Overcoming Restricted Networks for WebRTC with Ant Media Server in 2 Steps

Imagine being in a restricted network environment where only HTTP/HTTPS ports are open to the outside world, and you want to publish and play WebRTC streams using Ant Media Server. In such a scenario, network restrictions can prevent WebRTC from functioning properly. This guide will show you how to overcome these limitations using a TURN server and Ant Media Server.

What is a TURN Server?

A TURN server is a relay that helps WebRTC clients communicate when direct peer-to-peer (P2P) connections are blocked due to network restrictions like firewalls or NAT (Network Address Translation). Unlike STUN servers, which help clients discover their public IP addresses, TURN servers relay all media traffic between peers, making them essential for WebRTC in highly restricted environments.

Why is a TURN Server Important for WebRTC?

WebRTC requires direct peer-to-peer communication, but in restricted networks, direct connectivity might not be possible due to firewall rules allowing only certain ports (like 80 and 443). A TURN server helps in such cases by:

• Relaying WebRTC traffic through an accessible port.
• Ensuring reliable media transmission when direct communication fails.
• Providing a workaround for corporate firewalls and symmetric NATs that block direct connections.

Prerequisites

Before we begin, ensure you have the following:

• Ant Media Server Enterprise Edition installed.
• A TURN server setup to relay WebRTC traffic.

Step 1: Install and Configure the TURN Server

We will use Coturn as the TURN server.

1. Install Coturn
   Run the following commands to update your package list and install Coturn:
   

   sudo apt update
   sudo apt install coturn

2. Allow Coturn to Run on Privileged Ports
   Update the Coturn service file to allow running on ports below 1024:
   

   sed -i -e 's/^User=.*/User=root/' -e 's/^Group=.*/Group=root/' /etc/systemd/system/multi-user.target.wants/coturn.service
   
   systemctl daemon-reload

3. Configure Coturn
   Edit the configuration file /etc/turnserver.conf and add the following parameters:
   

   lt-cred-mech 
   user=your-username:your-password 
   realm=your-server-host-name 
   listening-port=80 
   listening-tls-port=443 
   alt-listening-port=3478 
   alt-tls-listening-port=5349 
   proto=tcp 
   syslog 
   cert=/etc/ssl/{YOUR-DOMAIN-CERT}.pem 
   pkey=/etc/ssl/{YOUR-DOMAIN-KEY}.pem
4. Restart Coturn
   Apply the configuration changes by restarting the Coturn service:
   

   systemctl restart coturn

5. Verify Coturn is Running
   Ensure Coturn is running on the desired ports:
   

   lsof -i:80 -i:443

Once the TURN server is running, you can test its functionality to ensure proper configuration using this address.

Step 2: Configure Ant Media Server

1. Install Ant Media Server
   Follow the official installation guide to set up Ant Media Server Enterprise Edition.
   Alternatively, you can also quickly launch Ant Media Server from cloud marketplaces like AWS, Azure, GCP, etc.
   
2. Enable SSL
   Ensure SSL is configured and your Ant Media Server is accessible at https://your-ams:5443
   
3. Update TURN Settings
   Log in to Ant Media Server and navigate to Settings > Advanced in your application. Update the following fields:
   

   stunServerURI=turn:your-turn-server-address:443?transport=tcp 
   turnServerUsername=your-turn-server-username 
   turnServerCredential=your-turn-server-password

4. Update Client-Side TURN Configuration
   For the default sample files (samples/publish_webrtc.html and samples/player.html), modify the ICE configuration:
   
   

   var pc_config =
   {
       'iceServers': [
           {
               'urls': 'stun:stun1.l.google.com:19302'
           },
           {
               'urls': 'turn:your-turn-server-address:443?transport=tcp',
               'username': 'your-turn-server-username',
               'credential': 'your-turn-server-password'
           }]
   }

Congratulations! Now you can successfully publish & play Webrtc using Ant Media Server even in a restricted environment.

Publish WebRTC Stream

Now that the Ant Media Server is running & the TURN server is also configured, let’s publish a WebRTC stream from the restricted network using the sample WebRTC publishing page.

The sample WebRTC publish page can be accessed at: https://your-ams:5443/live

Similarly, you can publish & play WebRTC streams at ease even from restricted networks using the Ant Media Server.

Conclusion

Setting up a TURN server and configuring it with Ant Media Server allows you to seamlessly use WebRTC in restricted networks where only HTTP/HTTPS ports are open. This solution ensures uninterrupted communication with the outside world, enabling reliable video streaming through Ant Media Server.

By optimizing your WebRTC setup with the right tools, you can overcome network limitations and achieve smooth, reliable performance even in restricted environments.