Access from a private or NAT Network¶
Foreword¶
For every asset and webpage, Genymotion instances are accessible through the HTTPS port 443. However, the display of the virtual devices use WebRTC connections through the non-standard port range 51000 to 51100 (UDP or TCP).
To workaround this, UDP and TCP are relayed by our STUN/TURN server by default if the TCP/UDP port range 51000 - 51100 is unreachable. However, this will fail (no device display) under the following circumstances:
Your local network has tight security¶
You may need to whitelist our STUN/TURN server IP if your local network has tight access security. To retrieve our TURN server IPs to whitelist, you can use the dig
command:
Alternatively, you can use your own TURN server to forward WebRTC connections.
The Genymotion instance has no public IP¶
If webRTC ports are not open in your firewall, the instance needs to be able to access the Internet to reach our TURN/STUN server via a Public IP:
However, if the instance has no Public IP, webRTC communication will fail:
and the device display will remain black:
The solution is to use your own TURN/STUN server within the virtual network to forward webRTC:
To do so, we will explain how to setup a TURN/STUN server and configure the Genymotion instance to use it.
Use your own TURN server¶
Installing a TURN server on Linux¶
We recommend using CoTURN server on Ubuntu Server 20.04LTS:
-
Add the Universe repository if it is not already activated:
-
Update and upgrade Ubuntu:
-
Reboot.
-
Install the server:
-
Edit the
/etc/default/coturn
file and un-commentTURNSERVER_ENABLED=1
to have CoTURN launch at boot. -
Edit the file
/etc/turnserver.conf
, un-commentlistening-port=3478
and change it tolistening-port=443
to have the CoTURN server listen on port 443:# TURN listener port for UDP and TCP (Default: 3478). # Note: actually, TLS & DTLS sessions can connect to the # "plain" TCP & UDP port(s), too - if allowed by configuration. # listening-port=443
Note
We have chosen to use TCP port 443 to ensure best compatibility with secured networks. Also, make sure no other servers are running and listening to this port, or CoTURN won't be able to use it.
-
Un-comment
listening-ip
and replace the default IP with your Ubuntu server IP: -
Add a user and password for your Genymotion virtual device by un-commenting
user=username1:password1
and replaceusername1
andpassword1
by the username and password of your choice:# 'Static' user accounts for long term credentials mechanism, only. # This option cannot be used with TURN REST API. # 'Static' user accounts are NOT dynamically checked by the turnserver process, # so that they can NOT be changed while the turnserver is running. # #user=username1:key1 #user=username2:key2 # OR: user=genymotion:123456 #user=username2:password2
-
Edit the file
/lib/systemd/system/coturn.service
and add the lineAmbientCapabilities=CAP_NET_BIND_SERVICE
in the[Service]
section:[Service] User=turnserver Group=turnserver Type=forking RuntimeDirectory=turnserver PIDFile=/run/turnserver/turnserver.pid ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid #FixMe: turnserver exit faster than it is finshing the setup and ready for handling the connection. ExecStartPost=/bin/sleep 2 Restart=on-failure InaccessibleDirectories=/home PrivateTmp=yes AmbientCapabilities=CAP_NET_BIND_SERVICE
-
Reboot the system.
-
Verify that the CoTURN server started correctly and is listening to port 443:
If everything is in order, you should get the following output:
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: Total General servers: 2
0: IO method (auth thread): epoll (with changelist)
0: IO method (admin thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/lib/turn/turndb
systemd[1]: Started coTURN STUN/TURN Server.
Tip
You may need to add inbound rules to your TURN/STUN server firewall to allow connections to TCP and UDP port 443 from your Genymotion instance.
Configuring the instance to use your TURN server¶
You need to configure your Genymotion instance to forward WebRTC to your STUN/TURN server:
-
Go to the Configuration panel of your instance:
-
In the TURN & STUN box, fill the form:
Note
TURN and STUN server URI synthax is
turn:xxx.xxx.xxx.xxx:443
andstun:xxx.xxx.xxx.xxx:443
, wherexxx.xxx.xxx.xxx
is your TURN/STUN server IP or URL. -
Click APPLY to apply the changes.
Info
TURNServerIP
andSTUN_IP
are your STUN/TURN server public IPusername1
andpassword1
are the username and password set in theturnserver.conf
file.geny_instance_IP
is Genymotion instance IP.
- Setup and connect the instance to ADB
-
Set the instance to use your turn server:
-
Set the STUN IP:
-
Set your turn server username and password:
You can also use a script like the following one to automate the process:
- Setup SSH
-
Connect to the instance shell:
ssh -i key.pem [email protected]_instance_IP
-
Set your turn server IP:
-
Set the STUN IP:
-
Set your turn server username and password:
You can also use a script like the following one:
#!/bin/bash
ssh -i key.pem [email protected]_instance_IP \
"setprop persist.webrtcd.turn-uri turn:TURNServerIP:443;\
setprop persist.webrtcd.stun-uri stun:STUN_IP:443;\
setprop persist.webrtcd.turn-username username1;\
setprop persist.webrtcd.turn-password password1"
The instance now uses your TURN/STUN server on port 443 for WebRTC connections.