I’m trying to understand how to correctly and securely setup Talk with TURN. Let’s say, I have two organizations, example1.com and example2.com both running Nextcloud at public IP addresses, with Talk installed. Let’s also assume that each organization runs their own TURN server with a shared secret that’s specific to their respective organization. And members of those organizations, who use their browsers behind two different corporate firewalls, want to chat with each other. Just what needs to happen here to establish a call?
- Does anybody in example2.com need to know the location, shared secret etc. of example1.com’s TURN server?
- It’s called a “shared secret” – just who is that secret being shared with, and who not?
- How is being decided which of the two TURN servers is being used?
I think I had a misunderstanding that Talk would federate if set up correctly. But it might not (right?). In which case, all users on a video session will use the same Nextcloud instance, which then uses the same TURN server with the same shared secret that is known because it is set once in the Nextcloud/Talk configuration. Is that right?
Honestly I am not sure if/how federation with Nextcloud Talk works. But if out does, only the authentication of the participating users against Nextcloud is of course against their own instance. The authentication against the TURN server is made by one of the Nextcloud instances against it’s configured one, most properly the instance of the user who initiated the call and invited the other user(s). Relay over two TURN severs is not possible, AFAIK, and would be an unnecessary traffic + delay, that would need fix/rework otherwise.
never tried with two nextcloud installations.
you can invite your own users into a call or create a public link. (like sharing documents.)
so user at example1 would send a link to user at example2. and they would do their call only on server example1. or?
(no access to turn server needed from example2.)