Ubuntu
coturn package

coturn does not start after update of Jan 13 '21 (20.04.1 LTS)

Bug #1911860 reported by Matthias
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
coturn (Ubuntu)
Incomplete
High
Paulo Flabiano Smorigo

Bug Description

After automatic update in the morning of Jan 13, 2021, the turnserver (package coturn) is not starting anymore. (no other changes, all packages are up to date, including kept-back files).

syslog:
Jan 15 08:08:52 coturn turnserver: 0: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:80
Jan 15 08:08:52 coturn turnserver: 0: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:80, again...

1. port 80 is NOT in use! ("nmap localhost" is listing port 25 only)
2. I guess this is a compile problem (linked to outdated libs?)

This is related to (ubuntu 20.04.1 LTS) running in a kvm

Thx

Matthias

full log related to turnserver process:

Jan 15 08:08:46 coturn turnserver: 0: #012RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server#012Version Coturn-4.5.1.1 'dan Eider'
Jan 15 08:08:46 coturn turnserver: 0: #012Max number of open files/sockets allowed for this process: 524288
Jan 15 08:08:46 coturn turnserver: 0: #012Due to the open files/sockets limitation,#012max supported number of TURN Sessions possible is: 262000 (a
pproximately)
Jan 15 08:08:46 coturn turnserver: 0: #012#012==== Show him the instruments, Practical Frost: ====#012
Jan 15 08:08:46 coturn turnserver: 0: TLS supported
Jan 15 08:08:46 coturn turnserver: 0: DTLS supported
Jan 15 08:08:46 coturn turnserver: 0: DTLS 1.2 supported
Jan 15 08:08:46 coturn turnserver: 0: TURN/STUN ALPN supported
Jan 15 08:08:46 coturn turnserver: 0: Third-party authorization (oAuth) supported
Jan 15 08:08:46 coturn turnserver: 0: GCM (AEAD) supported
Jan 15 08:08:46 coturn turnserver: 0: OpenSSL compile-time version: OpenSSL 1.1.1f 31 Mar 2020 (0x1010106f)
Jan 15 08:08:46 coturn turnserver: 0:
Jan 15 08:08:46 coturn turnserver: 0: SQLite supported, default database location is /var/lib/turn/turndb
Jan 15 08:08:46 coturn turnserver: 0: Redis supported
Jan 15 08:08:46 coturn turnserver: 0: PostgreSQL supported
Jan 15 08:08:46 coturn turnserver: 0: MySQL supported
Jan 15 08:08:46 coturn turnserver: 0: MongoDB is not supported
Jan 15 08:08:46 coturn turnserver: 0:
Jan 15 08:08:46 coturn turnserver: 0: Default Net Engine version: 3 (UDP thread per CPU core)#012#012==============================================
=======#012
Jan 15 08:08:46 coturn turnserver: 0: Domain name:
Jan 15 08:08:46 coturn turnserver: 0: Default realm: coturn.anon.com
Jan 15 08:08:46 coturn turnserver: 0: #012CONFIGURATION ALERT: You specified --lt-cred-mech and --use-auth-secret in the same time.#012Be aware tha
t you could not mix the username/password and the shared secret based auth methohds. #012Shared secret overrides username/password based auth metho
d. Check your configuration!
Jan 15 08:08:46 coturn turnserver: 0: SSL23: Certificate file found: /etc/letsencrypt/live/coturn.anon.com/fullchain.pem
Jan 15 08:08:46 coturn turnserver: 0: SSL23: Private key file found: /etc/letsencrypt/live/coturn.anon.com/privkey.pem
Jan 15 08:08:46 coturn turnserver: 0: TLS1.2: Certificate file found: /etc/letsencrypt/live/coturn.anon.com/fullchain.pem
Jan 15 08:08:46 coturn turnserver: 0: TLS1.2: Private key file found: /etc/letsencrypt/live/coturn.anon.com/privkey.pem
Jan 15 08:08:46 coturn turnserver: 0: TLS cipher suite: ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA
+AES:!aNULL:!MD5:!DSS
Jan 15 08:08:46 coturn turnserver: 0: DTLS: Certificate file found: /etc/letsencrypt/live/coturn.anon.com/fullchain.pem
Jan 15 08:08:46 coturn turnserver: 0: DTLS: Private key file found: /etc/letsencrypt/live/coturn.anon.com/privkey.pem
Jan 15 08:08:46 coturn turnserver: 0: DTLS1.2: Certificate file found: /etc/letsencrypt/live/coturn.anon.com/fullchain.pem
