Spreed.ME: no video/audio transmission outside of local network

Hey guys,

i recently installed Spreed.ME on my nextcloud server, following the guide here: https://nextcloud.com/webrtc/

It works great inside my local network, but when I try to call somebody outside of my local network, there is no video and no audio transmission. Both clients just see their own webcam picture but the field for the other one is just empty. Depending on who started the call, the connection also breaks after some seconds.

I tried it with different browsers and different users outside my network. I also tried to open the TCP port 8080, which seems to be used, but this doesn’t make a difference and also no installation guide gives a hint to do so. I also tried to disable my desktop firewall.

I guess is has something to do with my router, its firewall/port rules. I have a AVM FRITZ!Box 7490 here with current firmware version.

I hope that someone can help me, getting this to work. I don’t want to rely on Skype anymore ;).

Thanks and best regards,

you have to setup a stun/turn server
Here you can see hows done:

I strongly recommend to run this thing on a box which is connected directly to the internet with an external IP,
else you can botch around with nat configuration.


If you are lazy, like me, instead of installing and configuring a complete stun/turn server you can just uncomment the line :

stunURIs = stun:stun.spreed.me:443

in your /etc/spreed/webrtc.conf file. You will then use the spreed STUN service. (it only relays your external IP without any data)

Thanks for the answers.

I read that Spreed.ME first tries a P2P connection and will only (try to) fall back to a stun/turn server, if that fails because of e.g. tight firewall rules.
A direct P2P connection without server in between sounds actually good to me. What is the reason that you both directly refer to the stun/turn solution, while the installation guide (https://nextcloud.com/webrtc/) does not tell any word about that? What would be necessary to make P2P work?

I will shortly try it with “stunURIs = stun:stun.spreed.me:443”, thanks for that simple one.

@own stun/turn server: Since at the moment I just have a privat household single internet connection here with dynamic IP and therefore external dynamic DNS-Server, there is so far no way for me to run the server with an external IP directly connected to the internet. You mean that that box should be connected directly to the modem without router in between, right? I just have one plug and one IP from the provider and that is used by the AVM box, which is modem and router at the same time.
Since I am always interested being independent from external servers, on the long term I would like to install my own turn server. Since so far I have just one server, I would install it beside nextcloud and spreed.me. Why you do not recommend that?

Thanks and best regards,

Have a look at https://en.wikipedia.org/wiki/STUN
And thousands other pages you will find with google…

in short : allow an end host to discover its public IP address if it is located behind a NAT.

You mean setup the turnserver on the gateway between your network and the internet?
I tried that too, but didn’t get that to work.
Maybe you get that running, in my case however, it had problems to connect the peers,
if they came from to different interfaces seen from the turn server.

I uncommented “stunURIs = stun:stun.spreed.me:443” in my .conf ([app] section) as described but the problem stays exactly the same. In my server directory the config file is named server.conf, which is the same that you have to adjust according to the installation guide here https://nextcloud.com/webrtc/ in the last chapter.
I also found a “server.conf.in” there, which looked exactly the same like the server.conf, but the line was not yet uncommented, so i did it also there without success. I realised that it is a completely unchanged version of the config file, so it is not used anyway since inside my network everything is working fine.

Is there anything else I have to do to get the stun server used correctly? Also the log/terminal(where i run ./spreed-webrtc-server) does not show some hint about it.

€: Of course I restarted the spreed.me server after change and also the whole machine, in case ;).

For 80% of all WebRTC / SIP communications, a simple STUN server is sufficient to establish a link with the peers and pass through your NAT. In other more complex situations (nature of the NAT - STUN does not work with symmetric NAT (also known as bi-directional NAT) - or complex firewalls) you must use a TURN server (but in this case, all your data/communications will go on that TURN server)

But I have to say, the only manual which was good, was spreed with coturn. For the rest, you need to know how to handle a stun/turn server already by yourself.

No, i don’t have any stun/turn server on my machine and i use only the spreed STUN service. Works perfectly well here. => stunURIs = stun:stun.spreed.me:443

(you have more than hundred public STUN servers you can use)

P.S. By the way, don’t forget to authorise your browser to send you notifications and to use your microphone and camera

@Akhenaton I see this in the way, if you setup your own communication platform because of privacy reason, then you should go the complete way, not stop in the middle of it.
Else you can stay at skype, hangouts, whatsapp and co and spare the time for the work entirely.

No, you still rely on your provider (ISP) for your access! and he can see what IP has called what IP. Nothing more, nothing less than a STUN server. And if you haven’t set your own DNS server (bind) but use your provider’s one or even others… Bingo ! it’s totally useless.

N.B. You’ll never get complete privacy on the internet !

The less entities who can see you, the better.

correct, but you can still minimize your footprint.

I will try to get it work by playing little wih firewall/router settings.

Is there some way, command/log or whatever to check if the stun server is correctly used by the app?

I just found a way to check the stun server itself: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
Giving it “stun:stun.spreed.me:443”, it gives the correct external IP of the network/router as well as the correct internal IP of my machine. But they are shown as udp port 50886. Do I have to somehow open/forwards these or other ports?

Before setting up an own turn server (I also thought about coturn, as this was the first good documented solution I found), I would love to get it run the simpler way, P2P if possible or at least with an external stun server.

I just have a simple linux server, a windows client and an AVM FRITZ!Box 7490 here. I don’t know if its symmetric or bi-directional as I don’t know much details about network technology. But if there is some way to change the NAT behaviour, that P2P or stun will work, I would prefer that way.

Generally I agree with dev0: If you want to take control over your data and communication, it should be done consequently. But so far the privacy of my network is not yet too substantially important and I use that situation to play around and learn step by step about linux, server and network stuff. So if it works with an external stun/turn server, it is okay for the moment. I can establish an own turn server or another independent solution later on. At the moment I just want to play and learn about the potentially privat solutions to for the first step get rid of Skype ;).

After unsuccessful tries so get it run with the spreedme stun server, I finally installed coturn on my system just from raspbian repo and using the spreedme+coturn configs given by slapps:

1 Like