add Nat Hairpinning deployment to docs #378.

m1k1o · Mar 28, 2024 · 26af1dc · 26af1dc
1 parent 0c9055e
commit 26af1dc
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 1 deletion.
diff --git a/docs/getting-started/README.md b/docs/getting-started/README.md
@@ -87,7 +87,48 @@ GHCR images are built using GitHub actions for every tag.
 ### Networking:
 - If you want to use n.eko in **external** network, you can omit `NEKO_NAT1TO1`. It will automatically get your Public IP.
 - If you want to use n.eko in **internal** network, set `NEKO_NAT1TO1` to your local IP address (e.g. `NEKO_NAT1TO1: 192.168.1.20`)-
-- Currently, it is not supported to supply multiple NAT addresses (see https://github.com/m1k1o/neko/issues/47).
+
+Currently, it is not supported to supply multiple NAT addresses directly to neko  (see https://github.com/m1k1o/neko/issues/47).
+
+But it can be acheived by deploying own turn server alongside neko that is accessible from your LAN:
+
+```yaml
+version: "3.4"
+services:
+  neko:
+    image: "m1k1o/neko:firefox"
+    restart: "unless-stopped"
+    shm_size: "2gb"
+    ports:
+      - "8080:8080"
+      - "52000-52100:52000-52100/udp"
+    environment:
+      NEKO_SCREEN: 1920x1080@30
+      NEKO_PASSWORD: neko
+      NEKO_PASSWORD_ADMIN: admin
+      NEKO_EPR: 52000-52100
+      NEKO_ICESERVERS: '[{ "urls": [ "turn:192.168.1.60:3478" ], "username":"neko", "credential":"neko" }, { "urls": [ "stun:stun.nextcloud.com:3478" ] }]'
+  coturn:
+    image: 'coturn/coturn:latest'
+    network_mode: "host"
+    command: |
+      -n
+      --realm=localhost
+      --fingerprint
+      --listening-ip=0.0.0.0
+      --external-ip=192.168.1.60
+      --listening-port=3478
+      --min-port=49160
+      --max-port=49200
+      --log-file=stdout
+      --user=neko:neko
+      --lt-cred-mech
+```
+
+- Replace `192.168.1.60` with your LAN IP address, and allow ports `49160-49200/udp` and `3478/tcp` in your LAN.
+- Make sure you don't use `NEKO_ICELITE: true` because ICE LITE does not support TURN servers.
+
+This setup adds local turn server to neko. It won't be reachable by your remote clients and your own IP won't be reachable from your lan. So it effectively just adds local candidate and allows connections from LAN.
 
 ### Why so many ports?
 - WebRTC needs UDP ports in order to transfer Audio/Video towards user and Mouse/Keyboard events to the server in real time.

diff --git a/docs/getting-started/troubleshooting.md b/docs/getting-started/troubleshooting.md
@@ -129,6 +129,7 @@ Example for pfsense with truecharts docker container:
 - Test externally to confirm it works.
 - Internally you have to access it using `<your-public-ip>:port`
 
+If your router does not support NAT Loopback (NAT Hairpinning), you can use turn servers to overcome this issue. See [more details here](https://neko.m1k1o.net/#/getting-started/?id=networking) on how to setup local coturn instance.
 
 ### Neko works locally, but not externally