When creating a peer to peer audio connection using webRTC, the STUN server we use will return the public IP if a user is behind a router. Now in the ICE objects, I can see that the rport is always something between 50000 and up.
Is there a way to use a specific port so that the user does not have to open all those ports?
Is there a way to use a specific port so that the user does not have to open all those ports?
I think you have a misunderstanding. The whole point of STUN and ICE (including its WebRTC derivative) exists to avoid anyone having to open a port on their NAT. Instead, STUN and ICE dynamically open the port.
Here's how it works (in a really brief description).
Client opens a socket on a random port (e.g. 50001)
Contacts STUN server using that socket to discover the external IP:port mapping for this socket. (e.g. 192.168.1.2:50001 maps to 1.2.3.4:50001). Ports don't necessarily have to match between internal and external addresses, but they usually do, so I'll keep with that for this example.
Through an external mechanism (SIP, XMPP, Jingle, cups with strings), the candidate address list of both nodes are exchanged. This includes all known internal and external addresses collected (e.g. 192.168.1.2:50001 and 1.2.3.4:50001).
Using the same socket opened in step 1, both sides send (STUN) messages (UDP packets) directly between each other. The first pair of messages may be blocked by the router/firewall. But because one side initiated an outbound packet to the remote address, subsequent packets from that address are allowed back in. This is called the "hole punching step". Hence, the port is dynamically open without the router needing any specific configuration.
Hope this helps.
You can't programatically unless you are using webrtc API in your own application. The browser will pick specific local ports from a range locally; and then it will inform you about them in the SDP and ICE candidate information.
STUN server only helps discover whether a client is behind a NAT/firewall; and then ICE uses this information in establishing peer-to-peer connection.
I have heard somewhere there might be a way to control that port range via Chrome policy templates(used by enterprises to restrict Chrome settings) - http://www.chromium.org/administrators/policy-templates. It might worth looking into...
Related
I want to send small (a few bytes) data from one ESP8266 to another over long distances.
I believe the signal is too weak to connect one ESP8266 to another but maybe they can receive small messages with some delay?
How can I achieve that using arduino-esp8266 library (or whatever)?
If ESP8266 boards can not connect directly to each other because of the weak signal (approximately more than 50m between them) you can still connect them to each other (indirectly) if they are connected to the same WiFi network created by external router or internet. But you can connect them to each other without need to connect to any external network only if they are in range of each other.
It both of them are connected to same local WiFi network router you can communicate between them as if they are connected directly to each other. Just in this case router option "WiFi Client isolation" must be disabled in router settings page for boards to see each other(in case that router has this or similar named option).
Otherwise if ESP boards are connected to totally different networks, but both of these networks have access to internet, you can still connect them to each other but then you must use port forwarding on each router, so both of the ESP8266 boards are visible form internet. Google a bit about it, it is not so complicated. In this case you can have boards on any two locations in the world and make them communicate to each other as long as they are accessible from internet.
Maybe it is hard to test it when your code do not work out of the box, so I would recommend that you use some TCP or UDP terminal to test connectivity between two WiFi clients on different or same network. There are buch of such terminals available online.
For example for sending and receiving UDP packets same way as you would send/receive data from serial port, I use Docklight Scripting.
https://docklight.de/downloads/
I actually use it also for other Serial port communication so no big difference there. Don't let description text on their page fool you. It can also send/receive TCP/UDP data :)
Just when you create new project go to tools->project settings and type IP and port of another device you want to connect with (this can be another PC running docklight scripting or your ESP board). For example in my case I type in
Send/Receive Comm.: UDP:192.168.0.154:9761
Because that is the IP of my ESP board on local WiFi network and press "play button"or F5. Now you can send receive data to your board using UDP in same way that you communicate to basic serial port and in such way test basic connectivity. Or even use two laptops just to confirm connectivity between two WiFi clients on network.
And third hardest option must most versatile is needed if you do not have access to routers setup page (they are password protected) and cannot set port forwarding, then you must create server application on some server that is visible from internet and has public IP. So both of your ESP8266 boards are connected to this server as clients (for client port forwarding do not need to be set but in this case you must have access to internet by both clients) and server can forward their messages to each other. But this is way out of this topics scope. Maybe for start you use TCP/UDP terminal just to check connectivity between two WiFi clients and see if ESP8266 can communicate directly or not. Docklight scripting is just suggestion because it is my personal choice for TCP/UDP/RS232/RS485/MODBUS/USB HID, but you can use other software for this.
I hope this helps a bit about ways to connect two ESP8266 boards indirectly.
