can you please be more specific?
our servers are not nated, they’re configured with a public IP address in our DMZ on the same subnet.
may be you find the answer here:
i understood that the purpose of the turn server is to avoid exactly this black screen. and therefore the turn server is mend to be place in the internet. so if you put the turn server also behind a nat device you have to understand the config for this scenario. in my link above it should be de scripted. ok?
just offering my free support btw, so dont be mad at me willing to help you.
i assume you’re not a native english speaker - so am I.
If german is a language you’d prefer, so will I.
Sorry but I’m still not understanding how to configure our TURN server.
It is already configured with a public IP, are you suggesting to move it inside our local network and configure a NAT?
Reading your guide, i can clearly confirm that our case is a TURN server running not behind a NAT , but with direct www connection and static public IP
However @victorbw, i’m really appreciating your support, please don’t misunderstand my words as mad
i just wanted to say that there is already a long thead with a lot config examples. so maybe your problem is also covered there. or you find an expert among the experts posting config there. and i didn’t see “DMZ” so i assumed you run your turn server in your intranet. my mistake.
btw: we are on the same site. i’m desperately seeking a solution for turn in docker. (what is a kind of “behind-nat-problem”.)
in my playbook - as far as i remember - i was able to get talk running on debian/ubuntu (without docker) i’m not sure if i ever tested it with centos.
anyhow my playbook wouldn’t help you because nc and turn would be on the same maschine. but maybe you could setup a test maschine with a working config and bring it to your turn server.
try this howto, it seems like the most detailed version of an instruction ive found so far:
unfortunately I’ve lost my script for setting up a stun/turn server
@mirkot did you look at the the
lt-cred-mech parameter? they talk about “not necessary in some version”…
@Reiner_Nippes I didn’t set
I have set only :
listening-port=3478 fingerprint use-auth-secret static-auth-secret=de187fd1cefc7cd6dade0eee65dfc3c242affe6027574597344be43c467a54ef [realm=coturn.mydomain.net](http://realm=coturn.mydomain.net) total-quota=100 bps-capacity=0 stale-nonce=600 no-loopback-peers no-multicast-peers pidfile="/var/run/turnserver/turnserver.pid"
Are you sure that the turn server is not firewalled? Or the nextcloud server? You turn off firewalld locally. But you dont say anything about the router/firewall that most probably sits in front of the dmz, how is that configured? Have you turned on debug on the turn server or listened on the traffic with tcpdump?
Also try open the port on DMZ firewall for TCP and UDP.
What are your test devices? Testing with mobile Android phones on 3g/4g network with Talk App makes it easier than testing with desktops who may have their own firewalls and settings or sitting behind something.
firewalld is disabled, the VMs are on DMZ.
1 iphone on 4G and 1 android on 4G.
All test in all direction:
iphone - android both of them on wifi LAN (working).
iphone - android both of them on 4G.
iphone - android one on wifi LAN and one 4G.
notebook - iphone one on LAN and one 4G.
notebook - iphone one on LAN and one wifi LAN (working).
notebook - android one on LAN and one 4G.
notebook - android one on LAN and one wifi LAN (working).
Please assure first that the coturn is running without error messages.
As I can see above you use v220.127.116.11 (I guess since there is a special CentOS7 tarball available?), so in this case indeed you need to add
lt-cred-mech which is required for all versions below 18.104.22.168 but throws a warning for all versions above.
You might have found the guide without this setting as I removed it due to the error message and meanwhile re-added it after realizing that it is required for older versions. coTURN was quite a bid changing around their settings behaviour.
When starting coturn carefully watch the log for any other config quirks.
I changed everything, I installed nextcloud and turnserver on the same server.
The VM is still on DMZ, connecting directly on the internet.
Now I’m trying to configure the turn server file on localhost.
Do you have any tips?
despite what is frequently said, I had to use lt-cred-mech in coturn configuration to make it work.
Then I started to notice user id logged in turn log file and talk started to work.
Unfortunately, I decided not to propose nextcloud talk because it’s not reliable on firefox !
lt-cred-mech added on config file but the problem are still present
can you show us the content of your turn log file ?
The problem is resolved, I have fix the network configuration on the router (vyos)
mark your topic as [solved] please, so people with the same error will be able to find a solution to the same problem in the future.
AND - what did you change on your network-config? How did you really solve it?