Jan 15 08:08:46 coturn turnserver: 0: DTLS1.2: Private key file found: /etc/letsencrypt/live/coturn.anon.com/privkey.pem
Jan 15 08:08:46 coturn turnserver: 0: DTLS cipher suite: ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RS
A+AES:!aNULL:!MD5:!DSS
Jan 15 08:08:46 coturn turnserver: 0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
Jan 15 08:08:46 coturn turnserver: 0: ===========Discovering listener addresses: =========
Jan 15 08:08:46 coturn turnserver: 0: Listener address to use: 127.0.0.1
Jan 15 08:08:46 coturn turnserver: 0: Listener address to use: 83.xxx.xx.181
Jan 15 08:08:46 coturn turnserver: 0: Listener address to use: 192.168.60.213
Jan 15 08:08:46 coturn turnserver: 0: Listener address to use: ::1
Jan 15 08:08:46 coturn turnserver: 0: =====================================================
Jan 15 08:08:46 coturn turnserver: 0: Total: 2 'real' addresses discovered
Jan 15 08:08:46 coturn turnserver: 0: =====================================================
Jan 15 08:08:46 coturn turnserver: 0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
Jan 15 08:08:46 coturn turnserver: 0: ===========Discovering relay addresses: =============
Jan 15 08:08:46 coturn turnserver: 0: Relay address to use: 83.xxx.xx.181
Jan 15 08:08:46 coturn turnserver: 0: Relay address to use: 192.168.60.213
Jan 15 08:08:46 coturn turnserver: 0: Relay address to use: ::1
Jan 15 08:08:46 coturn turnserver: 0: =====================================================
Jan 15 08:08:46 coturn turnserver: 0: Total: 3 relay addresses discovered
Jan 15 08:08:46 coturn turnserver: 0: =====================================================
Jan 15 08:08:46 coturn turnserver: 0: pid file created: /run/turnserver/turnserver.pid
Jan 15 08:08:46 coturn turnserver: 0: IO method (main listener thread): epoll (with changelist)
Jan 15 08:08:46 coturn turnserver: 0: Wait for relay ports initialization...
Jan 15 08:08:46 coturn turnserver: 0: relay 83.xxx.xx.181 initialization...
Jan 15 08:08:46 coturn turnserver: 0: relay 83.xxx.xx.181 initialization done
Jan 15 08:08:46 coturn turnserver: 0: relay 192.168.60.213 initialization...
Jan 15 08:08:46 coturn turnserver: 0: relay 192.168.60.213 initialization done
Jan 15 08:08:46 coturn turnserver: 0: relay ::1 initialization...
Jan 15 08:08:46 coturn turnserver: 0: relay ::1 initialization done
Jan 15 08:08:46 coturn turnserver: 0: Relay ports initialization done
Jan 15 08:08:46 coturn turnserver: 0: IO method (general relay thread): epoll (with changelist)
Jan 15 08:08:46 coturn turnserver: 0: turn server id=0 created
Jan 15 08:08:46 coturn turnserver: 0: IO method (general relay thread): epoll (with changelist)
Jan 15 08:08:46 coturn turnserver: 0: turn server id=1 created
Jan 15 08:08:46 coturn turnserver: 0: Trying to bind fd 16 to <127.0.0.1:80>: errno=13
Jan 15 08:08:46 coturn turnserver: 0: Cannot bind DTLS/UDP listener socket to addr 127.0.0.1:80
Jan 15 08:08:46 coturn turnserver: 0: Trying to bind DTLS/UDP listener socket to addr 127.0.0.1:80, again...
Jan 15 08:08:46 coturn turnserver: 0: Trying to bind fd 17 to <127.0.0.1:80>: errno=13
Jan 15 08:08:46 coturn turnserver: 0: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:80
Jan 15 08:08:46 coturn turnserver: 0: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:80, again...
Jan 15 08:08:46 coturn turnserver: 0: Trying to bind fd 18 to <127.0.0.1:80>: errno=13
Jan 15 08:08:46 coturn turnserver: 0: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:80
Jan 15 08:08:46 coturn turnserver: 0: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:80, again...
Jan 15 08:08:47 coturn turnserver: 0: Trying to bind fd 16 to <127.0.0.1:80>: errno=13
Jan 15 08:08:47 coturn turnserver: 0: Cannot bind DTLS/UDP listener socket to addr 127.0.0.1:80