Short version: How would you recommend going about connecting a client to a server that are on the same local network, without manually entering the ip, when broadcast is disabled?
Further details: I am working on an educational multiplayer game for children. Many schools appear to be blocking broadcasting for security reasons. The children will be rather young, so it could be difficult for them and error-prone to have to enter the IP manually. They will all be in the same room and will all see the server screen. The game is made in Unity (C#).
Potential solutions: Here's what I thought about:
Connecting both the local server and clients to an external server, communicating the local server ip through the clients through the external server, then connecting directly and disconnect from the server. Not ideal because of the extra hosting costs.
Send a regular UDP message periodically to all ips on the subnet? This will probably be picked up by any decent firewall and blocked though, right?
Putting a QR code on the server that kids would take a picture of with the client app and have it connect that way? May be more of a hassle.
Having the server play random tones corresponding to numbers that the client is listening for? (Speakers may not always work though)
Sounds like the first one is the most sane and easy solution. Do you have any other ideas on what someone in this situation could try?
Is UDP multicast possible?
If yes then a common solution is that all participants join the same multicast group and the server listens on a well known port. If a client wants to know the address of the server it sends a packet to the multicast group, which is received by the client and answered with another packet, which then can be used by the client to determine the servers address.
In addition to that servers can also announce their presence in regular intervals by sending a suitable message to the multicast group.
What I can think of is an ad-hoc communication protocol between all the devices. Say you have 1 server and 10 clients. All the devices should run a service(say server-discovery) that binds to a fixed port say 9999. Now any time the client wants to connect to the server and doesn't know the IP, it starts a scan. Loops through different IPs and tries to connect to 9999. If it manages to hit, it asks for the server IP. In case it manages to hit the server it will get the IP since the server knows it's own IP and the client will maintain the server IP in a cache. If the client hits another client. It can ask for the server IP. It the other client knows the IP it will share the info else decline.
I agree there is a lot of overhead, but I think this will be robust unlike sound and would reduce cost of printing QRs everytime.
on the local network the traffic is direct from host to host.
I don't understand which devices is blocking local broadcasts.
if there aren't too many peers on the LAN ( less then 100 ), I think udp broadcasts work fine and you dont pollute the network.
to have an idea of your "pond", I suggest you to sniff your local traffic.
there are many broadcasts : arp, windows, ipp, dropbox...
I have 2 nodeMCU modules, which I want to connect to an MQTT broker and send some data every 5 seconds.
The topology I am trying to achieve is sth like [router]<==[nodeMCU#1]<==[nodeMCU#2]
It looks like [nodeMCU#1] is a wifi extender, but at work we are planning on using multiple nodeMCU's to use in a mesh-like way for an IoT application.
On both of them I flashed the latest (float) release that I downloaded from here https://github.com/nodemcu/nodemcu-firmware/releases/tag/0.9.6-dev_20150704 using nodeMCU-flasher.
For this project wrote 2 lua scripts and I have uploaded them to the modules using ESPlorer.
For the first module it connects in STATIONAP mode to my work wifi, and creates its own network with SSID nodeMCUwifi, with a basic password of 10 characters "1234567890". After it connects the script sends random values to an MQTT topic.
For the second module connects to nodeMCUwifi correctly, it is assigned an IP address, but it cannot connect to the MQTT broker.
When I try to connect to nodeMCUwifi using my smartphone (just to test the connection, I have no intention of using this system for heavy internet load, only MQTT messages) I get a message "authentication error occured" even though I have typed the password correctly, or (in rarer cases)it connects but disconnects immediately.
I would appreciate any ideas to resolve this issue. Thank you.
EDIT: At the AP configuration I added the auth parameter set to 3, I am pasting a part of my code below.
cfg.ssid="ESP8266_"..node.chipid();
cfg.pwd="1234567890"
cfg.auth=3
wifi.ap.config(cfg);
Now my laptop and my smartphone connect to the wifi created by the module, but still have no connectivity to the internet. I can ping the module, but I can't ping 8.8.8.8 or the MQTT broker IP or anything else.
As I understand, [nodeMCU#1] creates a wifi network named nodeMCUwifi. Then the others are trying to connect to nodeMCUwifi. As You stated:
Now my laptop and my smartphone connect to the wifi created by the module, but still have no connectivity to the internet. I can ping the module, but I can't ping 8.8.8.8 or the MQTT broker IP or anything else.
I assume your laptop and smartphone connects to the nodeMCUwifi network. Now you want this [nodeMCU#1] act like layer 2 switch or something like router(since SOFTAP creates its own ip network).
