Coturn turn server fails to start because of timeout

ℹ️ Support
,
1

[/details]

Nextcloud version (eg, 20.0.5): 21.0.5.1
Operating system and version (eg, Ubuntu 20.04): Mageia 8
Apache or nginx version (eg, Apache 2.4.25): nginx 1.18.0
PHP version (eg, 7.4): php-fpm 8.0.11

The issue you are facing:
Trying to setup a turn server wih coturn (Version Coturn-4.5.2 ‘dan Eider’). Service fails to start because of timeout.
systemd[1]: turnserver.service: Failed with result ‘timeout’.
systemd[1]: Failed to start coturn.

Is this the first time you’ve seen this error? (N):

Steps to replicate it:

  1. Install coturn
  2. Adjust coturn configuration according to manual
  3. systemctl start turnserver
  4. Service fails to start.

The output of your Nextcloud log in Admin > Logging:

No Nexcloud log yet as turn server should be started before trying to connect it to Nextcloud.

The output of coturn server configuration /etc/turnserver/turnserver.conf:

listening-port=3478
fingerprint
use-auth-secret
static-auth-secret=xxxxxxxxxxxxxxxxxxxxxxxxx
server-name=sub.domain.org
realm=sub.domain.org
total-quota=100
bps-capacity=0
stale-nonce
no-stdout-log
log-file=/var/log/coturn/turnserver.log
simple-log
new-log-timestamp
no-multicast-peers
pidfile="/var/run/turnserver/turnserver.pid"

Output of systemd service turnserver.service, provided with the package:

[Unit]
Description=coturn
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=syslog.target network-online.target

[Service]
User=turnserver
Group=turnserver
Type=notify
EnvironmentFile=/etc/sysconfig/turnserver
ExecStart=/usr/bin/turnserver -c /etc/turnserver/turnserver.conf $EXTRA_OPTIONS
ExecStopPost=/usr/bin/rm -f /var/run/turnserver/turnserver.pid
Restart=on-abort

LimitCORE=infinity
LimitNOFILE=999999
LimitNPROC=60000
LimitRTPRIO=infinity
LimitRTTIME=7000000
CPUSchedulingPolicy=other
UMask=0007

[Install]
WantedBy=multi-user.target

The output of your coturn in /var/log/coturn/turnserver.log:

2021-10-07T17:27:37+0200: log file opened: /var/log/coturn/turnserver.log
2021-10-07T17:27:37+0200: 0 bytes per second allowed, combined server capacity
2021-10-07T17:27:37+0200: 
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.2 'dan Eider'
2021-10-07T17:27:37+0200: 
Max number of open files/sockets allowed for this process: 999999
2021-10-07T17:27:37+0200: 
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 499500 (approximately)
2021-10-07T17:27:37+0200: 

==== Show him the instruments, Practical Frost: ====

2021-10-07T17:27:37+0200: TLS supported
2021-10-07T17:27:37+0200: DTLS supported
2021-10-07T17:27:37+0200: DTLS 1.2 supported
2021-10-07T17:27:37+0200: TURN/STUN ALPN supported
2021-10-07T17:27:37+0200: Third-party authorization (oAuth) supported
2021-10-07T17:27:37+0200: GCM (AEAD) supported
2021-10-07T17:27:37+0200: OpenSSL compile-time version: OpenSSL 1.1.1i  8 Dec 2020 (0x1010109f)
2021-10-07T17:27:37+0200: 
2021-10-07T17:27:37+0200: SQLite supported, default database location is /var/db/turndb
2021-10-07T17:27:37+0200: Redis is not supported
2021-10-07T17:27:37+0200: PostgreSQL supported
2021-10-07T17:27:37+0200: MySQL supported
2021-10-07T17:27:37+0200: MongoDB is not supported
2021-10-07T17:27:37+0200: 
2021-10-07T17:27:37+0200: Default Net Engine version: 3 (UDP thread per CPU core)

