TURN_SERVER - Traversal Using Relays around NAT
What is TURN_SERVER?
TURN stands for Traversal Using Relays around NAT. It is a protocol that allows clients behind NAT (Network Address Translation) or firewalls to receive and send media (like voice or video) by relaying it through a TURN server.
Why is TURN useful?
Enables peer-to-peer communication even when direct connectivity is blocked by NAT/firewalls
Ensures reliable media delivery in restrictive network environments
Works with WebRTC, VoIP, and video conferencing systems
Provides fallback when STUN or ICE fails to establish direct paths
How it works?
Allocate Request – Client asks the TURN server to allocate a public relay address
Server Response – TURN server provides a relay IP and port
Permission Creation – Client tells the server which peers it wants to communicate with
Channel Binding – Client binds a channel number to a peer for efficient transfer
Data Relay – TURN server relays all media/data between peers
Where is TURN used?
WebRTC applications – For video/audio calls in browsers
VoIP systems – To ensure call connectivity across NATs
Enterprise networks – Where strict firewalls block direct peer communication
Mobile apps – That require real-time communication in varied network conditions
Which OSI layer does TURN belong to?
TURN operates at the Application Layer (Layer 7)
It manages session control and relay logic
It defines message types like Allocate, CreatePermission, ChannelBind, Send, and Data
Although it uses UDP or TCP (commonly port 3478) for transport, the protocol logic resides at Layer 7
Topics in this section,
In this section, you are going to learn
Terminology
Version Info
sno |
Stun version |
RFC - Version |
Core / Contribution |
Year |
|
|---|---|---|---|---|---|
1 |
STUN |
RFC 3489 |
Jonathan Rosenberg et al. |
2003 |
|
2 |
STUN (Updated) |
RFC 5389 |
Jonathan Rosenberg, Rohan Mahy, Philip Matthews |
2008 |
|
3 |
TURN |
RFC 5766 |
Rohan Mahy, Philip Matthews, Jonathan Rosenberg |
2010 |
|
4 |
TURN (Updated) |
RFC 8656 |
Tirumaleswar Reddy.K, Alan Johnston, Philip Matthews |
2020 |
Setup
Setup
Allocate Request
S.No |
Protocol Packet |
Description |
Size(Bytes) |
|---|---|---|---|
1 |
Allocate Request |
Client requests allocation of relay address on TURN server. |
80120 |
Version |
TURN protocol version (STUN-based) |
1 |
|
Transaction ID |
Unique identifier for the request |
12 |
|
Username |
Authentication username |
variable |
|
Realm |
Authentication realm |
variable |
|
Nonce |
Authentication nonce |
variable |
|
Requested Transport |
Protocol requested (e.g., UDP) |
4 |
|
Allocate Response
2 |
Allocate Response |
Server responds with allocated relay address and port. |
100160 |
|---|---|---|---|
Version |
TURN protocol version |
1 |
|
Transaction ID |
Matches the request |
12 |
|
XOR-Relayed-Address |
Relay IP and port assigned |
variable |
|
Lifetime |
Duration of allocation |
4 |
|
XOR-Mapped-Address |
Client’s public IP and port |
variable |
|
Error Code |
Error information if any |
optional |
|
CreatePermission Request
3 |
CreatePermission Request |
Client requests permission to communicate with peer. |
80100 |
|---|---|---|---|
Version |
TURN protocol version |
1 |
|
Transaction ID |
Unique identifier for the request |
12 |
|
Peer Address |
IP and port of the peer |
variable |
|
CreatePermission Response
4 |
CreatePermission Response |
Server acknowledges permission creation. |
80100 |
|---|---|---|---|
Version |
TURN protocol version |
1 |
|
Transaction ID |
Matches the request |
12 |
|
Error Code |
Error information if any |
optional |
|
ChannelBind Request
5 |
ChannelBind Request |
Client binds a channel number to peer address. |
80100 |
|---|---|---|---|
Version |
TURN protocol version |
1 |
|
Transaction ID |
Unique identifier for the request |
12 |
|
Channel Number |
Short identifier for the peer |
2 |
|
Peer Address |
IP and port of the peer |
variable |
|
ChannelBind Response
6 |
ChannelBind Response |
Server confirms channel binding. |
80100 |
|---|---|---|---|
Version |
TURN protocol version |
1 |
|
Transaction ID |
Matches the request |
12 |
|
Error Code |
Error information if any |
optional |
|
Send Indication
7 |
Send Indication |
Client sends data to peer via TURN server. |
Variable |
|---|---|---|---|
Version |
TURN protocol version |
1 |
|
Transaction ID |
Unique identifier for the indication |
12 |
|
Peer Address |
Destination peer address |
variable |
|
Data |
Payload to be sent |
variable |
|
Data Indication
8 |
Data Indication |
Server relays data from peer to client. |
Variable |
|---|---|---|---|
Version |
TURN protocol version |
1 |
|
Transaction ID |
Unique identifier for the indication |
12 |
|
Peer Address |
Source peer address |
variable |
|
Data |
Payload received from peer |
variable |
|
sno |
Use cases |
Description |
|---|---|---|
1 |
NAT Traversal |
TURN relays media when direct peer-to-peer communication is blocked by NAT. |
2 |
WebRTC Communication |
Used in WebRTC to ensure reliable media delivery when STUN fails. |
3 |
VoIP Applications |
Ensures voice packets are delivered even in restrictive network conditions. |
4 |
Firewall Bypass |
Helps bypass strict firewalls that block UDP or peer-to-peer traffic. |
5 |
Secure Media Relay |
Supports encrypted transport (TLS/DTLS) for secure media transmission. |
6 |
Mobile Networks |
Assists in maintaining connections in mobile networks with changing IPs. |
7 |
Enterprise Networks |
Used in corporate environments with symmetric NATs or proxy restrictions. |
8 |
Multi-party Conferencing |
Enables media relay for group calls where direct paths are not feasible. |
9 |
IoT Device Communication |
Facilitates secure and reliable communication between IoT devices. |
10 |
Failover for STUN |
Acts as a fallback when STUN cannot establish a direct connection. |
Sno |
Features |
Description |
|---|---|---|
1 |
NAT Traversal |
Enables communication between clients behind NATs by relaying traffic. |
2 |
Relay Allocation |
Allocates a public IP and port for relaying client traffic. |
3 |
Transport Protocol Support |
Supports UDP, TCP, TLS, and DTLS for flexible and secure communication. |
4 |
Authentication |
Uses long-term or short-term credentials to secure access. |
5 |
Permission Management |
Controls which peers a client can communicate with via permissions. |
6 |
Channel Binding |
Binds a channel number to a peer for efficient data transfer. |
7 |
IPv4 and IPv6 Support |
Compatible with both IPv4 and IPv6 networks. |
8 |
ICE Integration |
Works with ICE to provide relay candidates for WebRTC and VoIP. |
9 |
Secure Media Relay |
Supports encrypted media relay using TLS/DTLS. |
10 |
Resource Management |
Manages allocation lifetimes and refreshes to optimize server resources. |