See original description
Logan Rosen (logan)
tags: added: regression-update
summary: - coturn does not start after update of Jan 13 '20 (20.04.1 LTS)
+ coturn does not start after update of Jan 13 '21 (20.04.1 LTS)
description: updated
Steve Langasek (vorlon)
tags: added: regression-security
tags: removed: regression-security
tags: added: regression-security
Changed in coturn (Ubuntu):
importance: Undecided → High
assignee: nobody → Paulo Flabiano Smorigo (pfsmorigo)
Revision history for this message
Andrea Xheli (andyxheli27) wrote :
Download full text (10.2 KiB)

root@ubuntu:~# tail -f /var/log/coturn.log
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 26 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 25 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 28 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 24 to <66.158.36.56:80>: errno=13
0: Cannot bind DTLS/UDP listener socket to addr 66.158.36.56:80
0: Trying to bind DTLS/UDP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 27 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 26 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 25 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 28 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 24 to <66.158.36.56:80>: errno=13
0: Cannot bind DTLS/UDP listener socket to addr 66.158.36.56:80
0: Trying to bind DTLS/UDP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 27 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 26 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 25 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 28 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 24 to <66.158.36.56:80>: errno=13
0: Cannot bind DTLS/UDP listener socket to addr 66.158.36.56:80
0: Trying to bind DTLS/UDP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 27 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to addr 66.158.36.56:80, again...
0: Trying to bind fd 26 to <66.158.36.56:80>: errno=13
0: Cannot bind TLS/TCP listener socket to addr 66.158.36.56:80
0: Trying to bind TLS/TCP listener socket to ad...

Revision history for this message
Christian (codiflow) wrote :

Seems like the problem is that you are using a port below 1024 for coturn.

As these ports need coturn to be started as root or as an alternative you can modify the file /lib/systemd/system/coturn.service and include AmbientCapabilities=CAP_NET_BIND_SERVICE in the [Service] section. Afterwards the coturn server should be working again.

Source: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964009#5

Revision history for this message
Christian (codiflow) wrote :

And don't forget to do a "systemctl daemon-reload" after editing the unitfile.

Revision history for this message
Matthias (leonixe) wrote :

Thx!

/lib/systemd/system/coturn.service :
[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE

Solved it!

M.

Revision history for this message
Dweia (dweia) wrote :

I would NOT recommend, using /lib/systemd/system/coturn.service directly. It's bound to be overwritten the next time the package ist updated.

Changes to systemc units should go in /etc/systemd/system/coturn.service.d/override.conf and can best be applied using the command

systemctl edit coturn

The overide.conf file needs only the two lines mentioned above:

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE

Revision history for this message
Christian (codiflow) wrote :

@Dweia:
Thanks for this hint! Didn't know that :-)

Revision history for this message
Luis Felipe (llazcanoster) wrote :

Same output in two Ubuntu server 20.04:

...
0: Trying to bind fd 46 to <127.0.0.1:3478>: errno=98
0: Cannot bind TLS/TCP listener socket to addr 127.0.0.1:3478
0: Trying to bind TLS/TCP listener socket to addr 127.0.0.1:3478, again...
etc..

I have tried AmbientCapabilities=CAP_NET_BIND_SERVICE but don't work

If any information on my part could be useful, I am available.

Andrea Xheli (andyxheli27)
Changed in coturn (Ubuntu):
status: New → Incomplete
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.