Can't get CoTurn to play nicely with Synapse (Matrix)

fgfdffsfd · 01-22-2019, 07:16 AM

I'm not very experienced in the dark arts of sysadmin so please bear with me!

I've installed synapse and I want VOIP available, so I installed CoTurn. My config looks ok and my output looks like this:

Code:

sudo turnserver -v
0: log file opened: /var/log/turn_756_2019-01-22.log
0: 
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.0.7 'dan Eider'
0: 
Max number of open files/sockets allowed for this process: 1048576
0: 
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0: 

==== Show him the instruments, Practical Frost: ====

0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.1.0g  2 Nov 2017 (0x1010007f)
0: 
0: SQLite supported, default database location is /var/lib/turn/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0: 
0: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

0: Config file found: /etc/turnserver.conf
0: Config file found: /etc/turnserver.conf
0: Domain name: 
0: Default realm: turn.mydomain.co.uk
0: 
CONFIG: --no-tcp-relay: TCP relay endpoints are not allowed.
0: SSL23: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: SSL23: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: TLS1.0: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: TLS1.0: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: TLS1.1: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: TLS1.1: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: TLS1.2: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: TLS1.2: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: TLS cipher suite: DEFAULT
0: DTLS1.2: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: DTLS1.2: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: DTLS: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: DTLS: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: DTLS cipher suite: DEFAULT
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 192.168.2.2
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 192.168.2.2
0: Relay address to use: ::1
0: =====================================================
0: Total: 2 relay addresses discovered
0: =====================================================
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: Wait for relay ports initialization...
0:   relay 192.168.2.2 initialization...
0:   relay 192.168.2.2 initialization done
0:   relay ::1 initialization...
0:   relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
1: turn server id=0 created
1: IPv4. TLS/TCP listener opened on : 127.0.0.1:8443
1: IPv4. TLS/TCP listener opened on : 127.0.0.1:8444
1: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
1: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
1: IPv4. TLS/TCP listener opened on : 192.168.2.2:8443
1: IPv4. TLS/TCP listener opened on : 192.168.2.2:8444
1: IPv4. TLS/TCP listener opened on : 192.168.2.2:5349
1: IPv4. TLS/TCP listener opened on : 192.168.2.2:5350
1: IPv6. TLS/TCP listener opened on : ::1:8443
1: IPv6. TLS/TCP listener opened on : ::1:8444
1: IPv6. TLS/TCP listener opened on : ::1:5349
1: IPv6. TLS/TCP listener opened on : ::1:5350
1: IO method (general relay thread): epoll (with changelist)
1: turn server id=1 created
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:8443
1: IPv4. TLS/TCP listener opened on : 127.0.0.1:8443
1: IPv4. TLS/TCP listener opened on : 127.0.0.1:8444
1: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
1: IPv4. TLS/TCP listener opened on : 127.0.0.1:5350
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:8444
1: IPv4. TLS/TCP listener opened on : 192.168.2.2:8443
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
1: IPv4. TLS/TCP listener opened on : 192.168.2.2:8444
1: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5350
1: IPv4. DTLS/UDP listener opened on: 192.168.2.2:8443
1: IPv4. TLS/TCP listener opened on : 192.168.2.2:5349
1: IPv4. DTLS/UDP listener opened on: 192.168.2.2:8444
1: IPv4. DTLS/UDP listener opened on: 192.168.2.2:5349
1: IPv4. TLS/TCP listener opened on : 192.168.2.2:5350
1: IPv4. DTLS/UDP listener opened on: 192.168.2.2:5350
1: IPv6. DTLS/UDP listener opened on: ::1:8443
1: IPv6. TLS/TCP listener opened on : ::1:8443
1: IPv6. DTLS/UDP listener opened on: ::1:8444
1: IPv6. DTLS/UDP listener opened on: ::1:5349
1: IPv6. TLS/TCP listener opened on : ::1:8444
1: IPv6. DTLS/UDP listener opened on: ::1:5350
1: IPv6. TLS/TCP listener opened on : ::1:5349
1: Total General servers: 2
1: IPv6. TLS/TCP listener opened on : ::1:5350
1: IO method (auth thread): epoll (with changelist)
1: IO method (auth thread): epoll (with changelist)
1: IO method (admin thread): epoll (with changelist)
1: IPv4. CLI listener opened on : 127.0.0.1:5766
1: SQLite DB connection success: /var/lib/turn/turndb

Is that to be expected? There's nothing there that looks bad to me? However, any voip calls still hang when connecting, and I haven't the faintest why it's not working. Has anyone a lot more knowledgable than me got a few minutes to help out - I really want this working!

My /etc/turnserver/conf looks like this:

Code:

lt-cred-mech
use-auth-secret
static-auth-secret=[mysharedsecretkey]
realm=turn.mydomain.co.uk
no-tcp-relay
total-quota=800
min-port=49152
max-port=65535

and /etc/matrix-synapse/homeserver.yaml looks like this:

Code:

turn_uris: [ "turn:turn.mydomain.co.uk:3478?transport=udp", "turn:turn.mydomain.co.uk:3478?transport=tcp" ]
turn_shared_secret: mysharedsecretkey
turn_user_lifetime: 86400000
turn_allow_guests: True

I don't think it's a firewall issue - I have so many ports allowed in UFW right now while trying to diagnose lol, and the router is 1:1 nat and currently allowing all traffic.

Thanks to anyone who can help, first time here so take it easy on me!

rtmistler · 01-22-2019, 12:26 PM

Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate.