Accessing turn server from external network through port forwarding

Support intro

Sorry to hear you’re facing problems :slightly_frowning_face:

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can :heart:

Some useful links to gather information about your Nextcloud Talk installation:
Information about Signaling server: /index.php/index.php/settings/admin/talk#signaling_server
Information about TURN server: /index.php/settings/admin/talk#turn_server
Information about STUN server: /index.php/settings/admin/talk#stun_server

Nextcloud version (eg, 24.0.1): 24.0.2
Talk Server version (eg, 14.0.2): 14.0.3
Custom Signaling server configured: yes and 0.5.0
Custom TURN server configured: yes
Custom STUN server configured: no, using stun.nextcloud.com

In case the web version of Nextcloud Talk is involved:
Operating system (eg, Windows/Ubuntu/…): Fedora Server 36
Browser name and version (eg, Chrome v101): Firefox v102.0

In case mobile Nextcloud Talk apps are involved:
Talk iOS version (eg, 14.0.2): 14.0.1
Talk Android version (eg, 14.0.2): replace me

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N): N

Steps to replicate it:

  • I am currently configuring turn server on my local server, and locally I can connect to it and its working perfect. But for external users I have set a public IP and I added DNS record to point turn server domain (e.g turn.mydomain.com) to the public IP. After that I port forwarded on my Cisco Firewall, since am using TLS I forwarded port 5349.
  • When I test if the server returns ICE candidates, its showing me an error that there is no returned ICE candidate.

The output of your Nextcloud log in Admin > Logging or errors in nextcloud.log in /var/www/:

There is no related errors regarding this

The output of your Apache/nginx/system log in /var/log/____:

There is no related errors regarding this

Your browser log if relevant (javascript console log, network log, etc.):

Creating PeerConnection with 
    Object { iceServers: (1) […], iceTransportPolicy: "relay" }
    ​iceServers: Array [ {…} ]
    iceTransportPolicy: "relay"

Received candidates 
    Array []
    length: 0
    <prototype>: Array []

Here is what I configured inside turnserver.conf

  • tls-listening-port=5349
  • fingerprint
  • use-auth-secret
  • static-auth-secret=********
  • realm=turn.mydomain.com
  • total-quota=0
  • bps-capacity=0
  • stale-nonce=600
  • cert=/etc/letsencrypt/live/turn.mydomain.com/fullchain.pem
  • pkey=/etc/letsencrypt/live/turn.mydomain.com/privkey.pem
  • log-file=/var/log/coturn/turnserver.log
  • simple-log
  • no-multicast-peers
  • allowed-peer-ip=127.0.0.1

I would like to know if there is something I should add to this config in order to access the turn server from external. Thank you.