Installing STUN / TURN Server

I’ve no issues with getting video calls to work within the LAN. But calls that cross over into other networks just don’t connect - the spinner just keeps spinning forever.

This must be because firewalls / NATs are getting in the way of making a peer-to-peer connection.

Thus, I need to run a STUN / TURN server.

So I’ve installed “coturn” and I’ve gone through the options in “turnserver.conf”. I have a static public IP address. I’m using the standard port 3478 and have opened the firewall ports for this.

When I’ve tried browsing to the STUN / TURN server address “domain.tld:3478” then I get a page that says “TURN server”. So it’s up and running, and accessible from the outside world.

But I still can’t get it to work.

Searching online, folks recommend a “trickle ICE” testing tool. I don’t really understand it but I put in the URI of my STUN / TURN server, clicked “gather” but it just hangs with no results.

Obviously, some settings somewhere are incorrect. But how does one diagnose what’s at error with a view to fixing it?

Are you talking about Spreed.ME with dedicated spreed server or the “new” spreed video calls/talks app?

In both cases coturn and spreed server/app need to be configured. See this guide a bid down the first post for Spreed.ME and coturn configuration: Complete NC installation on Debian with Spreed.me and TURN step by step
For the “new” app, giving coturn domain:port as STUN+TURN server within apps settings should be enough.

Note that the app does not work in combination with http/2, which will be fixed with NC13 release. The app name is changed to “talks” there, if I saw right.

In case post turn server + app settings for further investigation. Coturn port also forwarded to from router to server in case? :wink:

It’s the “video calls” app in NC 12.0.4.

(I’ll use “domain.tld” to represent my domain name and “1.2.3.4” to represent my IP address in the following.)

In NextCloud (under “Spreed Video calls” in the “additional settings”), I’ve got “domain.tld:3478” for both the STUN and TURN server fields. The “shared secret” is a random number that I generated (and, yes, it’s the same one as found in “turnserver.conf”). And I have “UDP and TCP” selected for the protocols.

I installed “coturn” on the server (Ubuntu 16.04). This server has a static IP address. I’ve opened the firewall for port 3478.

I know that “coturn” is installed and running and publicly accessible, because if I use a browser to go to “domain.tld:3478” then a HTML page with “TURN server” appears. So it is definitely reachable externally.

I followed a tutorial for the “turnserver.conf” settings. They are:

listening-port=3478
listening-ip=1.2.3.4
relay-ip=1.2.3.4
external-ip=1.2.3.4
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=[random number, same as one in NC settings]
server-name=domain.tld
realm=domain.tld
total-quota=100
log-file=/var/log/turn.log
stale-nonce
no-loopback-peers
no-multicast-peers

I do have an SSL certificate for “domain.tld” and I also tried it with:

cert=[path to SSL pem]
pkey=[path to SSL key]
cipher-list=[long list from tutorial]

but my SSL certificate also has an “intermediate” certificate for the CA and I wasn’t sure that I was installing this right - do I simply add it to the PEM file or is there a separate option for specifying it? - so I just removed the SSL stuff for now (get it working first, then I’ll properly secure it with SSL later).

Video calls work on the same LAN. When I try it across different networks, then I just get a black screen.

I’ve also taken a look at the log file at “/var/log/turn.log” but that just shows the settings of the TURN server and these look fine to me. Nothing about any problems reported there.

Everything looks/sounds good so far. Seems to just stuck the same as me, see: [Spreed video calls] Black screen / How to set STUN/TURN

Spreed.ME always worked for me with same setup, but never was able to get video calls running through outside local network, thou didn’t try it since longer time. You can compare your results/turnserver+browser console logs and behaviour with the one I posted on linked topic. If it is similar/ the same, we open a topic on github, to directly address it to the developers.

I found a website for testing STUN / TURN servers, but it uses a username and password rather than a shared secret. So I set up a static user, just for testing purposes, and it passed the tests just fine.

I think the TURN server is fine unto itself, but the “video call” app is not using it properly, for whatever reason. I can see why, in that other thread, you were double-checking that your settings for the app were correct.

Indeed, it would be nice if the app provided some feedback about problems it encounters, rather than just showing a black screen (obviously, yes, you’d need to be careful not to reveal any sensitive information that other users shouldn’t see - but it could simply only report errors if the user is an admin).

Just as an update, when I upgrade to NextCloud 13 with the built-in “Talk” app, everything just worked.

I made no changes to my STUN / TURN server setup, I just upgrade to 13 and then fired up the “Talk” app and it’s all good.

So I think that the previous issues weren’t to do with the setup of the STUN / TURN server, but just that the old “spreed” video calls app wasn’t connecting to it correctly. The new “Talk” app, though, corrects this and it works well.

Jep same here, maybe you can mark this topic as solved :slight_smile:.