NC Talk 2.3.5
on OpenSuse Leap 15.0
All on a VPS, with a single static IPv4 and a static IPv6 subnet.
I’ve some general and additional questions to this very nice howto: HowTo: Setup Nextcloud Talk with TURN server
STUN set to stun.nextcloud.com:443
No TURN, no signaling server.
Until today I’ve used Nextcloud Talk only for pure “inter-family” calls, audio and video, worked fine, always. Both via browser and also nextcloud talk app.
Today I wanted to make a skype call, with someone behind a company’s firewall, which several times failed, for whatever skype internal reasons. So I thought perfect situation to try Nextcloud Talk’s “public conversation” feature in real life. Self-explaining easy to create conversation, set a password. Sent other party URL (via Skype, at least that still worked ). Saw him at once as “guest”. We could chat inside NC Talk, he could try to call me, signaled both in Browser and on my smartphone via Talk app.
What didn’t work was any sound or video transmission, call stuck at “calling …”. We both saw a black initiation screen in Talk, and both ourself from our own webcams, not the other participant, and no sound.
From what I’ve understood/read, this might be because of the necessity of a TURN server in this specific situation.
So I installed COTURN on my VPS, and now have some questions before activating it. All new to me, don’t want any security holes on my server
- “WHO” is really using/accessing the TURN server?
a) Nextcloud (Talk) serverside, being able to connect on http(s)://localhost: as both NC on Apache and the TURN server will run on the same machine? side effect: no TLS etc. neccesary.
b) or the final NC Talk clients, browser or app(s)? So the desired TURN port must be open in firewall?
To my understanding, it’s quite usual for company’s networks to restrict any outgoing port request other than 80/443, plus same essentially needed. That’s why all known by me screen sharing etc. programs like “TeamViewer” or so pass all communication via ports 80/443, in contrast to e.g. VNC, which needs it’s own port.
Because of this I would be suprised if NC Talk users would need additional open ports, but as said, unclear to me.