# Access an Instance from an Enterprise Network (NAT)
With Genymotion PaaS PaaS, users give or get access to virtual devices through the Internet. Thus, they must be able to connect to them from their corporate network and configure them to make them reachable.
For every asset and webpage, Genymotion PaaS instances are accessible through the HTTPS port 443. However, WebRTC connections, needed to display the virtual devices in the web browser, use an alternative protocol relying on the non-standard port range 51003 to 51100 (UDP or TCP). This might cause problems to users who are behind a web proxy to access the Internet.
To workaround this, UDP and TCP are relayed by our STUN/TURN server by default. If your instances do not have a public IP, it may be necessary to whitelist our STUN/TURN server IP in order to be able to access the instance display from the web.
Note
To retrieve our TURN server IPs to whitelist, you can use the dig command:
dig turn-paas.genymotion.com +short
Alternatively, users and/or companies may want or need to use their own TURN server for their network infrastructure.
This section explains how to install and configure a custom TURN server. The server can be installed on a remote machine that needs to be accessible publicly within the company network.
# Installing a TURN server on Linux
We recommend installing a CoTURN server which is available in Ubuntu Server 18.04LTS.
To install a CoTURN server:
- If the Universe repository is not already activated, add it using
sudo apt-add-repository universe. - Install the server using
sudo apt-get install coturn. - Make sure the server restarts on boot by un-commenting
TURNSERVER_ENABLED=1in/etc/default/coturnfile. - Modify the configuration file
/etc/turnserver.confto have the CoTURN server listen on port 443:- Make sure the server listens to port 443 by un-commenting
listening-port=3478and changing it tolistening-port=443 - Add a user and password for your Genymotion virtual device by un-commenting
user=your-username:your-password.
- Make sure the server listens to port 443 by un-commenting
- Restart your computer.
- Make sure the CoTURN server started correctly and that it is listening on port 443 by checking the most recent log file (
/var/log/turn_xxxx_2017-02-01.logwhere xxxx changes at each server boot). - Make sure no other servers are running and listening on port 443, or CoTURN won't be able to use it.
# Configuring the instance to use the TURN server
First, you need to authorize the TURN server public IP in your cloud provider EC2 firewall rules so that it can access your virtual device.
Next, to make sure the web browser uses the TURN server, you must add its configuration to the web page that is served by the Genymotion device internal web server.
To do so:
# Configure the TURN server from the instance web UI 7.0
To configure TURN or STUN, go to the Configuration section of your instance:
Note
You can also reach the instance Configuration section with the URL https://X.X.X.X/configuration (opens new window), where X.X.X.X is your instance public IP address.
Then go in the TURN & STUN section and fill the form:
# Configure the TURN server from command line (ssh)
Connect to the device using SSH. For more information, you can refer to section Accessing an instance with SSH.
From the
/data/www/iframe/directory of theindex.htmlpage, add a TURN element in the options element:var options = { template: "god_default", god: true, token: (typeof token !== 'undefined') ? token : 'genymotion', turn: { urls: [ 'turn:TURNServerPublicIP:443?transport=tcp', 'turn:TURNServerPublicIP:443?transport=udp' ], username:'username1', credential:'password1' } };TURNServerPublicIPis your TURN server public IP.username1is the username set inturnserver.conffile.password1is the password set inturnserver.conffile.
Important
Don't forget to add a comma at the end of the previous line in the options structure.
Your web browser now uses the TURN server on port 443.