At least this is the first thing I would try, if spreed inside LAN and nextcloud generally outside LAN works fine. For me it also works just with TURN server, and so far I did not yet understand in what cases STUN could already work and how one could achieve this for his own server.
In case:
apt-get install coturn openssl rand -hex 32 => XXX nano /etc/turnserver.conf listening-port=8443 fingerprint lt-cred-mech use-auth-secret static-auth-secret=XXX realm=your.server.domain total-quota=100 bps-capacity=0 stale-nonce log-file=/var/log/turn.log no-loopback-peers no-multicast-peers nano /etc/default/coturn TURNSERVER_ENABLED=1 service coturn restart
In nextcloud admin panel:
Spreed video calls
STUN server: your.server.domain:8443 TURN server: your.server.domain:8443 TURN server shared secret: XXX TURN server protocols: udp and tcp