NC Talk and Turn-Server - how to connect?

hi, anyone can help me ?
my nextcloud talk black screen when call between smartphone using public internet not in LAN , but it both smartphone using wifi in same lan in our internal network, its running normally ,

and i try to create coturn server using ubuntu 20.04 in vps digital ocean , then we try using smartphone both of them outside lan , it’s working .

now the my condition :

  1. my nextcloud installed in jail of freenas ( using public IP / behind NAT ) working good.
  2. i setup coturn server using ubuntu 20.04 using Public IP NOT behind NAT,
    which the public IP still one subnet with my nextcloud server.

it doesn’t work , can video call using smartphone outside lan, but no video just black screen.

this is my config :

server-name=talk.mydomain.com
cert=/etc/letsencrypt/live/talk.mydomain.com/cert.pem
pkey=/etc/letsencrypt/live/talk.mydomain.com/privkey.pem
listening-port=3478
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=c7c41e34e7393557792d9fc48be64df8915599d0bfd7ace82cbc9ec5773846b83
realm=talk.mydomain.com
bps-capacity=0
total-quota=100
stale-nonce=600
no-loopback-peers
no-multicast-peers

same config that i’ve used in VPS coturn server at digital ocean ( its worked )
but in our place using real hardware and using Public IP ( 1 subnet with my nextcloud server public ip ) not working , just black screen.

please advice.

Regards,

It’s nice that you searched the forum - at least of a bit… Maybe there would be more hits on your search-request being worth to look at more closely? :wink:

you posted that one question under a HowTo and we want the howtos not to get flooded by “ich have a problem”-questions. please use a new thread for your questions. in this case I did that for you.

the infos you’re giving out about your instances seem to be a bit … ummmm… well not enough. but maybe that’s not needed, though, I dunno. But you definitly would raise chances to get a valid reply if you’d give out more info about the referring systems.

1 Like

Did you check if the Coturn server is actually running? Since you use two settings which are at least deprecated with the current version. Check back with the HowTo, else Coturn should log any error on startup.

In addition, did you do the TURN connection test in the Nextcloud admin panel to cheek whether Nextcloud can reach it?

upss…sorry … by the way if i am using vps at digital ocean, is the same , not working too… if we video call using smartphone outside LAN .

it’s mean i never make it work from outside my lan network.

Regards,

hi @MichaIng
where exactly to check coturn log ? i can not find the log at /var/log/ no coturn log.

@JimmyKater

ok. noted. i’m sorry
i’ll create a new thread for this question.

Thanks n regards,

Everything is fine, the topic has already been split up :slightly_smiling_face:.

Check journalctl -u coturn for logs, probably file logging is disabled or the server aborted before the config file path has been parsed.

Another thing about your config, since Coturn is connected to www directly (no NAT) please try to set listening-ip and relay-ip to match the public IP.

1 Like

as @MichaIng already said (and me, myself as well): THIS Is the new thread, already. :wink:
and thus I just deleted your 2nd “new” thread :wink:

If you don’t like the title you have full control about it - just click on the pencil-icon behind it and you could edit everything.

@MichaIng

this one of that make me confused about the ip ,

Another thing about your config, since Coturn is connected to www directly (no NAT) please try to set listening-ip and relay-ip to match the public IP.

which ip that i have to put in config ?
is it like below ? :

listening-ip= xxx .xxx.xxx.xxx ( my coturn public IP or my nextcloud server public IP ? )
relay-ip= xxx.xxx.xxx ( my coturn public IP or my nextcloud server public IP ? )
server-name=talk.mydomain.com
cert=/etc/letsencrypt/live/talk.mydomain.com/cert.pem
pkey=/etc/letsencrypt/live/talk.mydomain.com/privkey.pem
listening-port=3478
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=c7c41e34e7393557792d9fc48be64df8915599d0bfd7ace82cbc9ec5773846b83
realm=talk.mydomain.com
bps-capacity=0
total-quota=100
stale-nonce=600
no-loopback-peers
no-multicast-peers

upss, i just try once using coturn server at my vps at digital ocean, it’s working, i can video call using smartphone both of the outside lan network,

but if i using my coturn server which the public IP is the same subnet with my nextcloud server, it is not working,

is it problem because both of them in the same subnet public ip ?

please advice

Regards,

Yes put both inside with the public IP of your Coturn server.

is it problem because both of them in the same subnet public ip ?

If its really the public IP, it should not play a role as practically subnets do not play a role for public IPs AFAIK. The following cases would play a role:

  • Your Coturn is behind a NAT/router: In this case listening-ip and relay-ip should not be set since the Coturn server is reached and answers with different IPs, depending on if the client is in the same local network or connects from www and if the public IP is not static (e.g. you’d use a dynamic DNS provider).
  • Same as above but you use the public domain/hostname to access Coturn and your NAT/router has some rebind protection that blocks access local network internally when using the public hostname.
  • But if there is no NAT between www and Coturn, AFAIK you simply set listening-ip and relay-ip (as those are then always the same) and it should work :thinking:.

Did you check the Coturn logs for any hint?

