Skip to content

Access from a private or NAT Network

Foreword

For every asset and webpage, Genymotion instances are accessible through the HTTPS port 443. However, the display of the virtual devices use WebRTC connections through the non-standard port range 51000 to 51100 (UDP or TCP).

To workaround this, UDP and TCP are relayed by our STUN/TURN server by default if the TCP/UDP port range 51000 - 51100 is unreachable. However, this will fail (no device display) under the following circumstances:

Your local network has tight security

You may need to whitelist our STUN/TURN server IP if your local network has tight access security. To retrieve our TURN server IPs to whitelist, you can use the dig command:

dig turn-paas.genymotion.com +short

Alternatively, you can use your own TURN server to forward WebRTC connections.

The Genymotion instance has no public IP

If webRTC ports are not open in your firewall, the instance needs to be able to access the Internet to reach our TURN/STUN server via a Public IP:

With Public Ip

However, if the instance has no Public IP, webRTC communication will fail:

No Public IP

and the device display will remain black:

no display

The solution is to use your own TURN/STUN server within the virtual network to forward webRTC:

turn

To do so, we will explain how to setup a TURN/STUN server and configure the Genymotion instance to use it.

Use your own TURN server

Installing a TURN server on Linux

We recommend using CoTURN server on Ubuntu Server 20.04LTS:

  1. Add the Universe repository if it is not already activated:

    sudo apt-add-repository universe
    
  2. Update and upgrade Ubuntu:

    sudo apt update && sudo apt upgrade
    
  3. Reboot.

  4. Install the server:

    sudo apt-get install coturn
    
  5. Edit the /etc/default/coturn file and un-comment TURNSERVER_ENABLED=1 to have CoTURN launch at boot.

  6. Edit the file /etc/turnserver.conf, un-comment listening-port=3478 and change it to listening-port=443 to have the CoTURN server listen on port 443:

    # TURN listener port for UDP and TCP (Default: 3478).
    # Note: actually, TLS & DTLS sessions can connect to the 
    # "plain" TCP & UDP port(s), too - if allowed by configuration.
    #
    listening-port=443
    

    Note

    We have chosen to use TCP port 443 to ensure best compatibility with secured networks. Also, make sure no other servers are running and listening to this port, or CoTURN won't be able to use it.

  7. Un-comment listening-ip and replace the default IP with your Ubuntu server IP:

    # Specify listening IP, if not set then Coturn listens on all system IPs. 
    listening-ip=xxx.xxx.xxx.xxx
    
  8. Add a user and password for your Genymotion virtual device by un-commenting user=username1:password1 and replace username1 and password1 by the username and password of your choice:

    # 'Static' user accounts for long term credentials mechanism, only.
    # This option cannot be used with TURN REST API.
    # 'Static' user accounts are NOT dynamically checked by the turnserver process, 
    # so that they can NOT be changed while the turnserver is running.
    #
    #user=username1:key1
    #user=username2:key2
    # OR:
    user=genymotion:123456
    #user=username2:password2
    
  9. Edit the file /lib/systemd/system/coturn.service and add the line AmbientCapabilities=CAP_NET_BIND_SERVICE in the [Service] section:

    [Service]
    User=turnserver
    Group=turnserver
    Type=forking
    RuntimeDirectory=turnserver
    PIDFile=/run/turnserver/turnserver.pid
    ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid
    #FixMe: turnserver exit faster than it is finshing the setup and ready for handling the connection.
    ExecStartPost=/bin/sleep 2
    Restart=on-failure
    InaccessibleDirectories=/home
    PrivateTmp=yes
    AmbientCapabilities=CAP_NET_BIND_SERVICE
    
  10. Reboot the system.

  11. Verify that the CoTURN server started correctly and is listening to port 443:

    sudo systemctl status coturn
    

If everything is in order, you should get the following output:

0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: Total General servers: 2
0: IO method (auth thread): epoll (with changelist)
0: IO method (admin thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: SQLite DB connection success: /var/lib/turn/turndb
systemd[1]: Started coTURN STUN/TURN Server.

Tip

You may need to add inbound rules to your TURN/STUN server firewall to allow connections to TCP and UDP port 443 from your Genymotion instance.

Configuring the instance to use your TURN server

You need to configure your Genymotion instance to forward WebRTC to your STUN/TURN server:

Version badge

  1. Go to the Configuration panel of your instance:

    Configuration screenshot

  2. In the TURN & STUN box, fill the form:

    Note

    TURN and STUN server URI synthax is turn:xxx.xxx.xxx.xxx:443 and stun:xxx.xxx.xxx.xxx:443, where xxx.xxx.xxx.xxx is your TURN/STUN server IP or URL.

    Turn screenshot

  3. Click APPLY to apply the changes.

Version badge

Info

  • TURNServerIP and STUN_IP are your STUN/TURN server public IP
  • username1 and password1 are the username and password set in the turnserver.conf file.
  • geny_instance_IP is Genymotion instance IP.
  1. Setup and connect the instance to ADB
  2. Set the instance to use your turn server:

    adb shell setprop persist.webrtcd.turn-uri turn:TURNServerIP:443
    
  3. Set the STUN IP:

    adb shell setprop persist.webrtcd.stun-uri stun:STUN_IP:443
    
  4. Set your turn server username and password:

    adb shell setprop persist.webrtcd.turn-username username1 && adb shell setprop persist.webrtcd.turn-password password1
    

You can also use a script like the following one to automate the process:

#!/bin/bash
adb shell "setprop persist.webrtcd.turn-uri turn:TURNServerIP:443;\
setprop persist.webrtcd.stun-uri stun:STUN_IP:443;\
setprop persist.webrtcd.turn-username username1;\
setprop persist.webrtcd.turn-password password1"
  1. Setup SSH
  2. Connect to the instance shell:

    ssh -i key.pem [email protected]_instance_IP
    
  3. Set your turn server IP:

    setprop persist.webrtcd.turn-uri turn:TURNServerIP:443
    
  4. Set the STUN IP:

    setprop persist.webrtcd.stun-uri stun:STUN_IP:443
    
  5. Set your turn server username and password:

    setprop persist.webrtcd.turn-username username1 && setprop persist.webrtcd.turn-password password1
    

You can also use a script like the following one:

#!/bin/bash
ssh -i key.pem [email protected]_instance_IP \
"setprop persist.webrtcd.turn-uri turn:TURNServerIP:443;\
setprop persist.webrtcd.stun-uri stun:STUN_IP:443;\
setprop persist.webrtcd.turn-username username1;\
setprop persist.webrtcd.turn-password password1"

The instance now uses your TURN/STUN server on port 443 for WebRTC connections.

Back to top