With all this information on hand, I can say that the purpose you are trying to achieve is not possible with esp. Since esp has not enough resources to act like switch or similar. Also (currently) there is no software implemented in esp to achieve that.
However; if only you want the system to transfer certain type of traffic (such as MQTT) over a certain protocol (such as UDP) it is possible to relay the messages like a mesh structure but this will work one-way only. In this configuration the nodes will act more like repeater but on upper layers of OSI. For this idea i cannot provide sample code but I will provide pseudo-code below:
Configuration
> Each node must be configured to build a chain structure. That means each SOFTAP node should have different SSID or TCP settings. For example:
router(192.168.0.0)<----[NODE#1(SOFTAP0)]<----[NODE#2(SOFTAP1)]<---...
...
...
...<----[NODE#n(STATION)]
> Each node must have a TARGET IP address according to setup. This means every node will send the MQTT message to that address.
> If a node is configured as a SOFTAP, this means this system is a TARGET and must listen to a specific port.
> If a SOFTAP node receives some data on the port that is listening to, it should send the data immediately (or buffering) to its TARGET node.
> As a result of this chaining operation the message, no matter what is the source, will reach to the end of the chain.
CODE : SOFTAP
...soft ap config...
listento.port: udp.965
on("receive"):
create.conn:TARGET
send(DATA_RECEIVED)
close.conn:TARGET
CODE : STATION
...station config...
...Do some logic...
data=gather.data()
create.conn:TARGET
send(data)
close.conn:TARGET
This may be a silly question but I was googling a lot last days and I've just found related but not a direct answer to this. In order to express it better let me mention a comparison:
If I setup an http server in a computer behind a router , I must set port forwarding and also that computer must have an static internal IP address in order to receive the requests on that port for that particular IP address. For instance, my router does not allow port forwarding so I could not set it up for the HTTP server. However , Bittorent works like a charm behind that same router without any static IP , nothing. How bittorrent can get requests and it can also seed? How other peers will connect to my computer while seeding? I did verify that when Bittorrent is running the port it uses for example 39031, is actually open ( using yougetsignal_dot_com). How the router can be made to open the port without using its admin settings ( we can also use Bitorrent in a public hot spot where is no way to mess with the router). I know the trackers may do some help, but there are a lot of information about a decentralized way with no trackers or basically that the peers are also trackers but not details on how it works.
Finally, why this "trick" (if any) cannot be used with an HTTP server and we must always depend on the router settings ?
BitTorrent does work behind NAT, to a certain extent. It works better if port forwarding is configured, though.
BitTorrent works reasonably well behind NAT for the following reasons:
BitTorrent is peer-to-peer, and either peer can initiate a connection; therefore, communication will succeed if either of two peers is not behind NAT or properly port forwarded;
some BitTorrent clients are able to automatically set up port forwardings using uPNP or PMP;
modern BitTorrent clients use µTP instead of TCP, and some clients are able to perform UDP hole punching.
In my recent app I managed to send data (mostly audio) via UDP in my local network (WiFi) to other iPhone. And now I need to do this same but in WAN. Can You guys please point me in the right direction where to start? What I need to achieve this?
I'm using GCDAsyncSocket to manage sockets. I believe that I have to got server, where I can keep IP addresses of both devices.
Also, how can I connect to device behind NAT/Firewall? I'm guessing, that I need to have public IP address (scrapped for instance from http://checkip.dyndns.com/). And then do I need to traceroute? Or NSLookup? Or piggyback? Or do I need to use UDP hole punching?
I know it's a lot of question, but if you can just point me to the right technology, I would be very grateful.
To achieve a communication between two participants behind a NAT you could use Hole-Punching like you mentioned it. This is explained quite well here: http://en.wikipedia.org/wiki/UDP_hole_punching#Flow
Basically a Server with a Public IP and Port is used to share the Port-numbers of the iPhones.
But a NAT may use a different Port for every different IP the iPhone talks to. So if iPhone1 sends data to the server the NAT uses port X, but if iPhone1 wants to send data to a different IP the NAT may choose port Y. (See http://en.wikipedia.org/wiki/Network_address_translation#Symmetric_NAT)
To overcome this problem there is a protocol called UPnP and the lesser known NAT Port Mapping Protocol.
I am not well versed in UPnP but maybe someone else can provide some information on that.
The protocol NAT-PMP enables you to dynamically request an external port to be forwarded to your device. See http://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol, RFC 6886 .
This allows you to "predict" your external port and establish connections over NAT.