Can't get TURN server to work

Hello,

I’ve installed the Nextcloud Talk app and am having some trouble making it work outside my local network. I understand in order to achieve the functionality I desire, I should install and configure my own TURN server.

To this end, I have done so on a VPS following instructions provided by this community. My config is as follows:

/etc/turnserver.conf

listening-port=3478
fingerprint
use-auth-secret
static-auth-secret=<redacted>
realm=<FQDN of Nextcloud instance>
total-quota=100 
bps-capacity=0
stale-nonce
no-loopback-peers
no-multicast-peers
log-file=/var/log/coturn.log

When users and guests try to join calls, some can hear my microphone, and some cannot. For others the screen is blank and they hear no audio.

On the turn server I see logs like the following:

2116: session 007000000000000019: realm <realm> user <>: incoming packet BINDING processed, success
2126: session 007000000000000019: realm <realm> user <>: incoming packet BINDING processed, success
2127: session 007000000000000019: realm <realm> user <>: incoming packet BINDING processed, success
2137: session 007000000000000019: realm <realm> user <>: incoming packet BINDING processed, success
2146: session 007000000000000019: closed (2nd stage), user <> realm <realm> origin <>, local 172.245.22.151:3478, remote 96.38.143.134:48364, reason: allocation watchdog determined stale session state
2147: handle_udp_packet: New UDP endpoint: local addr 172.245.22.151:3478, remote addr 96.38.143.134:48364
2147: session 007000000000000020: realm <realm> user <>: incoming packet BINDING processed, success
2157: session 007000000000000020: realm <realm> user <>: incoming packet BINDING processed, success

Note: I’ve redacted the realm URL in the logs, which is set to the FQDN of the Nextcloud instance.

When I test the configuration in Settings -> Talk, I get a little exclamation arrow, not a green check mark.

At this point I’m somewhat stumped; am I missing something glaring?

Please help!

Thanks,
-Linuxdude

I somewhat miraculously figured this out…

After almost giving up, I decided to look at the script provided in github:

This config provided by the script contained one line different than any recommendations I’ve seen on this forum:

lt-cred-mech

This guide specifically mentions it can’t be enabled when use-auth-secret is also enabled, but in my case, it only works with both config options set.

Cheers!

1 Like

Jep thanks for the hint. I removed it since it throws warnings as can be seen from my changelog in OT. But obviously this is only the case for newer coTURN versions while in older one it’s still required.

I will re-add it with the hint. Which version of coTURN do you use? I will also try to check the commits to know from which version on this setting should be removed and until which version it needs to stay.