NAT Traversal - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
TURN Allocation Request |
Client sends allocation request |
TURN server allocates relay address |
2 |
Relay Address Assignment |
TURN server assigns relay IP and port |
Relay address returned to client |
3 |
UDP NAT Traversal |
Client behind UDP NAT |
Media relayed via TURN |
4 |
TCP NAT Traversal |
Client behind TCP NAT |
Media relayed via TURN |
5 |
Symmetric NAT Traversal |
Client behind symmetric NAT |
TURN relays traffic successfully |
6 |
Full Cone NAT Traversal |
Client behind full cone NAT |
TURN relays traffic successfully |
7 |
Port Restricted NAT Traversal |
Client behind port-restricted NAT |
TURN relays traffic successfully |
8 |
Double NAT Traversal |
Client behind two NATs |
TURN relays traffic successfully |
9 |
Carrier-Grade NAT Traversal |
Client behind CGNAT |
TURN relays traffic successfully |
10 |
TURN with ICE |
Use TURN in ICE candidate gathering |
Relay candidates included |
11 |
TURN with WebRTC |
Use TURN in WebRTC call |
Media flows through TURN server |
12 |
TURN with VoIP |
Use TURN in VoIP call |
Audio/video relayed successfully |
13 |
TURN with Mobile Network |
Client on mobile data |
TURN relays traffic |
14 |
TURN with Wi-Fi |
Client on Wi-Fi |
TURN relays traffic |
15 |
TURN with Ethernet |
Client on LAN |
TURN relays traffic |
16 |
TURN with VPN |
Client behind VPN |
TURN relays traffic |
17 |
TURN with Firewall |
Client behind firewall |
TURN relays traffic |
18 |
TURN with IPv4 |
Client uses IPv4 |
Relay address is IPv4 |
19 |
TURN with IPv6 |
Client uses IPv6 |
Relay address is IPv6 |
20 |
TURN with Dual Stack |
Client supports both IP versions |
Relay address matches protocol used |
21 |
TURN with UDP Transport |
Use UDP for TURN |
Allocation and relay succeed |
22 |
TURN with TCP Transport |
Use TCP for TURN |
Allocation and relay succeed |
23 |
TURN with TLS |
Use TURN over TLS |
Secure relay established |
24 |
TURN with DTLS |
Use TURN over DTLS |
Secure relay established |
25 |
TURN Allocation Timeout |
Allocation request times out |
Client retries or fails gracefully |
26 |
TURN Permission Creation |
Client creates permission |
Permission created successfully |
27 |
TURN Channel Binding |
Client binds channel |
Channel binding succeeds |
28 |
TURN Data Indication |
Server sends data indication |
Client receives relayed data |
29 |
TURN Send Indication |
Client sends data via TURN |
Server relays to peer |
30 |
TURN Refresh Allocation |
Client refreshes allocation |
Allocation lifetime extended |
31 |
TURN Allocation Expiry |
Allocation not refreshed |
Relay address expires |
32 |
TURN Permission Expiry |
Permission not refreshed |
Peer communication blocked |
33 |
TURN Channel Expiry |
Channel not refreshed |
Channel closed |
34 |
TURN Server Unreachable |
TURN server offline |
Allocation fails |
35 |
TURN Server Failover |
Primary server fails |
Client switches to backup |
36 |
TURN Server Load Handling |
High traffic load |
Server remains responsive |
37 |
TURN Server Authentication |
Use long-term credentials |
Authentication succeeds |
38 |
TURN Server Auth Failure |
Use invalid credentials |
Authentication fails |
39 |
TURN with STUN Fallback |
STUN fails, TURN used |
Media relayed via TURN |
40 |
TURN with ICE Restart |
ICE restarts |
TURN re-establishes relay |
41 |
TURN with Packet Loss |
Simulate packet loss |
TURN retransmits or recovers |
42 |
TURN with NAT Timeout |
NAT closes port |
TURN keeps relay alive |
43 |
TURN with Logging Enabled |
Enable TURN logs |
Allocation and relay logged |
44 |
TURN with QoS Monitoring |
Monitor relay performance |
Latency and jitter recorded |
45 |
TURN with Bandwidth Limit |
Apply bandwidth cap |
Relay respects limit |
46 |
TURN with Relay Address Reuse |
Reuse relay for multiple peers |
Relay handles traffic correctly |
47 |
TURN with Multiple Clients |
Multiple clients use TURN |
Server handles all allocations |
48 |
TURN with Peer-to-Peer Blocked |
Direct P2P blocked |
TURN ensures connectivity |
49 |
TURN with NAT Hairpinning |
NAT supports hairpinning |
TURN still used for relay |
50 |
TURN with Application Integration |
Use TURN in app (e.g., Zoom, Teams) |
Media relayed when needed |
Relay Allocation - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Basic Allocation Request |
Send a valid Allocate request |
Server returns 200 OK with relay address |
2 |
Invalid Transport Protocol |
Use unsupported transport (e.g., SCTP) |
Server returns 400 Bad Request |
3 |
Missing Username |
Send Allocate request without username |
Server returns 401 Unauthorized |
4 |
Missing Realm |
Omit realm in Allocate request |
Server returns 400 Bad Request |
5 |
Invalid Nonce |
Use expired or incorrect nonce |
Server returns 438 Stale Nonce |
6 |
No Authentication |
Send request without credentials |
Server returns 401 Unauthorized |
7 |
Repeated Allocation |
Send multiple Allocate requests from same client |
Server returns same relay address or error |
8 |
Allocation Refresh |
Send Refresh request before expiration |
Allocation lifetime is extended |
9 |
Allocation Expiry |
Wait for allocation to expire |
Allocation is removed by server |
10 |
TCP Allocation |
Request allocation over TCP |
Server returns TCP relay address |
11 |
UDP Allocation |
Request allocation over UDP |
Server returns UDP relay address |
12 |
IPv6 Allocation |
Request allocation using IPv6 |
Server returns IPv6 relay address |
13 |
IPv4 Allocation |
Request allocation using IPv4 |
Server returns IPv4 relay address |
14 |
Lifetime Too Long |
Request lifetime > allowed max |
Server returns capped lifetime |
15 |
Lifetime Too Short |
Request lifetime < min allowed |
Server returns minimum allowed lifetime |
16 |
Channel Bind Without Allocation |
Send ChannelBind without allocation |
Server returns 437 Allocation Mismatch |
17 |
Permission Without Allocation |
Send CreatePermission without allocation |
Server returns 437 Allocation Mismatch |
18 |
Data Without Permission |
Send data to peer without permission |
Server drops packet or returns error |
19 |
Create Permission |
Create permission for peer IP |
Server returns success |
20 |
Create Multiple Permissions |
Create multiple permissions |
All permissions are created |
21 |
Permission Expiry |
Wait for permission to expire |
Server deletes permission |
22 |
Refresh Permission |
Refresh permission before expiry |
Permission lifetime is extended |
23 |
Channel Bind |
Bind channel to peer |
Server returns success |
24 |
Channel Bind Expiry |
Wait for channel to expire |
Channel is removed |
25 |
Refresh Channel Bind |
Refresh channel before expiry |
Channel lifetime is extended |
26 |
Send Indication |
Send data using Send Indication |
Data is relayed to peer |
27 |
Data Indication |
Receive data from peer |
