Having real trouble doing this and am at the edge of my abilities, so would really appreciate some input. Any VoIP call just hangs when answered.
/etc/turnserver.conf contains:
Code:
min-port=49152
max-port=65535
realm=turn.mydomain.co.uk
use-auth-secret
static-auth-secret=sharedsecretkey
cert=/etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
pkey=/etc/letsencrypt/live/mydomain.co.uk/privkey.pem
lt-cred-mech
no-tcp-relay
sudo turnserver -v returns:
Code:
0: log file opened: /var/log/turn_1011_2019-01-22.log
0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.0.7 'dan Eider'
0:
Max number of open files/sockets allowed for this process: 1048576
0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 524000 (approximately)
0:
==== Show him the instruments, Practical Frost: ====
0: TLS supported
0: DTLS supported
0: DTLS 1.2 supported
0: TURN/STUN ALPN supported
0: Third-party authorization (oAuth) supported
0: GCM (AEAD) supported
0: OpenSSL compile-time version: OpenSSL 1.1.0g 2 Nov 2017 (0x1010007f)
0:
0: SQLite supported, default database location is /var/lib/turn/turndb
0: Redis supported
0: PostgreSQL supported
0: MySQL supported
0: MongoDB is not supported
0:
0: Default Net Engine version: 3 (UDP thread per CPU core)
=====================================================
0: Config file found: /etc/turnserver.conf
0: Config file found: /etc/turnserver.conf
0: Domain name:
0: Default realm: turn.mydomain.co.uk
0:
CONFIG: --no-tcp-relay: TCP relay endpoints are not allowed.
0: SSL23: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: SSL23: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: TLS1.0: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: TLS1.0: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: TLS1.1: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: TLS1.1: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: TLS1.2: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: TLS1.2: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: TLS cipher suite: DEFAULT
0: DTLS1.2: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: DTLS1.2: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: DTLS: Certificate file found: /etc/letsencrypt/live/mydomain.co.uk/fullchain.pem
0: DTLS: Private key file found: /etc/letsencrypt/live/mydomain.co.uk/privkey.pem
0: DTLS cipher suite: DEFAULT
0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering listener addresses: =========
0: Listener address to use: 127.0.0.1
0: Listener address to use: 192.168.2.2
0: Listener address to use: ::1
0: =====================================================
0: Total: 1 'real' addresses discovered
0: =====================================================
0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
0: ===========Discovering relay addresses: =============
0: Relay address to use: 192.168.2.2
0: Relay address to use: ::1
0: =====================================================
0: Total: 2 relay addresses discovered
0: =====================================================
0: pid file created: /var/run/turnserver.pid
0: IO method (main listener thread): epoll (with changelist)
0: WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
0: Wait for relay ports initialization...
0: relay 192.168.2.2 initialization...
0: relay 192.168.2.2 initialization done
0: relay ::1 initialization...
0: relay ::1 initialization done
0: Relay ports initialization done
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=0 created
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:8443
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 192.168.2.2:8443
0: IPv4. TLS/TCP listener opened on : 192.168.2.2:5349
0: IPv6. TLS/TCP listener opened on : ::1:8443
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IO method (general relay thread): epoll (with changelist)
0: turn server id=1 created
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:8443
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:8443
0: IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
0: IPv4. DTLS/UDP listener opened on: 127.0.0.1:5349
0: IPv4. TLS/TCP listener opened on : 192.168.2.2:8443
0: IPv4. TLS/TCP listener opened on : 192.168.2.2:5349
0: IPv4. DTLS/UDP listener opened on: 192.168.2.2:8443
0: IPv6. TLS/TCP listener opened on : ::1:8443
0: IPv6. TLS/TCP listener opened on : ::1:5349
0: IPv4. DTLS/UDP listener opened on: 192.168.2.2:5349
0: IPv6. DTLS/UDP listener opened on: ::1:8443
0: IPv6. DTLS/UDP listener opened on: ::1:5349
0: Total General servers: 2
0: IO method (auth thread): epoll (with changelist)
0: IO method (auth thread): epoll (with changelist)
0: IO method (admin thread): epoll (with changelist)
0: IPv4. CLI listener opened on : 127.0.0.1:5766
0: SQLite DB connection success: /var/lib/turn/turndb
My /etc/matrix-synapse/homeserver.yaml contains:
Code:
turn_uris: [ "turn:turn.mydomain.co.uk:3478?transport=udp", "turn:turn.mydomain.co.uk:3478?transport=tcp" ]
turn_shared_secret: sharedsecretkey
turn_user_lifetime: 86400000
turn_allow_guests: True
I don't think it's a network issue: router is 1:1 Nat currently forwarding all traffic, and I have a LOT of ports open on the server while I try to get this right. Where do I go from here?