<div dir="ltr">Sorry for bothering you, Danil, but I was trying to make something like `dtls:ssl_accept` work on udp sockets and then thought I would get more STUN requests to keep the connection in NATs "alive" after I finally `sslaccept` the socket. Would I have to somehow downgrade the dtls session back to udp? Or is there some other way?<div><br></div><div>Right now I'm thinking about a hacky approach: forking erlang's ssl library and checking for STUN packets in every `handle_datagram` call in `dtls_udp_listener`.</div><div><br></div><div>And thank you again, you've been incredibly helpful.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 29, 2017 at 5:55 PM, Facundo Olano <span dir="ltr"><<a href="mailto:facundo.olano@lambdaclass.com" target="_blank">facundo.olano@lambdaclass.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hi Danil! <br><br></div>The server code is for signaling (using websockets), but it also includes <a href="https://github.com/processone/stun" target="_blank">processone/stun</a> as a dependency, so it handles STUN/TURN as well. It also contains a couple of example applications that server javascript clients that connect to the server (both for signaling and ICE). The multiparty example uses a mesh. <br><br>To be honest I don't know what DTLS+SRTP is about :P<br><br></div>Thanks, <br></div>Facundo.<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 29, 2017 at 11:47 AM, Danil Zagoskin <span dir="ltr"><<a href="mailto:z@gosk.in" target="_blank">z@gosk.in</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Federico!<div><br>Is it just signalling server?<br>E.g. do you handle all the DTLS+SRTP stuff or just build a full mesh of participants? </div></div><div class="gmail_extra"><div><div class="m_-5877065857681709494h5"><br><div class="gmail_quote">On Fri, Dec 29, 2017 at 4:48 PM, Federico Carrone <span dir="ltr"><<a href="mailto:federico.carrone@gmail.com" target="_blank">federico.carrone@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Joe,<br><br></div>We are creating an open source erlang webrtc server replacement for <a href="http://appear.in" target="_blank">appear.in</a>. You can check it here: <a href="https://github.com/lambdaclass/webrtc-server" target="_blank">https://github.com/lambdaclass<wbr>/webrtc-server</a><br><br>We are using the processone stun library. I am not sure if this mail is of any help but might be interested in checking it since it is working fine.<br><div class="gmail_extra"><br></div><div class="gmail_extra">Regards,</div><div class="gmail_extra">Federico.<br></div><div><div class="m_-5877065857681709494m_-2151777202920352156h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 29, 2017 at 9:15 AM, Joe K <span dir="ltr"><<a href="mailto:goodjoe2049@gmail.com" target="_blank">goodjoe2049@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Tried this, hoped it would work, but it didn't ...<div><br></div><div><div> 1> {ok, Socket} = gen_udp:open(9090, [binary, {active, false}]).</div><div> {ok,#Port<0.441>}</div><div> 2> dtls:connect(Socket, []).</div><div> {error,{options,{not_supported<wbr>,{packet,0}}}}</div></div></div><div class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435HOEnZb"><div class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 29, 2017 at 2:21 PM, Joe K <span dir="ltr"><<a href="mailto:goodjoe2049@gmail.com" target="_blank">goodjoe2049@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><span><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">> Also you may try using external STUN server (check RTCPeerConnection docs) and hope browser starts with DTLS hello.</span><br><div><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></span></div></span><div><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">I've tried that, but the browser still sends STUN binding requests to the DTLS process. And it uses the STUN server just to find out it's address.</span></div><span><div><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:Arial,Helvetica,sans-serif;font-size:13px">> </span><span style="font-size:12.800000190734863px">It should be quite easy to implement and it would be consistent with ssl:connect/2 and ssl:ssl_accept for TCP sockets.</span></div><div><span style="font-size:12.800000190734863px"><br></span></div></span><div>Will try this now. Thank you.</div></div><div class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875HOEnZb"><div class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875h5"><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Dec 28, 2017 at 4:34 PM, Danil Zagoskin <span dir="ltr"><<a href="mailto:z@gosk.in" target="_blank">z@gosk.in</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">> <a style="font-size:12.8px">But now I don't know how to reply to both STUN binding request and then setup a DTLS session using erlang's ssl module.<br>Yes, dtls implementation lacks support of starting/accepting a handshake over existing socket.</a><div>It should be quite easy to implement and it would be consistent with ssl:connect/2 and ssl:ssl_accept for TCP sockets.</div><div><br></div><div>Also you may try using external STUN server (check RTCPeerConnection docs) and hope browser starts with DTLS hello.</div><div>If you try this, please share the results.</div><div class="gmail_extra"><br><div class="gmail_quote"><span>On Thu, Dec 28, 2017 at 3:26 PM, Joe K <span dir="ltr"><<a href="mailto:goodjoe2049@gmail.com" target="_blank">goodjoe2049@gmail.com</a>></span> wrote:<br></span><div><div class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187h5"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Oops, I forgot to reply to the mailing list in my last email.<div><br></div><div>The response was</div><div><br></div><div><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-"><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-m_2823626741477686338gmail-im" style="font-size:12.8px"> > Maybe browser sends STUN requests to your port when you expect DTLS hello?