Client receives Data Indication |
28 |
Allocation Quota Exceeded |
Exceed max allocations per user |
Server returns 486 Allocation Quota Reached |
29 |
Allocation Port Range |
Request allocation in specific port range |
Server allocates port in range |
30 |
Allocation with Even Port |
Request even port allocation |
Server returns even-numbered port |
31 |
Allocation with Reservation Token |
Use reservation token for allocation |
Server returns reserved port |
32 |
Invalid Reservation Token |
Use invalid token |
Server returns 508 Insufficient Capacity |
33 |
Allocation with DONT-FRAGMENT |
Use DONT-FRAGMENT attribute |
Server respects DF flag |
34 |
Allocation with Fingerprint |
Include FINGERPRINT attribute |
Server validates fingerprint |
35 |
Allocation with Unknown Attribute |
Include unknown attribute |
Server ignores or returns 420 |
36 |
Allocation with Software Attribute |
Include SOFTWARE attribute |
Server echoes software info |
37 |
Allocation with Priority Attribute |
Include PRIORITY attribute |
Server uses priority for ICE |
38 |
Allocation with ICE-CONTROLLED |
Include ICE-CONTROLLED attribute |
Server processes ICE role |
39 |
Allocation with ICE-CONTROLLING |
Include ICE-CONTROLLING attribute |
Server processes ICE role |
40 |
Allocation with XOR-PEER-ADDRESS |
Use XOR-PEER-ADDRESS in permission |
Server accepts and decodes address |
41 |
Allocation with XOR-RELAYED-ADDRESS |
Server returns XOR-RELAYED-ADDRESS |
Client decodes relay address |
42 |
Allocation with XOR-MAPPED-ADDRESS |
Server returns XOR-MAPPED-ADDRESS |
Client decodes mapped address |
43 |
Allocation with ALTERNATE-SERVER |
Server redirects to alternate TURN server |
Client retries with new server |
44 |
Allocation with Error Code |
Server returns error code (e.g., 403) |
Client handles error gracefully |
45 |
Allocation with Long-Term Credentials |
Use long-term auth mechanism |
Server authenticates and allocates |
46 |
Allocation with Short-Term Credentials |
Use short-term auth mechanism |
Server authenticates and allocates |
47 |
Allocation with TLS |
Use TURN over TLS |
Secure allocation is established |
48 |
Allocation with DTLS |
Use TURN over DTLS |
Secure allocation is established |
49 |
Allocation with Packet Loss |
Simulate packet loss |
TURN retries or handles gracefully |
50 |
Allocation with High Latency |
Simulate high latency |
TURN handles delays without failure |
Transport Protocol Support - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
UDP Transport Support |
Allocate using UDP |
Server allocates relay over UDP |
2 |
TCP Transport Support |
Allocate using TCP |
Server allocates relay over TCP |
3 |
TLS Transport Support |
Allocate using TLS |
Server allocates relay over TLS |
4 |
DTLS Transport Support |
Allocate using DTLS |
Server allocates relay over DTLS |
5 |
Unsupported Transport |
Use unsupported protocol (e.g., SCTP) |
Server returns 442 Unsupported Transport |
6 |
Missing Transport Attribute |
Omit TRANSPORT attribute |
Server returns 400 Bad Request |
7 |
Invalid Transport Value |
Use invalid value in TRANSPORT |
Server returns 400 Bad Request |
8 |
Mixed Transport Request |
Request multiple transports |
Server returns error or selects one |
9 |
TCP Allocation with TLS |
Allocate over TCP with TLS encryption |
Server returns secure relay |
10 |
UDP Allocation with DTLS |
Allocate over UDP with DTLS |
Server returns secure relay |
11 |
TCP Allocation with Fingerprint |
Include FINGERPRINT over TCP |
Server validates and allocates |
12 |
UDP Allocation with Fingerprint |
Include FINGERPRINT over UDP |
Server validates and allocates |
13 |
TCP Allocation with Long-Term Auth |
Use long-term credentials over TCP |
Server authenticates and allocates |
14 |
UDP Allocation with Long-Term Auth |
Use long-term credentials over UDP |
Server authenticates and allocates |
15 |
TCP Allocation with Short-Term Auth |
Use short-term credentials over TCP |
Server authenticates and allocates |
16 |
UDP Allocation with Short-Term Auth |
Use short-term credentials over UDP |
Server authenticates and allocates |
17 |
TCP Allocation with ChannelBind |
Bind channel after TCP allocation |
Server binds channel successfully |
18 |
UDP Allocation with ChannelBind |
Bind channel after UDP allocation |
Server binds channel successfully |
19 |
TCP Allocation with CreatePermission |
Create permission after TCP allocation |
Server creates permission |
20 |
UDP Allocation with CreatePermission |
Create permission after UDP allocation |
Server creates permission |
21 |
TCP Allocation with Send Indication |
Send data over TCP relay |
Server relays data |
22 |
UDP Allocation with Send Indication |
Send data over UDP relay |
Server relays data |
23 |
TCP Allocation with Data Indication |
Receive data over TCP relay |
Client receives data |
24 |
UDP Allocation with Data Indication |
Receive data over UDP relay |
Client receives data |
25 |
TCP Allocation with Refresh |
Refresh allocation over TCP |
Server extends lifetime |
26 |
UDP Allocation with Refresh |
Refresh allocation over UDP |
Server extends lifetime |
27 |
TCP Allocation Timeout |
Simulate timeout over TCP |
Server handles gracefully |
28 |
UDP Allocation Timeout |
Simulate timeout over UDP |
Server handles gracefully |
29 |
TCP Allocation with Packet Loss |
Simulate packet loss |
Server retries or handles |
30 |
UDP Allocation with Packet Loss |
Simulate packet loss |
Server retries or handles |
31 |
TCP Allocation with High Latency |
Simulate high latency |
Server handles delay |
32 |
UDP Allocation with High Latency |
Simulate high latency |
Server handles delay |
33 |
TCP Allocation with NAT |
Allocate from behind NAT |
Server allocates relay |
34 |
UDP Allocation with NAT |
Allocate from behind NAT |
Server allocates relay |
35 |
TCP Allocation with Firewall |
Allocate through firewall |
Server allocates if allowed |
36 |
UDP Allocation with Firewall |
Allocate through firewall |
Server allocates if allowed |
37 |
TCP Allocation with IPv6 |
Allocate using IPv6 over TCP |
Server returns IPv6 relay |
38 |
UDP Allocation with IPv6 |
Allocate using IPv6 over UDP |
Server returns IPv6 relay |
39 |
TCP Allocation with IPv4 |
Allocate using IPv4 over TCP |
Server returns IPv4 relay |
40 |
UDP Allocation with IPv4 |
Allocate using IPv4 over UDP |
Server returns IPv4 relay |
41 |
TCP Allocation with Even Port |
Request even port |
Server returns even-numbered port |
42 |
UDP Allocation with Even Port |
Request even port |
Server returns even-numbered port |
43 |
TCP Allocation with Reservation Token |
Use token for TCP allocation |
Server returns reserved port |
44 |
UDP Allocation with Reservation Token |
Use token for UDP allocation |
Server returns reserved port |
45 |
TCP Allocation with DONT-FRAGMENT |
Use DF flag |
