Changeset

12384:53b4549c2209

prosodyctl: check turn: Add check for private IP returned from STUN.
author Matthew Wild <mwild1@gmail.com>
date Sat, 05 Mar 2022 20:34:58 +0000
parents 12383:a9b6ed86b573
children 12385:92b35a41bb3c
files util/prosodyctl/check.lua
diffstat 1 files changed, 4 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/util/prosodyctl/check.lua	Sat Mar 05 20:34:24 2022 +0000
+++ b/util/prosodyctl/check.lua	Sat Mar 05 20:34:58 2022 +0000
@@ -63,6 +63,7 @@
 
 local function check_turn_service(turn_service, ping_service)
 	local stun = require "net.stun";
+	local ip = require "util.ip";
 
 	-- Create UDP socket for communication with the server
 	local sock = assert(require "socket".udp());
@@ -103,6 +104,9 @@
 		result.error = "STUN server did not return an address";
 		return result;
 	end
+	if ip.new_ip(result.external_ip.address).private then
+		table.insert(result.warnings, "STUN returned a private IP! Is the TURN server behind a NAT and misconfigured?");
+	end
 
 	-- Send a TURN "allocate" request. Expected to fail due to auth, but
 	-- necessary to obtain a valid realm/nonce from the server.