Accessing a Virtual Device from an Enterprise Network

Source: https://docs.genymotion.com/paas/Access/040_Accessing_a_virtual_device_from_an_enterprise_network

Published: 2026-01-25

Keywords: Genymotion, TURN server, STUN server, WebRTC, Private network, Linux, coturn

Document ID: https://docs.genymotion.com/paas/Access/040_Accessing_a_virtual_device_from_an_enterprise_network#split1

Foreword

Genymotion instances are accessible through HTTPS port 443.
The display of the virtual devices uses WebRTC connections through the non-standard port range 51000 to 51100 (UDP or TCP).
UDP and TCP are relayed by the STUN/TURN server by default if the TCP/UDP port range 51000–51100 is unreachable.
This setup can fail (no device display) under certain circumstances.

Your local network has tight security

You may need to whitelist our STUN/TURN server IP if your local network has tight access security.
To retrieve our TURN server IPs to whitelist, run the following command:

dig turn-paas.genymotion.com +short

Alternatively, you can use your own TURN server to forward WebRTC connections.

The Genymotion instance has no public IP

The Virtual Device display is rendered via WebRTC.
If your host machine is not directly connected to the Genymotion instance via its public IP, Genymotion instances will need to communicate with our public TURN/STUN server.
If the Genymotion instance has no public IP, WebRTC communication will fail and the device display may remain black.
The solution is to use your own TURN/STUN server within the virtual network to forward WebRTC.

Use your own TURN server

Installing a TURN server on Linux
We recommend using Coturn server on Ubuntu Server 20.04 LTS.

Installing a TURN server on Linux

Add the Universe repository if it is not already activated:

sudo apt-add-repository universe

Update and upgrade Ubuntu:

sudo apt update && sudo apt upgrade

Reboot the system:

sudo reboot

Install the Coturn server:

sudo apt-get install coturn

Edit the /etc/default/coturn file and un-comment TURNSERVER_ENABLED=1 to enable Coturn at boot.
Edit the file /etc/turnserver.conf, un-comment listenting-port and set it to 443 to listen on port 443:

listening-port=443

Ensure Coturn listens on the server IP by un-commenting listening-ip and replacing with your server IP:

listening-ip = xxx.xxx.xxx.xxx

Add a user and password for Genymotion devices by un-commenting and setting credentials:

# 'Static' user accounts for long term credentials mechanism, only.
# This option cannot be used with TURN REST API.
# 'Static' user accounts are NOT dynamically checked by the turnserver process,
# so that they can NOT be changed while the turnserver is running.
#
#user=username1:key1
#user=username2:key2
# OR:
user = genymotion:123456

Edit the file /lib/systemd/system/coturn.service and add the line AmbientCapabilities=CAP_NET_BIND_SERVICE in the [Service] section.
Reboot the system.
Verify that the Coturn server started correctly and is listening to port 443:

sudo systemctl status coturn

If everything is in order, you should see Coturn as started and listening on port 443.
You may need to add inbound rules to your TURN/STUN server firewall to allow connections to TCP and UDP port 443 from your Genymotion instance.

Configuring the instance to use your TURN server

You need to configure your Genymotion instance to forward WebRTC to your STUN/TURN server.
Web UI
Command Line

TURN and STUN server URI syntax is:
turn:TURNServerIP:443
stun:STUN_IP:443
In the configuration form, fill:
TURN URI: turn:TURNServerIP:443
STUN URI: stun:STUN_IP:443
TURNServerIP and STUN_IP are the public IPs of your TURN/STUN server.
username1 and password1 are the credentials configured in the turnserver.conf file.
geny_instance_IP is the Genymotion instance IP.
Set the instance to use your TURN server via ADB:

adb shell "setprop persist.webrtcd.turn-uri turn:TURNServerIP:443;\
setprop persist.webrtcd.stun-uri stun:STUN_IP:443;\
setprop persist.webrtcd.turn-username username1;\
setprop persist.webrtcd.turn-password password1"

You can also use a script to automate setting these properties:

adb shell \
"setprop persist.webrtcd.turn-uri turn:TURNServerIP:443;\
setprop persist.webrtcd.stun-uri stun:STUN_IP:443;\
setprop persist.webrtcd.turn-username username1;\
setprop persist.webrtcd.turn-password password1"

After applying these settings, the Genymotion instance will use your TURN/STUN server on port 443 for WebRTC connections.