Server respects DF |
46 |
UDP Allocation with DONT-FRAGMENT |
Use DF flag |
Server respects DF |
47 |
TCP Allocation with Software Attribute |
Include SOFTWARE attribute |
Server echoes software info |
48 |
UDP Allocation with Software Attribute |
Include SOFTWARE attribute |
Server echoes software info |
49 |
TCP Allocation with ICE Attributes |
Include ICE attributes |
Server processes ICE role |
50 |
UDP Allocation with ICE Attributes |
Include ICE attributes |
Server processes ICE role |
Authentication - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
No Authentication |
Send request without credentials |
Server returns 401 Unauthorized |
2 |
Valid Long-Term Auth |
Use correct long-term credentials |
Server authenticates successfully |
3 |
Valid Short-Term Auth |
Use correct short-term credentials |
Server authenticates successfully |
4 |
Invalid Username |
Use incorrect username |
Server returns 401 Unauthorized |
5 |
Invalid Password |
Use incorrect password |
Server returns 401 Unauthorized |
6 |
Missing Username Attribute |
Omit USERNAME attribute |
Server returns 400 Bad Request |
7 |
Missing Realm Attribute |
Omit REALM attribute |
Server returns 400 Bad Request |
8 |
Missing Nonce Attribute |
Omit NONCE attribute |
Server returns 438 Stale Nonce |
9 |
Expired Nonce |
Use expired nonce |
Server returns 438 Stale Nonce |
10 |
Reused Nonce |
Reuse nonce after expiration |
Server returns 438 Stale Nonce |
11 |
Valid Nonce |
Use valid nonce |
Server authenticates successfully |
12 |
Valid Message Integrity |
Include correct MESSAGE-INTEGRITY |
Server validates and authenticates |
13 |
Invalid Message Integrity |
Include incorrect MESSAGE-INTEGRITY |
Server returns 401 Unauthorized |
14 |
Missing Message Integrity |
Omit MESSAGE-INTEGRITY |
Server returns 400 Bad Request |
15 |
Valid Realm |
Use correct realm |
Server authenticates successfully |
16 |
Invalid Realm |
Use incorrect realm |
Server returns 401 Unauthorized |
17 |
Valid HMAC-SHA1 |
Use HMAC-SHA1 for integrity |
Server validates successfully |
18 |
Invalid HMAC-SHA1 |
Use incorrect HMAC-SHA1 |
Server returns 401 Unauthorized |
19 |
Valid Auth with UDP |
Authenticate over UDP |
Server authenticates successfully |
20 |
Valid Auth with TCP |
Authenticate over TCP |
Server authenticates successfully |
21 |
Valid Auth with TLS |
Authenticate over TLS |
Server authenticates successfully |
22 |
Valid Auth with DTLS |
Authenticate over DTLS |
Server authenticates successfully |
23 |
Auth Retry After 401 |
Retry with credentials after 401 |
Server authenticates on retry |
24 |
Auth Retry After 438 |
Retry with new nonce |
Server authenticates on retry |
25 |
Auth with Software Attribute |
Include SOFTWARE attribute |
Server echoes software info |
26 |
Auth with Unknown Attribute |
Include unknown attribute |
Server ignores or returns 420 |
27 |
Auth with Fingerprint |
Include FINGERPRINT attribute |
Server validates fingerprint |
28 |
Auth with ICE-CONTROLLED |
Include ICE-CONTROLLED attribute |
Server processes ICE role |
29 |
Auth with ICE-CONTROLLING |
Include ICE-CONTROLLING attribute |
Server processes ICE role |
30 |
Auth with XOR-MAPPED-ADDRESS |
Server returns XOR-MAPPED-ADDRESS |
Client decodes successfully |
31 |
Auth with XOR-RELAYED-ADDRESS |
Server returns XOR-RELAYED-ADDRESS |
Client decodes successfully |
32 |
Auth with ALTERNATE-SERVER |
Server redirects to alternate server |
Client retries with new server |
33 |
Auth with Allocation Request |
Authenticate during allocation |
Server returns relay address |
34 |
Auth with CreatePermission |
Authenticate during permission creation |
Server creates permission |
35 |
Auth with ChannelBind |
Authenticate during channel bind |
Server binds channel |
36 |
Auth with Refresh |
Authenticate during refresh |
Server extends allocation |
37 |
Auth with Send Indication |
Authenticate before sending data |
Server relays data |
38 |
Auth with Data Indication |
Authenticate before receiving data |
Client receives data |
39 |
Auth with Even Port Request |
Authenticate with EVEN-PORT |
Server returns even-numbered port |
40 |
Auth with Reservation Token |
Authenticate with token |
Server returns reserved port |
41 |
Auth with DONT-FRAGMENT |
Authenticate with DF flag |
Server respects DF |
42 |
Auth with IPv6 |
Authenticate using IPv6 |
Server authenticates successfully |
43 |
Auth with IPv4 |
Authenticate using IPv4 |
Server authenticates successfully |
44 |
Auth with NAT |
Authenticate from behind NAT |
Server authenticates successfully |
45 |
Auth with Firewall |
Authenticate through firewall |
Server authenticates if allowed |
46 |
Auth with Packet Loss |
Simulate packet loss |
Server retries or handles |
47 |
Auth with High Latency |
Simulate high latency |
Server handles delay |
48 |
Auth with Multiple Realms |
Use multiple realms |
Server selects correct realm |
49 |
Auth with Realm Discovery |
Discover realm from server |
Client uses returned realm |
50 |
Auth with Rate Limiting |
Exceed auth attempts |
Server throttles or blocks |
Permission Management - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Create Valid Permission |
Create permission for valid peer IP |
Server returns success |
2 |
Create Permission Without Allocation |
Send CreatePermission without allocation |
Server returns 437 Allocation Mismatch |
3 |
Create Permission with Invalid IP |
Use malformed IP address |
Server returns 400 Bad Request |
4 |
Create Duplicate Permission |
Create permission for same peer twice |
Server updates or ignores duplicate |
5 |
Create Multiple Permissions |
Create permissions for multiple peers |
Server creates all permissions |
6 |
Create Permission with IPv6 |
Use IPv6 peer address |
Server creates permission |
7 |
Create Permission with IPv4 |
Use IPv4 peer address |
Server creates permission |
8 |
Create Permission with XOR-PEER-ADDRESS |
Use XOR-PEER-ADDRESS attribute |
Server decodes and creates permission |
9 |
Create Permission with Unknown Attribute |
Include unknown attribute |
Server ignores or returns 420 |
10 |
Create Permission with Fingerprint |
Include FINGERPRINT attribute |
Server validates fingerprint |
11 |
Create Permission with Software Attribute |
Include SOFTWARE attribute |
Server echoes software info |
12 |
Create Permission with ICE Attributes |
Include ICE attributes |
Server processes ICE role |
13 |
Create Permission with No Peer Address |
Omit peer address |
Server returns 400 Bad Request |
14 |
Create Permission with Invalid Transport |
Use unsupported transport |
Server returns 442 Unsupported Transport |
15 |
Create Permission with Expired Allocation |
Use expired allocation |
Server returns 437 Allocation Mismatch |
16 |
Create Permission with No Auth |
Send request without authentication |
Server returns 401 Unauthorized |
