Nextcloud Talk (v11.2.2) - "Error: No working ICE candidates returned by the TURN server"

HeyWatchOutDude · June 21, 2021, 4:40pm

Hi,

I cant call somebody outside of my internal network. (due of the ICE candidates error)

Any idea why it doesn’t work?

Nextcloud Server Version:
21.0.2

==============================

coTurn Version:
4.5.1.1-1.1ubuntu0.20.04.2

==============================

NextCloud Talk Version:
11.2.2

==============================

OS:
Ubuntu 20.04.2 (LTS)

==============================

UFW status:
To Action From

443/tcp ALLOW Anywhere
80/tcp DENY Anywhere
3478/tcp ALLOW Anywhere
3478/udp ALLOW Anywhere
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) DENY Anywhere (v6)
3478/tcp (v6) ALLOW Anywhere (v6)
3478/udp (v6) ALLOW Anywhere (v6)

==============================

/etc/turnerserver.conf:
listening-port=3478
fingerprint
use-auth-secret
static-auth-secret=7fa8c…
realm=mydomain.com (NOTE: Im using cloudflare proxy for the 80/443 traffic for nextcloud traffic and for the nextcloud talk realm I created a new A-Record - proxy disabled - just a DNS record with the public IP)
total-quota=100
bps-capacity=0
stale-nonce
no-stdout-log
log-file=/var/tmp/turn.log
syslog
no-multicast-peers
no-tlsv1
no-tlsv1_1

==============================

systemctl status coturn.service:
● coturn.service - coTURN STUN/TURN Server
Loaded: loaded (/lib/systemd/system/coturn.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-06-19 11:13:57 UTC; 9min ago
Docs: man:coturn(1)
man:turnadmin(1)
man:turnserver(1)
Process: 62446 ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid (code=exited, status=0/SUCCESS)
Process: 62460 ExecStartPost=/bin/sleep 2 (code=exited, status=0/SUCCESS)
Main PID: 62459 (turnserver)
Tasks: 9 (limit: 9448)
Memory: 6.5M
CGroup: /system.slice/coturn.service
└─62459 /usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid

Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: IO method (general relay thread): epoll (with changelist)
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: turn server id=2 created
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: IO method (general relay thread): epoll (with changelist)
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: turn server id=3 created
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: Total General servers: 4
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: IO method (auth thread): epoll (with changelist)
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: IO method (auth thread): epoll (with changelist)
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: IO method (admin thread): epoll (with changelist)
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: SQLite DB connection success: /var/lib/turn/turndb
Jun 19 11:13:57 HOSTNAME systemd[1]: Started coTURN STUN/TURN Server.

==============================

Nextcloud Talk Configuration (WebUI):

[Album] imgur.com

==============================

USG Port Forwarding:

[Album] imgur.com

anon71540698 · June 22, 2021, 10:55pm

Does the coTURN server have a proper SSL?

If so, with Talk 11.2.2 it should not have this error…

With 11.2.1 it was showing this error but working nonetheless…

Sanook · June 23, 2021, 8:57am

You can try to disable the Cloudflare proxy completely to find out if it works or not.

HeyWatchOutDude · June 26, 2021, 7:44am

I’m using port “3478” so it wont need a ssl certificate?

By the way TLS is not supported via nextcloud talk:
(D)TLS is currently not supported by Nextcloud Talk and does not have any real security benefit anyway. Click here for more details.

Source: Configuring coTURN - Nextcloud Talk API documentation

I mean my NC has a ssl certificate.

HeyWatchOutDude · June 26, 2021, 7:45am

I completely removed the cloudflare proxy and it still wont generate ICE candidate.

I only use cloudflare for my DDNS.
For the Nextcloud DNS record im using a “CNAME” is that a problem?

HeyWatchOutDude · July 2, 2021, 11:26am

Fixed it … had a permission issue.
(Copy of the ssl certificate / privkey wasn’t owned by the turnserver user)

Note:
chown -R turnserver:turnserver /etc/coturn/
chmod -R 755 /etc/coturn/
chmod 644 /etc/coturn/certs/$FqdnTurnServer.fullchain.pem
chmod 600 /etc/coturn/certs/$FqdnTurnServer.privkey.pem

Source: https://blog.wydler.eu/2020/04/04/eigener-turn-server-fuer-jitsi-meet-bereitstellen

ICE candidate: OK!

Xhulio24 · March 31, 2022, 9:21am

Hello I have the same problem as you had it. Did you installed the coTURN server in the same server you have installed your NextCloud ?