# Access from an Enterprise Network (NAT)

With Genymotion Device image (PaaS), users give or get access to virtual devices through the Internet. Thus, they must be able to connect to them from their corporate network and configure them to make them reachable.

For every asset and webpage, Genymotion instances are accessible through the HTTPS port 443. However, WebRTC connections, needed to display the virtual devices in the web browser, use an alternative protocol relying on the non-standard port range 51003 to 51100 (UDP or TCP). This might cause problems to users who are behind a web proxy or a NAT network.

To workaround this, UDP and TCP are relayed by our STUN/TURN server by default. However, this may fail (no display) under the following circumstances:

  • Your local network has tight security

    You may need to whitelist our STUN/TURN server IP if your local network has tight access security. To retrieve our TURN server IPs to whitelist, you can use the dig command:

    dig turn-paas.genymotion.com +short

    Alternatively, you can use your own TURN server.

  • The Genymotion instance has no public IP and/or no or limited access to the Internet

    The instance needs to be able to access the Internet to reach our TURN/STUN server. Without a public IP, you will either need a gateway within the instance VPC or use your own TURN/STUN server.

# Use your own TURN server

# Installing a TURN server on Linux

We recommend installing the CoTURN server on a server or virtual machine with Ubuntu Server 20.04LTS.

To install a CoTURN server:

  1. If the Universe repository is not already activated, add it:

    sudo apt-add-repository universe
  2. Install the server:

    sudo apt-get install coturn
  3. Make sure the server restarts on boot by un-commenting TURNSERVER_ENABLED=1 in /etc/default/coturn file.

  4. Modify the configuration file /etc/turnserver.conf to have the CoTURN server listen on port 443:

    • Make sure the server listens to port 443 by un-commenting listening-port=3478 and changing it to listening-port=443
    • Add a user and password for your Genymotion virtual device by un-commenting user={your-username}:{your-password}
  5. Reboot.

  6. Make sure the CoTURN server started correctly and that it is listening on port 443 by checking the most recent log file (/var/log/turn_xxxx_2017-02-01.log where xxxx changes at each server boot).

  7. Make sure no other servers are running and listening on port 443, or CoTURN won't be able to use it.

# Configuring the instance to use your TURN server

First, you need to authorize the TURN server public IP in your cloud provider EC2 firewall rules so that it can access your virtual device.

Next, to make sure the web browser uses the TURN server, you must add its configuration to the web page that is served by the Genymotion device internal web server:

Your web browser now uses the TURN server on port 443.