17 |
Create Permission with Invalid Nonce |
Use expired or invalid nonce |
Server returns 438 Stale Nonce |
18 |
Create Permission with Valid Nonce |
Use valid nonce |
Server creates permission |
19 |
Create Permission with Valid Auth |
Use valid credentials |
Server creates permission |
20 |
Create Permission with Invalid Auth |
Use invalid credentials |
Server returns 401 Unauthorized |
21 |
Permission Lifetime Default |
Create permission and wait |
Permission expires after default time |
22 |
Refresh Permission Before Expiry |
Send CreatePermission again |
Permission lifetime is extended |
23 |
Use Permission to Send Data |
Send data to peer after permission |
Server relays data |
24 |
Use Permission to Receive Data |
Receive data from peer |
Server relays data to client |
25 |
Send Data Without Permission |
Send data to peer without permission |
Server drops or rejects data |
26 |
Receive Data Without Permission |
Peer sends data without permission |
Server drops or rejects data |
27 |
Permission Expiry |
Wait for permission to expire |
Server deletes permission |
28 |
Permission Refresh with Same IP |
Refresh permission with same peer IP |
Server updates permission |
29 |
Permission Refresh with New IP |
Refresh permission with new peer IP |
Server creates new permission |
30 |
Permission with NAT Peer |
Create permission for NATed peer |
Server creates permission |
31 |
Permission with Firewall Peer |
Create permission for peer behind firewall |
Server creates permission if reachable |
32 |
Permission with Packet Loss |
Simulate packet loss |
Server handles gracefully |
33 |
Permission with High Latency |
Simulate high latency |
Server handles delay |
34 |
Permission with TCP Allocation |
Create permission after TCP allocation |
Server creates permission |
35 |
Permission with UDP Allocation |
Create permission after UDP allocation |
Server creates permission |
36 |
Permission with TLS Allocation |
Create permission after TLS allocation |
Server creates permission |
37 |
Permission with DTLS Allocation |
Create permission after DTLS allocation |
Server creates permission |
38 |
Permission with ChannelBind |
Bind channel after permission |
Server binds channel successfully |
39 |
Permission with Allocation Refresh |
Refresh allocation and test permission |
Permission remains valid |
40 |
Permission with Allocation Deletion |
Delete allocation and test permission |
Permission is removed |
41 |
Permission with Even Port Allocation |
Create permission after even port allocation |
Server creates permission |
42 |
Permission with Reservation Token |
Create permission after reserved allocation |
Server creates permission |
43 |
Permission with DONT-FRAGMENT |
Include DF flag |
Server respects DF |
44 |
Permission with Invalid Peer Port |
Use invalid port number |
Server returns 400 Bad Request |
45 |
Permission with Peer Port 0 |
Use port 0 for peer |
Server returns 400 Bad Request |
46 |
Permission with Peer Port 65535 |
Use max port number |
Server creates permission |
47 |
Permission with Peer Address Change |
Change peer IP and create permission |
Server creates new permission |
48 |
Permission with Peer Port Change |
Change peer port and create permission |
Server creates new permission |
49 |
Permission with Multiple Peer Ports |
Create permissions for same IP, different ports |
Server creates all permissions |
50 |
Permission with Peer Timeout |
Peer becomes unreachable |
Server eventually drops permission |
Channel Binding - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Valid Channel Bind |
Bind a valid channel to a peer |
Server returns success |
2 |
Channel Bind Without Allocation |
Attempt to bind without allocation |
Server returns 437 Allocation Mismatch |
3 |
Channel Bind Without Permission |
Attempt to bind without permission |
Server returns 403 Forbidden |
4 |
Duplicate Channel Bind |
Bind same channel number again |
Server updates or ignores |
5 |
Channel Bind with Invalid Channel Number |
Use invalid channel number (<0x4000) |
Server returns 400 Bad Request |
6 |
Channel Bind with Max Channel Number |
Use 0x7FFF as channel number |
Server binds successfully |
7 |
Channel Bind with Out-of-Range Number |
Use >0x7FFF |
Server returns 400 Bad Request |
8 |
Channel Bind with XOR-PEER-ADDRESS |
Use XOR-PEER-ADDRESS |
Server decodes and binds |
9 |
Channel Bind with Invalid Peer Address |
Use malformed IP |
Server returns 400 Bad Request |
10 |
Channel Bind with IPv6 |
Bind channel to IPv6 peer |
Server binds successfully |
11 |
Channel Bind with IPv4 |
Bind channel to IPv4 peer |
Server binds successfully |
12 |
Channel Bind with Fingerprint |
Include FINGERPRINT attribute |
Server validates fingerprint |
13 |
Channel Bind with Software Attribute |
Include SOFTWARE attribute |
Server echoes software info |
14 |
Channel Bind with Unknown Attribute |
Include unknown attribute |
Server ignores or returns 420 |
15 |
Channel Bind with Valid Auth |
Use valid credentials |
Server binds successfully |
16 |
Channel Bind with Invalid Auth |
Use invalid credentials |
Server returns 401 Unauthorized |
17 |
Channel Bind with Expired Nonce |
Use expired nonce |
Server returns 438 Stale Nonce |
18 |
Channel Bind with Valid Nonce |
Use valid nonce |
Server binds successfully |
19 |
Channel Bind with TCP Allocation |
Bind channel after TCP allocation |
Server binds successfully |
20 |
Channel Bind with UDP Allocation |
Bind channel after UDP allocation |
Server binds successfully |
21 |
Channel Bind with TLS Allocation |
Bind channel after TLS allocation |
Server binds successfully |
22 |
Channel Bind with DTLS Allocation |
Bind channel after DTLS allocation |
Server binds successfully |
23 |
Channel Bind with NAT Peer |
Bind to NATed peer |
Server binds successfully |
24 |
Channel Bind with Firewall Peer |
Bind to peer behind firewall |
Server binds if reachable |
25 |
Channel Bind with Packet Loss |
Simulate packet loss |
Server retries or handles |
26 |
Channel Bind with High Latency |
Simulate high latency |
Server handles delay |
27 |
Channel Bind with Allocation Refresh |
Refresh allocation and test channel |
Channel remains valid |
28 |
Channel Bind with Allocation Expiry |
Let allocation expire |
Channel is removed |
29 |
Channel Bind with Permission Expiry |
Let permission expire |
Channel becomes invalid |
30 |
Channel Bind with Refresh |
Refresh channel before expiry |
Channel lifetime is extended |
31 |
Channel Bind with Send Indication |
Send data after binding |
Server relays via channel |
32 |
Channel Bind with Data Indication |
Receive data via channel |
Client receives data |
33 |
Channel Bind with Even Port Allocation |
Bind after even port allocation |
Server binds successfully |
34 |
Channel Bind with Reservation Token |
