Setting up firewall for TURN server

MichaIng · February 18, 2019, 10:11am

Very strange. See what I got when not commenting the setting:

HowTo: Setup Nextcloud Talk with TURN server

Changelog

Removed lt-cred-mech from config, which is not required/conflicting with use-auth-secret .Related log entries:

Jan 19 23:08:20 my.domain.org turnserver[6712]: CONFIGURATION ALERT: You specified --lt-cred-mech and --use-auth-secret in the same time.
Jan 19 23:08:20 my.domain.org turnserver[6712]: Be aware that you could not mix the username/password and the shared secret based auth methohds.
Jan 19 23:08:20 my.domain.org turnserver[6712]: Shared secret overrides username/password based auth method. Check your configuration!

Related config file comments:

# Be aware that use-auth-secret overrides some part of lt-cred-mech.
# Notice that this feature depends internally on lt-cred-mech, so if you set
# use-auth-secret then it enables internally automatically lt-cred-mech option
# like if you enable both.
#
# You can use only one of the to auth mechanisms in the same time because,
# both mechanism use the username and password validation in different way.
#
# This way be aware that you can't use both auth mechnaism in the same time!
# Use in config either the lt-cred-mech or the use-auth-secret
# to avoid any confusion.

And it works perfectly fine without here. Which version of coTURN do you use? Perhaps this changed and it was/is even required on older versions.

Okay, so if inbound 5349 (+80/443) and outbound everything is open and you still don’t get a connection I am also out of ideas. But since it works without iptables, you know where to tinker around. netstat shows the established connections, it would be interesting to see the blocked connections (by iptables).