I’m having a hard time setting up TURN server for Talk app. So far I’ve been able to make calls to outside only when they are not running behind a NAT/firewall. In that case, I only see a black screen and no sound.
As this post lines out, you need to have a TURN server, which I’ve installed on the same server as Nextcloud (Ubuntu - Coturn).
I think I’ve set it up properly.
When using this command from outside
stun mydomain.com:3478 I got the following output:
STUN client version 0.97 Primary: Independent Mapping, Independent Filter, preserves ports, no hairpin Return value is 0x000013
So I guess everything is up and running.
Here is my turnserver.conf:
listening-port=3478 lt-cred-mech use-auth-secret static-auth-secret=<mysecret> realm=mydomain.com total-quota=100 bps-capacity=0 stale-nonce log-file=/var/log/turn.log no-loopback-peers no-multicast-peers external-ip=<my external-ip> server-name=mydomain.com fingerprint min-port=59000 max-port=59100
My network layout:
INTERNET-to-DMZ (GREEN): Port 3478 forwarded to NC-server
DMZ-to-LAN: (PURPLE): UDP source pourts 59000 - 59100 allowed to destination ports 40000 - 65535 (explanation: turn server is allowed to use ports 59000 - 59100 see turnserver.conf)
LAN-to-DMZ: (RED) Port 3478 allowed to NC-server
DMZ-to-INTERNET (YELLOW): UDP port 3478 allowed & UDP source pourts 59000 - 59100 allowed to destination ports 40000 - 65535
When I try to call to someone behind a NAT, my pc is trying to connect directly to my peer through a high UDP port (fi 63408) so hence my call is not coming through. No log in my turnserver, so I guess something else needs to be set up in order to use my turnserver for this kind of calls?
Could someone help me please? I don’t think I need to open up another high range of UDP ports from my Lan to internet?
Also, is it a good idea to set up this range for UDP from my DMZ to LAN & INTERNET (limited through source ports 59000 until 59100)?