Bind after reserved allocation |
Server binds successfully |
35 |
Channel Bind with DONT-FRAGMENT |
Include DF flag |
Server respects DF |
36 |
Channel Bind with Peer Port 0 |
Use port 0 |
Server returns 400 Bad Request |
37 |
Channel Bind with Peer Port 65535 |
Use max port |
Server binds successfully |
38 |
Channel Bind with Peer Address Change |
Change peer IP and rebind |
Server updates binding |
39 |
Channel Bind with Peer Port Change |
Change peer port and rebind |
Server updates binding |
40 |
Channel Bind with Multiple Peers |
Bind multiple channels |
Server binds all |
41 |
Channel Bind with Same Peer Different Channel |
Bind same peer to different channel |
Server updates or rejects |
42 |
Channel Bind with Same Channel Different Peer |
Bind same channel to different peer |
Server returns error |
43 |
Channel Bind with Allocation Deletion |
Delete allocation |
Channel is removed |
44 |
Channel Bind with Permission Deletion |
Delete permission |
Channel becomes invalid |
45 |
Channel Bind with ICE Attributes |
Include ICE attributes |
Server processes ICE role |
46 |
Channel Bind with ALTERNATE-SERVER |
Server redirects |
Client retries with new server |
47 |
Channel Bind with Realm Mismatch |
Use incorrect realm |
Server returns 401 Unauthorized |
48 |
Channel Bind with Message Integrity |
Include MESSAGE-INTEGRITY |
Server validates |
49 |
Channel Bind with Stale Allocation |
Use stale allocation |
Server returns 437 |
50 |
Channel Bind with Rate Limiting |
Exceed bind attempts |
Server throttles or blocks |
IPv4 and IPv6 Support - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
IPv4 Allocation Request |
Allocate relay using IPv4 |
Server returns IPv4 relay address |
2 |
IPv6 Allocation Request |
Allocate relay using IPv6 |
Server returns IPv6 relay address |
3 |
Dual Stack Allocation |
Client supports both IPv4 and IPv6 |
Server allocates based on preference |
4 |
IPv4 CreatePermission |
Create permission using IPv4 peer |
Server creates permission |
5 |
IPv6 CreatePermission |
Create permission using IPv6 peer |
Server creates permission |
6 |
IPv4 ChannelBind |
Bind channel to IPv4 peer |
Server binds successfully |
7 |
IPv6 ChannelBind |
Bind channel to IPv6 peer |
Server binds successfully |
8 |
IPv4 Send Indication |
Send data to IPv4 peer |
Server relays data |
9 |
IPv6 Send Indication |
Send data to IPv6 peer |
Server relays data |
10 |
IPv4 Data Indication |
Receive data from IPv4 peer |
Client receives data |
11 |
IPv6 Data Indication |
Receive data from IPv6 peer |
Client receives data |
12 |
IPv4 Refresh Allocation |
Refresh IPv4 allocation |
Server extends lifetime |
13 |
IPv6 Refresh Allocation |
Refresh IPv6 allocation |
Server extends lifetime |
14 |
IPv4 Allocation Expiry |
Let IPv4 allocation expire |
Server deletes allocation |
15 |
IPv6 Allocation Expiry |
Let IPv6 allocation expire |
Server deletes allocation |
16 |
IPv4 Permission Expiry |
Let IPv4 permission expire |
Server deletes permission |
17 |
IPv6 Permission Expiry |
Let IPv6 permission expire |
Server deletes permission |
18 |
IPv4 Channel Expiry |
Let IPv4 channel expire |
Server deletes channel |
19 |
IPv6 Channel Expiry |
Let IPv6 channel expire |
Server deletes channel |
20 |
IPv4 Allocation with NAT |
Allocate from IPv4 NAT |
Server allocates relay |
21 |
IPv6 Allocation with NAT64 |
Allocate from NAT64 |
Server allocates relay |
22 |
IPv4 Peer Behind NAT |
Create permission for NATed IPv4 peer |
Server creates permission |
23 |
IPv6 Peer Behind NAT |
Create permission for NATed IPv6 peer |
Server creates permission |
24 |
IPv4 Allocation with Firewall |
Allocate from behind firewall |
Server allocates if allowed |
25 |
IPv6 Allocation with Firewall |
Allocate from behind firewall |
Server allocates if allowed |
26 |
IPv4 Allocation with Invalid IP |
Use malformed IPv4 address |
Server returns 400 Bad Request |
27 |
IPv6 Allocation with Invalid IP |
Use malformed IPv6 address |
Server returns 400 Bad Request |
28 |
IPv4 Allocation with XOR-MAPPED-ADDRESS |
Server returns XOR-MAPPED-ADDRESS |
Client decodes IPv4 address |
29 |
IPv6 Allocation with XOR-MAPPED-ADDRESS |
Server returns XOR-MAPPED-ADDRESS |
Client decodes IPv6 address |
30 |
IPv4 Allocation with XOR-RELAYED-ADDRESS |
Server returns XOR-RELAYED-ADDRESS |
Client decodes IPv4 relay |
31 |
IPv6 Allocation with XOR-RELAYED-ADDRESS |
Server returns XOR-RELAYED-ADDRESS |
Client decodes IPv6 relay |
32 |
IPv4 Allocation with Fingerprint |
Include FINGERPRINT |
Server validates |
33 |
IPv6 Allocation with Fingerprint |
Include FINGERPRINT |
Server validates |
34 |
IPv4 Allocation with Software Attribute |
Include SOFTWARE attribute |
Server echoes info |
35 |
IPv6 Allocation with Software Attribute |
Include SOFTWARE attribute |
Server echoes info |
36 |
IPv4 Allocation with ICE Attributes |
Include ICE attributes |
Server processes ICE role |
37 |
IPv6 Allocation with ICE Attributes |
Include ICE attributes |
Server processes ICE role |
38 |
IPv4 Allocation with DONT-FRAGMENT |
Include DF flag |
Server respects DF |
39 |
IPv6 Allocation with DONT-FRAGMENT |
Include DF flag |
Server respects DF |
40 |
IPv4 Allocation with Reservation Token |
Use token for IPv4 allocation |
Server returns reserved port |
41 |
IPv6 Allocation with Reservation Token |
Use token for IPv6 allocation |
Server returns reserved port |
42 |
IPv4 Allocation with Even Port |
Request even port |
Server returns even-numbered port |
43 |
IPv6 Allocation with Even Port |
Request even port |
Server returns even-numbered port |
44 |
IPv4 Allocation with Invalid Port |
Use invalid port number |
Server returns 400 Bad Request |
45 |
IPv6 Allocation with Invalid Port |
Use invalid port number |
Server returns 400 Bad Request |
46 |
IPv4 Allocation with Alternate Server |
Server redirects to alternate |
Client retries with new server |
47 |
IPv6 Allocation with Alternate Server |
Server redirects to alternate |
Client retries with new server |
48 |
IPv4 Allocation with Packet Loss |
Simulate packet loss |
Server handles gracefully |
49 |
IPv6 Allocation with Packet Loss |
Simulate packet loss |
Server handles gracefully |
50 |
IPv4 and IPv6 Interop |
Allocate and communicate across IP versions |
TURN server relays successfully |
ICE Integration - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
ICE with TURN Allocation |
Allocate relay candidate via TURN |
Server returns relay address |
2 |
ICE with STUN Candidate |
Use STUN to gather host/reflexive candidates |
STUN server responds with mapped address |
3 |
ICE with TURN Candidate |
Use TURN to gather relay candidate |
TURN server responds with relay address |
4 |
ICE with UDP Transport |
Use UDP for ICE connectivity checks |
Server handles checks |
5 |
ICE with TCP Transport |