@MichaIng

here is my condition :

  1. nextcloud server on freenas jail
    Public IP : 1xx.xxx.xx1
    LAN IP : 192.168.0.9
    NAT : port 443 & 80 from 1xx.xxx.xx1

nextcloud working normally

  1. Coturn Server stand alone server : using public IP
    Public IP : 1xx.xxx.xx9

=======================
scenario 1 :
Coturn using vps at digital ocean
Public IP

nextcloud talk between 2 smartphone outside lan network ( working )

scenario 2 :
Coturn using stand alone server with Public IP : 1xx.xxx.xx9

nextcloud talk between 2 smartphone outside lan network ( Not working )

==================================
regarding to your last post , my coturn server is :

But if there is no NAT between www and Coturn, AFAIK you simply set listening-ip and relay-ip (as those are then always the same) and it should work :thinking:

the question is : which ip address that i must input in “listening-ip” and “relay-ip” ?
nextcloud server public ip ? or coturn server public ip ?

====================================
and here is the log :

root@coturn:/home/administrator# journalctl -u coturn
– Logs begin at Sat 2020-08-01 05:05:55 UTC, end at Tue 2020-08-04 13:09:32 UTC. –
Aug 03 04:34:33 coturn systemd[1]: Starting coTURN STUN/TURN Server…
Aug 03 04:34:33 coturn turnserver[5662]: 0:
RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Version Coturn-4.5.1.1 ‘dan Eider’
Aug 03 04:34:33 coturn turnserver[5662]: 0:
Max number of open files/sockets allowed for this process: 524288
Aug 03 04:34:33 coturn turnserver[5662]: 0:
Due to the open files/sockets limitation,
max supported number of TURN Sessions possible is: 262000 (approximately)
Aug 03 04:34:33 coturn turnserver[5662]: 0:

                                     ==== Show him the instruments, Practical Frost: ====

Aug 03 04:34:33 coturn turnserver[5662]: 0: TLS supported
Aug 03 04:34:33 coturn turnserver[5662]: 0: DTLS supported
Aug 03 04:34:33 coturn turnserver[5662]: 0: DTLS 1.2 supported
Aug 03 04:34:33 coturn turnserver[5662]: 0: TURN/STUN ALPN supported
Aug 03 04:34:33 coturn turnserver[5662]: 0: Third-party authorization (oAuth) supported
Aug 03 04:34:33 coturn turnserver[5662]: 0: GCM (AEAD) supported
Aug 03 04:34:33 coturn turnserver[5662]: 0: OpenSSL compile-time version: OpenSSL 1.1.1f 31 Mar 2020 (0x1010106f)
Aug 03 04:34:33 coturn turnserver[5662]: 0:
Aug 03 04:34:33 coturn turnserver[5662]: 0: SQLite supported, default database location is /var/lib/turn/turndb
Aug 03 04:34:33 coturn turnserver[5662]: 0: Redis supported
Aug 03 04:34:33 coturn turnserver[5662]: 0: PostgreSQL supported
Aug 03 04:34:33 coturn turnserver[5662]: 0: MySQL supported
Aug 03 04:34:33 coturn turnserver[5662]: 0: MongoDB is not supported
Aug 03 04:34:33 coturn turnserver[5662]: 0:
Aug 03 04:34:33 coturn turnserver[5662]: 0: Default Net Engine version: 3 (UDP thread per CPU core)

                                     =====================================================

Aug 03 04:34:33 coturn turnserver[5662]: 0: Domain name:
Aug 03 04:34:33 coturn turnserver[5662]: 0: Default realm:
Aug 03 04:34:33 coturn turnserver[5662]: 0:
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
Aug 03 04:34:33 coturn turnserver[5662]: 0: WARNING: cannot find certificate file: turn_server_cert.pem (1)
Aug 03 04:34:33 coturn turnserver[5662]: 0: WARNING: cannot start TLS and DTLS listeners because certificate file is not set properly
Aug 03 04:34:33 coturn turnserver[5662]: 0: WARNING: cannot find private key file: turn_server_pkey.pem (1)
Aug 03 04:34:33 coturn turnserver[5662]: 0: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
Aug 03 04:34:33 coturn turnserver[5662]: 0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
Aug 03 04:34:33 coturn turnserver[5662]: 0: ===========Discovering listener addresses: =========
Aug 03 04:34:33 coturn turnserver[5662]: 0: Listener address to use: 127.0.0.1
Aug 03 04:34:33 coturn turnserver[5662]: 0: Listener address to use: 1xx.xxx.xx9
Aug 03 04:34:33 coturn turnserver[5662]: 0: Listener address to use: ::1
lines 1-43

You use the Coturn server public IP for both settings. Nextcloud is at best a client, more precisely it tells the clients (the video call peers) how to access to Coturn, not more.

I recommend not to post public IP addresses here at the forum, especially not while your still at setting up things and not yet everything might be at final production security :wink:. You can edit them out of your post.

Although it does not seem to cause error I see, as you use Coturn 4.5.1.1, please comment/remove the following two settings, which I explained in the changelog of the HowTo: lt-cred-mech and no-loopback-peers

@MichaIng

Still no luck, still cannot call from outside lan, just black screen, is it has to be using port 5439 ?

Btw did coturn has to ssl installed?

Please advice,

finally, i can make it done …
the problem , there’s misconfiguration on my A record IP to Turn Server,

by the way , there’s a question about the video call ,
if i open file *.md and the participant show in right top of corner, the video of participant was covered by my video, so i can see the participant.

is anyone have the same condition ?

Great to hear that it works now.

About the video overlap, I suggest you open a new thread about this or an issue on GitHub: https://github.com/nextcloud/spreed/issues
Probably add some screenshots to clarify.