</span></span><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-"><div style="font-size:12.8px"> You are absolutely right, Wireshark shows that there are lots of STUN binding requests being made, I didn't think of that.</div></span><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-m_2823626741477686338gmail-im" style="font-size:12.8px"><div><br></div><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-"><div> > Do you use external STUN server?</div></span></span><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-"><div style="font-size:12.8px"> I don't use external STUN servers ... For some reason, I didn't think I would need them.</div></span><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-m_2823626741477686338gmail-im" style="font-size:12.8px"><div><br></div><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-"><div> > Also try checking <a style="font-family:"Times New Roman";font-size:medium">chrome://webrtc-inter<wbr>nals and </a><a style="font-family:"Times New Roman";font-size:medium">chrome://webrtc-logs for browser's view on what's going on.</a></div></span></span><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-"><div style="font-size:12.8px"><a style="font-family:"Times New Roman";font-size:medium"></a><a> chrome://webrtc-logs is empty for the webrtc whole session.</a></div></span></div><div style="font-size:12.8px"><a><br></a></div><div style="font-size:12.8px"><a>But now I don't know how to reply to both STUN binding request and then setup a DTLS session using erlang's ssl module.</a></div></div><div class="gmail_extra"><br><div class="gmail_quote"><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-">On Thu, Dec 28, 2017 at 1:28 AM, Danil Zagoskin <span dir="ltr"><<a href="mailto:z@gosk.in" target="_blank">z@gosk.in</a>></span> wrote:<br></span><div><div class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-h5"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi!<div>What do you see in Wireshark?</div><div>Did you see handshake between two browsers?</div><div>Is your application ready to receive the packet sent by browser?</div><div>Do you use external STUN server?</div><div>Maybe browser sends STUN requests to your port when you expect DTLS hello?</div><div><br></div><div>Also try checking <a style="font-family:"Times New Roman";font-size:medium">chrome://webrtc-inter<wbr>nals and </a><a style="font-family:"Times New Roman";font-size:medium">chrome://webrtc-logs for browser's view on what's going on.</a></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-m_2823626741477686338h5">On Thu, Dec 28, 2017 at 12:09 AM, Joe K <span dir="ltr"><<a href="mailto:goodjoe2049@gmail.com" target="_blank">goodjoe2049@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-m_2823626741477686338h5"><div dir="ltr">I'm trying to implement parts of webrtc stack with elixir/erlang and currently am stuck with setting up a dtls session.<div><br></div><div>The minimal example is, I think, the following (in console, erlang 20.2.2):</div><div><br></div><div><div> 2> ssl:start().</div><div> ok</div><div> 3> {ok, ListenSocket} = ssl:listen(8090, [</div><div> 3> binary,</div><div> 3> {ip, {0, 0, 0, 0}},</div><div> 3> {protocol, dtls},</div><div> 3> {keyfile, <<"priv/server.key">>},</div><div> 3> {certfile, <<"priv/server.pem">>},</div><div> 3> {active, false}</div><div> 3> ]).</div><div> {ok, ...}</div><div> 4> {ok, AcceptSocket} = ssl:transport_accept(ListenSoc<wbr>ket).</div><div> {ok,...}</div><div> 5> ssl:ssl_accept(AcceptSocket).</div><div> {error,{tls_alert,"record overflow"}}</div></div><div><br></div><div>And js (with chrome canary): <a href="https://gist.github.com/idi-ot/a07b7330ff02f90373a2dcfe83883afa" target="_blank">https://gist.github.c<wbr>om/idi-ot/a07b7330ff02f90373a2<wbr>dcfe83883afa</a></div><div><br></div><div>After {error,{tls_alert,"record overflow"}} the RTCPeerConnection's iceConnectionState becomes "failed" and the connection itself "closed".</div><div><br></div><div>I wonder what I am doing wrong.</div><div><br></div><div> openssl s_client -dtls1 -connect <a href="http://127.0.0.1:8089" target="_blank">127.0.0.1:8089</a> -debug</div><div><br></div><div>works fine with the code snippet above.</div></div>
<br></div></div>______________________________<wbr>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/list<wbr>info/erlang-questions</a><br>
<br></blockquote></div><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-m_2823626741477686338HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail-m_2823626741477686338m_1384859398565547069gmail_signature"><div dir="ltr"><div><font face="'courier new', monospace">Danil Zagoskin | <a href="mailto:z@gosk.in" target="_blank">z@gosk.in</a></font></div></div></div>
</font></span></div>
</blockquote></div></div></div><br></div>
</blockquote></div></div></div><span class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div>-- <br><div class="m_-5877065857681709494m_-2151777202920352156m_4585714452491948435m_5321160432428651875m_4761982678295456187m_7616966270093787426gmail_signature"><div dir="ltr"><div><font face="'courier new', monospace">Danil Zagoskin | <a href="mailto:z@gosk.in" target="_blank">z@gosk.in</a></font></div></div></div>
</font></span></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br>______________________________<wbr>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/list<wbr>info/erlang-questions</a><br>
<br></blockquote></div><br></div></div></div></div>
</blockquote></div><br><br clear="all"><div><br></div></div></div><span class="m_-5877065857681709494HOEnZb"><font color="#888888">-- <br><div class="m_-5877065857681709494m_-2151777202920352156gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><font face="'courier new', monospace">Danil Zagoskin | <a href="mailto:z@gosk.in" target="_blank">z@gosk.in</a></font></div></div></div>
</font></span></div>
<br>______________________________<wbr>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/list<wbr>info/erlang-questions</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>