Use TCP for ICE connectivity checks |
Server handles checks |
6 |
ICE with IPv4 |
Use IPv4 candidates |
Server supports and relays |
7 |
ICE with IPv6 |
Use IPv6 candidates |
Server supports and relays |
8 |
ICE with Dual Stack |
Use both IPv4 and IPv6 candidates |
Server handles both |
9 |
ICE with Valid Username Fragment |
Use correct ufrag |
Server accepts and processes |
10 |
ICE with Invalid Username Fragment |
Use incorrect ufrag |
Server rejects or ignores |
11 |
ICE with ICE-CONTROLLING |
Include ICE-CONTROLLING attribute |
Server processes role |
12 |
ICE with ICE-CONTROLLED |
Include ICE-CONTROLLED attribute |
Server processes role |
13 |
ICE Role Conflict |
Both peers claim controlling role |
Server returns 487 Role Conflict |
14 |
ICE with Priority Attribute |
Include PRIORITY attribute |
Server processes priority |
15 |
ICE with Use-Candidate |
Include USE-CANDIDATE attribute |
Server marks candidate as selected |
16 |
ICE with Connectivity Checks |
Perform STUN Binding requests |
Server responds with success |
17 |
ICE with Consent Freshness |
Periodic checks to maintain consent |
Server responds to keepalive |
18 |
ICE with Candidate Pair Selection |
Select best candidate pair |
TURN relays selected path |
19 |
ICE with Nomination |
Nominate candidate pair |
Server confirms nomination |
20 |
ICE with Trickle ICE |
Send candidates incrementally |
Server handles trickle updates |
21 |
ICE with Full ICE |
Send all candidates at once |
Server handles full ICE |
22 |
ICE with Peer Reflexive Candidate |
Server detects peer-reflexive address |
Server adds to candidate list |
23 |
ICE with Relay Candidate Only |
Use only TURN relay candidates |
Server relays all traffic |
24 |
ICE with Host Candidate Only |
Use only host candidates |
TURN not involved |
25 |
ICE with Reflexive Candidate Only |
Use only server-reflexive candidates |
TURN not involved |
26 |
ICE with TURN over TLS |
Use TURN over TLS for relay |
Server relays securely |
27 |
ICE with TURN over DTLS |
Use TURN over DTLS for relay |
Server relays securely |
28 |
ICE with TURN over TCP |
Use TURN over TCP |
Server relays over TCP |
29 |
ICE with TURN over UDP |
Use TURN over UDP |
Server relays over UDP |
30 |
ICE with Allocation Refresh |
Refresh TURN allocation during ICE |
Server extends allocation |
31 |
ICE with Permission Refresh |
Refresh permission during ICE |
Server extends permission |
32 |
ICE with Channel Bind |
Bind channel during ICE |
Server binds successfully |
33 |
ICE with Allocation Timeout |
Let allocation expire |
ICE fails or retries |
34 |
ICE with Permission Timeout |
Let permission expire |
ICE connectivity fails |
35 |
ICE with Channel Timeout |
Let channel expire |
ICE connectivity fails |
36 |
ICE with Invalid TURN Credentials |
Use wrong TURN credentials |
Server returns 401 Unauthorized |
37 |
ICE with Valid TURN Credentials |
Use correct TURN credentials |
Server authenticates |
38 |
ICE with Stale Nonce |
Use expired nonce |
Server returns 438 Stale Nonce |
39 |
ICE with Valid Nonce |
Use valid nonce |
Server processes request |
40 |
ICE with Fingerprint |
Include FINGERPRINT attribute |
Server validates |
41 |
ICE with Message Integrity |
Include MESSAGE-INTEGRITY |
Server validates |
42 |
ICE with Software Attribute |
Include SOFTWARE attribute |
Server echoes info |
43 |
ICE with Unknown Attribute |
Include unknown attribute |
Server ignores or returns 420 |
44 |
ICE with Alternate Server |
TURN server redirects |
Client retries with new server |
45 |
ICE with Packet Loss |
Simulate packet loss |
ICE retries or switches path |
46 |
ICE with High Latency |
Simulate high latency |
ICE handles delay |
47 |
ICE with NAT |
Perform ICE behind NAT |
Server relays via TURN |
48 |
ICE with Firewall |
Perform ICE behind firewall |
Server relays via TURN |
49 |
ICE with Multiple TURN Servers |
Use multiple TURN servers |
ICE selects best relay |
50 |
ICE with Candidate Failover |
One candidate fails |
ICE switches to backup candidate |
Secure Media Relay - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
TURN over TLS |
Establish TURN session over TLS |
Server accepts secure connection |
2 |
TURN over DTLS |
Establish TURN session over DTLS |
Server accepts secure connection |
3 |
TURN over TCP with TLS |
Use TCP transport with TLS encryption |
Server relays securely |
4 |
TURN over UDP with DTLS |
Use UDP transport with DTLS encryption |
Server relays securely |
5 |
Encrypted Media Relay |
Relay encrypted RTP/RTCP packets |
Server relays without decrypting |
6 |
Secure Allocation Request |
Allocate relay using secure transport |
Server returns secure relay address |
7 |
Secure CreatePermission |
Create permission over secure channel |
Server creates permission |
8 |
Secure ChannelBind |
Bind channel over secure transport |
Server binds successfully |
9 |
Secure Send Indication |
Send data over secure TURN session |
Server relays data securely |
10 |
Secure Data Indication |
Receive data over secure TURN session |
Client receives data securely |
11 |
TLS Handshake Success |
Complete TLS handshake |
Server establishes secure session |
12 |
DTLS Handshake Success |
Complete DTLS handshake |
Server establishes secure session |
13 |
TLS Handshake Failure |
Simulate TLS failure |
Server terminates connection |
14 |
DTLS Handshake Failure |
Simulate DTLS failure |
Server terminates connection |
15 |
Invalid TLS Certificate |
Use invalid cert |
Server rejects connection |
16 |
Expired TLS Certificate |
Use expired cert |
Server rejects connection |
17 |
Valid TLS Certificate |
Use valid cert |
Server accepts connection |
18 |
TLS with Mutual Authentication |
Use client and server certs |
Server authenticates client |
19 |
DTLS with Mutual Authentication |
Use client and server certs |
Server authenticates client |
20 |
Secure Allocation Refresh |
Refresh allocation over secure channel |
Server extends lifetime |
21 |
Secure Permission Refresh |
Refresh permission over secure channel |
Server extends permission |
22 |
Secure Channel Refresh |
Refresh channel over secure channel |
Server extends channel lifetime |
23 |
Secure TURN with IPv4 |
Use secure TURN with IPv4 |
Server relays securely |
24 |
Secure TURN with IPv6 |
Use secure TURN with IPv6 |
Server relays securely |
25 |
Secure TURN with NAT |
Use secure TURN behind NAT |
Server relays securely |
26 |
Secure TURN with Firewall |
Use secure TURN behind firewall |
Server relays securely |
27 |
Secure TURN with ICE |
Use secure TURN in ICE negotiation |
Server supports ICE roles |
28 |
Secure TURN with Trickle ICE |
Use secure TURN with trickle ICE |
Server handles incremental candidates |
29 |
Secure TURN with Consent Checks |
Perform consent freshness checks |
Server responds securely |
30 |
Secure TURN with Packet Loss |
