Nextcloud Talk (v11.2.2) - "Error: No working ICE candidates returned by the TURN server"

Hi,

I cant call somebody outside of my internal network. (due of the ICE candidates error)

Any idea why it doesn’t work?

Nextcloud Server Version:
21.0.2

==============================

coTurn Version:
4.5.1.1-1.1ubuntu0.20.04.2

==============================

NextCloud Talk Version:
11.2.2

==============================

OS:
Ubuntu 20.04.2 (LTS)

==============================

UFW status:
To Action From

443/tcp ALLOW Anywhere
80/tcp DENY Anywhere
3478/tcp ALLOW Anywhere
3478/udp ALLOW Anywhere
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) DENY Anywhere (v6)
3478/tcp (v6) ALLOW Anywhere (v6)
3478/udp (v6) ALLOW Anywhere (v6)

==============================

/etc/turnerserver.conf:
listening-port=3478
fingerprint
use-auth-secret
static-auth-secret=7fa8c…
realm=mydomain.com (NOTE: Im using cloudflare proxy for the 80/443 traffic for nextcloud traffic and for the nextcloud talk realm I created a new A-Record - proxy disabled - just a DNS record with the public IP)
total-quota=100
bps-capacity=0
stale-nonce
no-stdout-log
log-file=/var/tmp/turn.log
syslog
no-multicast-peers
no-tlsv1
no-tlsv1_1

==============================

systemctl status coturn.service:
● coturn.service - coTURN STUN/TURN Server
Loaded: loaded (/lib/systemd/system/coturn.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-06-19 11:13:57 UTC; 9min ago
Docs: man:coturn(1)
man:turnadmin(1)
man:turnserver(1)
Process: 62446 ExecStart=/usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid (code=exited, status=0/SUCCESS)
Process: 62460 ExecStartPost=/bin/sleep 2 (code=exited, status=0/SUCCESS)
Main PID: 62459 (turnserver)
Tasks: 9 (limit: 9448)
Memory: 6.5M
CGroup: /system.slice/coturn.service
└─62459 /usr/bin/turnserver --daemon -c /etc/turnserver.conf --pidfile /run/turnserver/turnserver.pid

Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: IO method (general relay thread): epoll (with changelist)
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: turn server id=2 created
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: IO method (general relay thread): epoll (with changelist)
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: turn server id=3 created
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: Total General servers: 4
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: IO method (auth thread): epoll (with changelist)
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: IO method (auth thread): epoll (with changelist)
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: IO method (admin thread): epoll (with changelist)
Jun 19 11:13:55 HOSTNAME turnserver[62459]: 0: SQLite DB connection success: /var/lib/turn/turndb
Jun 19 11:13:57 HOSTNAME systemd[1]: Started coTURN STUN/TURN Server.

==============================

Nextcloud Talk Configuration (WebUI):

==============================

USG Port Forwarding:

Does the coTURN server have a proper SSL?

If so, with Talk 11.2.2 it should not have this error…

With 11.2.1 it was showing this error but working nonetheless…

You can try to disable the Cloudflare proxy completely to find out if it works or not.

I’m using port “3478” so it wont need a ssl certificate?

By the way TLS is not supported via nextcloud talk:
(D)TLS is currently not supported by Nextcloud Talk and does not have any real security benefit anyway. Click here for more details.

Source: Configuring coTURN - Nextcloud Talk API documentation

I mean my NC has a ssl certificate.

I completely removed the cloudflare proxy and it still wont generate ICE candidate.

I only use cloudflare for my DDNS.
For the Nextcloud DNS record im using a “CNAME” is that a problem?

Fixed it … had a permission issue.
(Copy of the ssl certificate / privkey wasn’t owned by the turnserver user)

Note:
chown -R turnserver:turnserver /etc/coturn/
chmod -R 755 /etc/coturn/
chmod 644 /etc/coturn/certs/$FqdnTurnServer.fullchain.pem
chmod 600 /etc/coturn/certs/$FqdnTurnServer.privkey.pem

Source: https://blog.wydler.eu/2020/04/04/eigener-turn-server-fuer-jitsi-meet-bereitstellen

ICE candidate: OK!

2 Likes

Hello I have the same problem as you had it. Did you installed the coTURN server in the same server you have installed your NextCloud ?