=====================================================

2021-10-07T17:27:37+0200: Domain name: 
2021-10-07T17:27:37+0200: Default realm: sub.domain.org
2021-10-07T17:27:37+0200: ERROR: 
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
2021-10-07T17:27:37+0200: WARNING: cannot find certificate file: turn_server_cert.pem (1)
2021-10-07T17:27:37+0200: WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
2021-10-07T17:27:37+0200: WARNING: cannot find private key file: turn_server_pkey.pem (1)
2021-10-07T17:27:37+0200: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
2021-10-07T17:27:37+0200: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
2021-10-07T17:27:37+0200: ===========Discovering listener addresses: =========
2021-10-07T17:27:37+0200: Listener address to use: 127.0.0.1
2021-10-07T17:27:37+0200: Listener address to use: 192.168.1.20
2021-10-07T17:27:37+0200: Listener address to use: ::1
2021-10-07T17:27:37+0200: Listener address to use: fdaa:bbcc:ddee:0:1e1b:dff:fe9f:d72f
2021-10-07T17:27:37+0200: =====================================================
2021-10-07T17:27:37+0200: Total: 2 'real' addresses discovered
2021-10-07T17:27:37+0200: =====================================================
2021-10-07T17:27:37+0200: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
2021-10-07T17:27:37+0200: ===========Discovering relay addresses: =============
2021-10-07T17:27:37+0200: Relay address to use: 192.168.1.20
2021-10-07T17:27:37+0200: Relay address to use: fdaa:bbcc:ddee:0:1e1b:dff:fe9f:d72f
2021-10-07T17:27:37+0200: =====================================================
2021-10-07T17:27:37+0200: Total: 2 relay addresses discovered
2021-10-07T17:27:37+0200: =====================================================
2021-10-07T17:27:37+0200: pid file created: /var/run/turnserver/turnserver.pid
2021-10-07T17:27:37+0200: IO method (main listener thread): epoll (with changelist)
2021-10-07T17:27:37+0200: Wait for relay ports initialization...
2021-10-07T17:27:37+0200:   relay 192.168.1.20 initialization...
2021-10-07T17:27:37+0200:   relay 192.168.1.20 initialization done
2021-10-07T17:27:37+0200:   relay fdaa:bbcc:ddee:0:1e1b:dff:fe9f:d72f initialization...
2021-10-07T17:27:37+0200:   relay fdaa:bbcc:ddee:0:1e1b:dff:fe9f:d72f initialization done
2021-10-07T17:27:37+0200: Relay ports initialization done
2021-10-07T17:27:37+0200: IO method (general relay thread): epoll (with changelist)
2021-10-07T17:27:37+0200: IO method (general relay thread): epoll (with changelist)
2021-10-07T17:27:37+0200: IO method (general relay thread): epoll (with changelist)
2021-10-07T17:27:37+0200: turn server id=1 created
2021-10-07T17:27:37+0200: IO method (general relay thread): epoll (with changelist)
2021-10-07T17:27:37+0200: turn server id=3 created
2021-10-07T17:27:37+0200: turn server id=0 created
2021-10-07T17:27:37+0200: turn server id=2 created
2021-10-07T17:27:37+0200: Total General servers: 4
2021-10-07T17:27:37+0200: IO method (auth thread): epoll (with changelist)
2021-10-07T17:27:37+0200: IO method (admin thread): epoll (with changelist)
2021-10-07T17:27:37+0200: IO method (auth thread): epoll (with changelist)
2021-10-07T17:27:37+0200: SQLite DB connection success: /var/db/turndb

I don’t think the cli-password error is of importance. It just leads to disable the telnet cli interface.
As well, the warning on TLS and DTLS, should not prevent to start; as far as I have understood how it should work, of course…

Out of systemctl status turnserver:

● turnserver.service - coturn
     Loaded: loaded (/usr/lib/systemd/system/turnserver.service; disabled; vendor preset: disabled)
     Active: failed (Result: timeout) since Thu 2021-10-07 17:29:07 CEST; 4min 53s ago
       Docs: man:coturn(1)
             man:turnadmin(1)
             man:turnserver(1)
    Process: 6802 ExecStart=/usr/bin/turnserver -c /etc/turnserver/turnserver.conf $EXTRA_OPTIONS (code=killed, signal=TERM)
    Process: 6812 ExecStopPost=/usr/bin/rm -f /var/run/turnserver/turnserver.pid (code=exited, status=0/SUCCESS)
   Main PID: 6802 (code=killed, signal=TERM)
        CPU: 64ms

oct. 07 17:27:37 cbct-serv turnserver[6802]: 2021-10-07T17:27:37+0200:   relay 192.168.1.20 initialization done
oct. 07 17:27:37 cbct-serv turnserver[6802]: 2021-10-07T17:27:37+0200:   relay fdaa:bbcc:ddee:0:1e1b:dff:fe9f:d72f initializati>
oct. 07 17:27:37 cbct-serv turnserver[6802]: 2021-10-07T17:27:37+0200:   relay fdaa:bbcc:ddee:0:1e1b:dff:fe9f:d72f initializati>
oct. 07 17:27:37 cbct-serv turnserver[6802]: 2021-10-07T17:27:37+0200: Relay ports initialization done
oct. 07 17:27:37 cbct-serv turnserver[6802]: 2021-10-07T17:27:37+0200: IO method (general relay thread): epoll (with changelist)
oct. 07 17:27:37 cbct-serv turnserver[6802]: 2021-10-07T17:27:37+0200: IO method (general relay thread): epoll (with changelist)
oct. 07 17:29:07 cbct-serv systemd[1]: turnserver.service: start operation timed out. Terminating.
oct. 07 17:29:07 cbct-serv turnserver[6802]: 2021-10-07T17:27:37+0200: IO method (general relay thread): epo
oct. 07 17:29:07 cbct-serv systemd[1]: turnserver.service: Failed with result 'timeout'.
oct. 07 17:29:07 cbct-serv systemd[1]: Failed to start coturn.

I am behind a NAT and the port 3478 is forwarded to the turn server. Its firewall has the 3478 port opened.

The domain associated with the turn server, sub.domain.org is a dynamic DNS subdomain pointing to my NAT (having a static IP).

I have tried to uncomment lt-cred-mech even if it is written only on coTURN below v4.5.0.8,
as I have read in some threads it could help; but it has not.

I have also try to set external-ip with my static IP, but it has not helped.

The thing is I am not able to understand what it waits for???

Any hints?

Thanks!