Struggling with Talk: reliability not accomplished on my installation

Hi all,

I am struggling with the Talk app.
Nextcloud is on version 15 and Talk app is 5.0,2.

I installed the TURN server coturn, last download, comiple & install 15.02.2019.

I tried to connect to a TURN server and followed the instructions here:
HowTo: Setup Nextcloud Talk with TURN server

Connections will be established from behind a NAT firewall as well as inside the LAN.

Browsers used are mostly Firefox, some Chromium, mostly running in Ubuntu, some Windows 7.

I am testing with same/same or mix of all available browsers running on same/same and mixed operating systems, always different accounts. Sometimes on same machine, lots of tests with different machines, connected over LAN, WLAN (different IP-Range), Android hotspot, etc.

In Nextcloud installation I added STUN and TURN server operating on the same host like the Nextcloud server itself.
All Firewalls are open to port 3478 TCP/UDP outbound. That meets the turnserver config.
Turnserver-Firewall is open for 3478 TCP/UDP inbound and outbound all open.
Turnserver-Firewall is also open for UDP Range 49152 to 65535.

It seems that signalling is working perfect. But most of the time I get the loading animation or a black screen.

So getting a video connection between two browsers is pure luck. I am not seeing any pattern ins success or fail. Sharing single windows or screens is worse.

In tuenserver I get several errors like this during connection initiation:
41826: session 002000000000000099: realm <nextcloud.okit.de> user <>: incoming packet message processed, error 401: Unauthorized

…but I read, this is kind of normal and valid during handshake. And in fact this happens also if the connection is successfull initiated and we I have the rare success of sharing video or a window.

I tried to read into WebRTC at all and Nextcloud/Talk/coturn in special.

Could anyone recommend a good source for such issues please?
Are my issues some kind of common or am I fooling my self with some common information I missed?

Thanks in advance for any hint.

Cheers
Olaf

Do the same clients sometimes fail and sometimes succeed video connection? You could test all clients via: https://test.webrtc.org/
Or could you find some pattern in which combination or browsers and/or client network states (local, external, behind NAT, WLAN) the video does not show up, or is this totally random?

The TURN server log entries at least show that Nextcloud is configured correctly to use it. Jep the authentication errors are expected due to the way it loops through the methods. At least if you as well see succeeding connection logs, this is okay.

Did you check server load during TURN server video calls? Might be a reason if during Nextcloud access anyway the TURN server load comes on top. Consider using the TURN server on a separate machine that is directly connected to www (not behind NAT), if you can, which seems to be generally more reliable.

Do the same clients sometimes fail and sometimes succeed video connection?

Yes.

You could test all clients via: https://test.webrtc.org/

Good point. I tried and found some issues with firewalls between LAN and TURN server.

It would be great to give WebRTC a hint which ports a free to use. However, at least in our infrastructure I am in charge to open the firewall completely to the TURN server.
Using an open WLAN with NAT and without any firewall limitations seems to help. So maybe there is more to do in my LAN firewalling.

Consider using the TURN server on a separate machine that is directly connected to www (not behind NAT), if you can, which seems to be generally more reliable.

Yes: The TURN server is located on a host available with a public IP without NAT.
The load is minimal, if I try to setup sessions. So that should not be the issue.

At least I could increase chances to have a successful connections. I will try to improve and post my conclusions here. Thanks for the hints so far!