Setup SSH

Connect to the instance shell:

ssh -i key.pem shell@geny_instance_IP

Set the TURN server IP:

setprop persist.webrtcd.turn-uri turn:TURNServerIP:443

Set the STUN IP:

setprop persist.webrtcd.stun-uri stun:STUN_IP:443

Set the TURN server credentials:

setprop persist.webrtcd.turn-username username1
setprop persist.webrtcd.turn-password password1

You can also use a script to automate SSH commands:

ssh -i key.pem shell@geny_instance_IP \
"setprop persist.webrtcd.turn-uri turn:TURNServerIP:443;\
setprop persist.webrtcd.stun-uri stun:STUN_IP:443;\
setprop persist.webrtcd.turn-username username1;\
setprop persist.webrtcd.turn-password password1"

The Genymotion instance now uses your TURN/STUN server on port 443 for WebRTC connections.

Configuring the instance to use your TURN server (Web UI walkthrough)

Go to the Configuration panel of your Genymotion instance.
In the TURN & STUN box, fill the form:
TURN and STUN server URI syntax is turn:TURNServerIP:443 and stun:STUN_IP:443.
Click APPLY to apply the changes.
TURNServerIP and STUN_IP are your public IPs of the TURN/STUN server.
username1 and password1 are the credentials from the turnserver.conf file.
geny_instance_IP is the Genymotion instance IP.

Use your own TURN server within the virtual network

The solution is to use your own TURN/STUN server within the virtual network to forward WebRTC.

Additional notes for Linux setup

We recommend Coturn server on Ubuntu Server 20.04 LTS.
1) Add the Universe repository if it is not already activated:

sudo apt-add-repository universe

2) Update and upgrade Ubuntu:

sudo apt update && sudo apt upgrade

3) Reboot the system.

sudo reboot

4) Install the Coturn server:

sudo apt-get install coturn

5) Edit the /etc/default/coturn file and un-comment TURNSERVER_ENABLED=1 to enable Coturn launch at boot.
6) Edit /etc/turnserver.conf and set listening-port to 443:

listening-port=443

7) Un-comment listening-ip and replace with your server IP:

listening-ip = xxx.xxx.xxx.xxx

8) Add a user and password for Genymotion devices:

# 'Static' user accounts for long term credentials mechanism, only.
# user=username1:password1
# user=username2:password2
# OR:
user=genymotion:123456

9) Edit the file /lib/systemd/system/coturn.service and add AmbientCapabilities=CAP_NET_BIND_SERVICE in the [Service] section.
10) Reboot the system.
11) Verify Coturn started correctly and is listening on port 443:

sudo systemctl status coturn

If everything is in order, the status will indicate Coturn is started.
You may need to add inbound firewall rules to allow connections to TCP and UDP port 443 from your Genymotion instance.

Configuring the instance to use your TURN server (Web UI) — continued

Go to the Configuration panel of your instance.
In the TURN & STUN box, fill the form as described above and click APPLY.
The Web UI walkthrough shows the Turn URI and Turn URI fields to populate.
After applying, the website indicates the TURN/STUN settings are in effect.

Final notes

The Genymotion minimal version is shown in the web UI; ensure you are operating with a compatible version.
The configuration steps enable forwarding WebRTC traffic through your own TURN/STUN server for private or NAT networks.
The diagrams illustrate network topology with a TURN/STUN server, but the textual steps provide the necessary configuration details.