from your Genymotion instance.

Configuring the instance to use your TURN server

You need to configure your Genymotion instance to forward WebRTC to your STUN/TURN server:

Web UI
Command Line
7.0.0

Go to the Configuration panel of your instance:

In the TURN & STUN box, fill the form:
TURN and STUN server URI synthax is turn:xxx.xxx.xxx.xxx:443 and

stun:xxx.xxx.xxx.xxx:443, where xxx.xxx.xxx.xxx is your TURN/STUN server IP or URL.

Click APPLY to apply the changes.

Setup and connect the instance to ADB

TURNServerIP and STUN_IP are your STUN/TURN server public IP
username1 and password1 are the username and password set in the
turnserver.conf file.
geny_instance_IP is Genymotion instance IP.

adb shell setprop persist.webrtcd.turn-uri turn:TURNServerIP:443
adb shell setprop persist.webrtcd.stun-uri stun:STUN_IP:443
adb shell setprop persist.webrtcd.turn-username username1
adb shell setprop persist.webrtcd.turn-password password1

With a script

#!/bin/bash
adb shell "setprop persist.webrtcd.turn-uri turn:TURNServerIP:443;\
setprop persist.webrtcd.stun-uri stun:STUN_IP:443;\
setprop persist.webrtcd.turn-username username1;\
setprop persist.webrtcd.turn-password password1"

The instance now uses your TURN/STUN server on port 443 for WebRTC connections.

Web UI configuration details

The official documentation notes that you may need to configure the TURN & STUN settings via the Web UI or Command Line in the 7.0.0/11.0.0 contexts.
The example fields indicate that you enter the TURN and STUN server URIs and then apply.

Access and verification

After applying and restarting necessary services, the WebRTC connection should be able to use the TURN/STUN server for WebRTC signaling, even when NAT or private networking blocks direct connectivity.
If configured correctly, the Genymotion device display and control should be accessible through WebRTC in the private/NAT network.

Back to top

The page sections continue with additional guidance and diagrams illustrating how the Virtual Cloud Network operates when TURN/STUN is in use, and how to verify the setup.

Final notes

The TURN/STUN server IPs may need firewall adjustments to permit TCP/UDP traffic from the Genymotion instance.
If you encounter issues, ensure the CotURN service is running and listening on port 443, and that the Genymotion instance configuration points to the correct TURN/STUN URIs.