Simulate packet loss |
Server handles securely |
31 |
Secure TURN with High Latency |
Simulate high latency |
Server handles securely |
32 |
Secure TURN with Fingerprint |
Include FINGERPRINT attribute |
Server validates |
33 |
Secure TURN with Message Integrity |
Include MESSAGE-INTEGRITY |
Server validates |
34 |
Secure TURN with Software Attribute |
Include SOFTWARE attribute |
Server echoes info |
35 |
Secure TURN with Unknown Attribute |
Include unknown attribute |
Server ignores or returns 420 |
36 |
Secure TURN with Allocation Timeout |
Let allocation expire |
Server deletes allocation |
37 |
Secure TURN with Permission Timeout |
Let permission expire |
Server deletes permission |
38 |
Secure TURN with Channel Timeout |
Let channel expire |
Server deletes channel |
39 |
Secure TURN with Invalid Auth |
Use invalid credentials |
Server returns 401 Unauthorized |
40 |
Secure TURN with Valid Auth |
Use valid credentials |
Server authenticates |
41 |
Secure TURN with Stale Nonce |
Use expired nonce |
Server returns 438 Stale Nonce |
42 |
Secure TURN with Valid Nonce |
Use valid nonce |
Server processes request |
43 |
Secure TURN with Alternate Server |
Server redirects to alternate |
Client retries securely |
44 |
Secure TURN with Even Port |
Request even port |
Server returns even-numbered port |
45 |
Secure TURN with Reservation Token |
Use token for allocation |
Server returns reserved port |
46 |
Secure TURN with DONT-FRAGMENT |
Include DF flag |
Server respects DF |
47 |
Secure TURN with ICE-CONTROLLING |
Include ICE-CONTROLLING |
Server processes role |
48 |
Secure TURN with ICE-CONTROLLED |
Include ICE-CONTROLLED |
Server processes role |
49 |
Secure TURN with Peer Reflexive Candidate |
Server detects peer-reflexive address |
Server adds to candidate list |
50 |
Secure TURN with Relay-Only Mode |
Use TURN relay-only mode |
Server relays all media securely |
Resource Management - Testcases
S.No |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Allocation Resource Creation |
Create a new allocation |
Server allocates relay and resources |
2 |
Allocation Resource Expiry |
Let allocation expire |
Server releases resources |
3 |
Refresh Allocation Resource |
Refresh allocation before expiry |
Server extends allocation lifetime |
4 |
Max Allocation Limit |
Exceed max allowed allocations |
Server returns 486 Allocation Quota Reached |
5 |
Concurrent Allocations |
Create multiple allocations simultaneously |
Server handles or limits based on policy |
6 |
Allocation with Even Port |
Request even port allocation |
Server allocates even-numbered port |
7 |
Allocation with Reservation Token |
Use token to reserve port |
Server allocates reserved port |
8 |
Allocation with Port Range |
Request allocation within port range |
Server allocates within range |
9 |
Allocation with Invalid Port |
Request invalid port |
Server returns 400 Bad Request |
10 |
Allocation with IPv4 |
Allocate using IPv4 |
Server allocates IPv4 relay |
11 |
Allocation with IPv6 |
Allocate using IPv6 |
Server allocates IPv6 relay |
12 |
Allocation with TCP |
Allocate using TCP transport |
Server allocates TCP relay |
13 |
Allocation with UDP |
Allocate using UDP transport |
Server allocates UDP relay |
14 |
Allocation with TLS |
Allocate using TLS transport |
Server allocates secure relay |
15 |
Allocation with DTLS |
Allocate using DTLS transport |
Server allocates secure relay |
16 |
Allocation with NAT |
Allocate from behind NAT |
Server allocates relay |
17 |
Allocation with Firewall |
Allocate from behind firewall |
Server allocates if allowed |
18 |
Allocation with Packet Loss |
Simulate packet loss |
Server handles gracefully |
19 |
Allocation with High Latency |
Simulate high latency |
Server handles delay |
20 |
Allocation with Fingerprint |
Include FINGERPRINT attribute |
Server validates |
21 |
Allocation with Message Integrity |
Include MESSAGE-INTEGRITY |
Server validates |
22 |
Allocation with Software Attribute |
Include SOFTWARE attribute |
Server echoes info |
23 |
Allocation with Unknown Attribute |
Include unknown attribute |
Server ignores or returns 420 |
24 |
Allocation with Invalid Auth |
Use invalid credentials |
Server returns 401 Unauthorized |
25 |
Allocation with Valid Auth |
Use valid credentials |
Server authenticates and allocates |
26 |
Allocation with Stale Nonce |
Use expired nonce |
Server returns 438 Stale Nonce |
27 |
Allocation with Valid Nonce |
Use valid nonce |
Server processes request |
28 |
Allocation with Realm Mismatch |
Use incorrect realm |
Server returns 401 Unauthorized |
29 |
Allocation with Alternate Server |
Server redirects to alternate |
Client retries with new server |
30 |
Allocation with ICE Attributes |
Include ICE attributes |
Server processes ICE role |
31 |
Allocation with DONT-FRAGMENT |
Include DF flag |
Server respects DF |
32 |
Allocation with Peer Address Conflict |
Use same peer address in multiple allocations |
Server handles or rejects |
33 |
Allocation with Resource Exhaustion |
Simulate server resource exhaustion |
Server returns 508 Insufficient Capacity |
34 |
Allocation with Permission Creation |
Create permission after allocation |
Server creates permission |
35 |
Allocation with Channel Bind |
Bind channel after allocation |
Server binds successfully |
36 |
Allocation with Send Indication |
Send data after allocation |
Server relays data |
37 |
Allocation with Data Indication |
Receive data after allocation |
Client receives data |
38 |
Allocation with Consent Checks |
Perform consent freshness checks |
Server responds |
39 |
Allocation with Trickle ICE |
Use trickle ICE with allocation |
Server handles incremental candidates |
40 |
Allocation with Full ICE |
Use full ICE with allocation |
Server handles all candidates |
41 |
Allocation with Relay-Only Mode |
Use TURN relay-only mode |
Server relays all media |
42 |
Allocation with Multiple Peers |
Create permissions for multiple peers |
Server manages all |
43 |
Allocation with Peer Timeout |
Peer becomes unreachable |
Server eventually drops permission |
44 |
Allocation with Channel Timeout |
Let channel expire |
Server deletes channel |
45 |
Allocation with Permission Timeout |
Let permission expire |
Server deletes permission |
46 |
Allocation with Allocation Refresh Failure |
Fail to refresh allocation |
Server deletes allocation |
47 |
Allocation with Permission Refresh Failure |
Fail to refresh permission |
Server deletes permission |
48 |
Allocation with Channel Refresh Failure |
Fail to refresh channel |
Server deletes channel |
49 |
Allocation with Resource Cleanup |
Delete allocation manually |
Server releases all associated resources |
50 |
Allocation with Resource Monitoring |
Monitor resource usage |
Server logs and reports usage metrics |
Reference links