How to create and setup a STUN/TURN server on AWS?

Overview

• STUN (Session Traversal Utilities for NAT) is a protocol that helps devices discover their public IP address and NAT type.
• TURN (Traversal Using Relays around NAT) is a protocol that relays media when direct peer-to-peer connections are not possible.
• Genymotion devices with Android 8.0 and newer require a STUN/TURN server for WebRTC connections.
• Genymotion Device Image version 13.0.0 forwards all WebRTC connections to Genymotion's STUN/TURN server.
• Genymotion instances with a public IP can reach Genymotion's STUN/TURN server.
• Genymotion instances without a public IP may face a black screen because those instances cannot reach the STUN/TURN server.
• If using a public IP does not comply with your setup or security requirements, the solution is to use your own STUN/TURN server.
• This tutorial shows how to install and set up a STUN/TURN server on AWS.

Prerequisites and environment

• We recommend using an Ubuntu Server 20.04 LTS (Focal) x86_64 instance for General purpose.
• Instance type: t3.micro.
• Add inbound rules to the TURN/STUN server EC2 security group to allow inbound traffic from Genymotion instances to TCP (HTTPS) and UDP port 443.
• These prerequisites enable proper network access for WebRTC through the TURN/STUN server.

Install and configure coturn server

This section explains installing and configuring coturn on an Ubuntu 20.04 LTS server.

1) Connect to your Ubuntu server with SSH.

2) Add the Universe repository:

• sudo apt-add-repository universe

3) Update and upgrade Ubuntu:

• sudo apt update && sudo apt upgrade

4) Reboot the server from the EC2 dashboard or with:

• sudo reboot

5) Install coturn:

• sudo apt-get install coturn

6) Edit the file /etc/default/coturn and un-comment

• TURNSERVER_ENABLED=1

to have coturn start on boot.

7) Edit the file /etc/turnserver.conf and un-comment

• listening-port=3478

then change it to

• listening-port=443

to have coturn listen on port 443.

Note: The TURN listener port is used for UDP and TCP (default: 3478). TLS & DTLS can connect to the “plain” TCP & UDP port(s), too if allowed by configuration.

8) Un-comment listening-ip and replace the default IP with your Ubuntu server private IP:

• listening-ip=xxx.xxx.xxx.xxx

9) Add a user and password for your Genymotion virtual device by un-commenting

• user=username1:password1

and replacing username1 and password1 with your chosen values.

• Alternatively:
• user=my_username:123456
• or: user=username2:password2

10) Edit the file /lib/systemd/system/coturn.service and add the line

• AmbientCapabilities=CAP_NET_BIND_SERVICE

in the [Service] section:

[Service]
User=turnserver
Group=turnserver
Type=forking
RuntimeDirectory=turnserver
PIDFile=/run/turnserver/turnserver.pid
ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid
ExecStartPost=/bin/sleep 2
Restart=on-failure
InaccessibleDirectories=/home
PrivateTmp=yes
AmbientCapabilities=CAP_NET_BIND_SERVICE

11) Reboot the instance.

12) Verify that the coturn server started correctly and is listening to port 443:

• sudo systemctl status coturn

If everything is in order, you should see output indicating coturn started and the general relay threads are active, for example:

• Started coTURN STUN/TURN Server.

Configure the Genymotion instance to use your TURN server

Next, configure the Genymotion instance to forward WebRTC to the STUN/TURN server.

1) From the instance UI, go to the Configuration panel.

2) Fill the TURN & STUN box with your STUN/TURN server URIs, username, and password. The URIs should follow:

• TURN URI: turn:xxx.xxx.xxx.xxx:443
• STUN URI: stun:xxx.xxx.xxx.xxx:443

where xxx.xxx.xxx.xxx is your server private IP.

3) Click APPLY.

The Genymotion instance now uses your TURN/STUN server on port 443 for WebRTC connections.

For more details and alternate methods with command line tools, please refer to Genymotion Device image user guide.

[MARKDOWN]