TURN server for Nextcloud Talk

Hi, I wonder what TURN servers are tested with Nextcloud Talk. I’ve found connecting to calls pretty unreliable, so I’d like to see if it improves with a TURN server set up. I’ve tried reSIProcate reTurnServer, but authentication fails. I suppose it’s because reTurnServer requires a user while TURN server settings in Talk only allows you to configure a preshared key/password, no user account.

1 Like

Maybe you have a better experience with Coturn. It works so far but YMMV.

I have a similar challenge with the talk app for external connection (NAted NC instance). My attempt to install and configure Coturn failed, because appearantly you need to use the coturn parameter lt-cred-mech (long term credentials) set in /etc/turnserver.conf , which itself needs user and password to be set.

I simply cannot find where to set these credentials in the ./app/spreed/ for the Talk app itself.

Help - I was never able to use Spreed, Talk, Calls and all outside my internal network. Trying for the last 2 years or so…

Thanks

Maybe this helps:

Install coturn
Check in ‘/etc/default/coturn’ if its enabled
TURNSERVER_ENABLED=1
Create Auth-Secret for static-auth-secret
openssl rand -hex 32
Enable/modify following entries in ‘/etc/turnserver.conf’

listening-port=3478
tls-listening-port=5349
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=your-auth-secret
realm=your.domain.com
total-quota=100
stale-nonce=600
cert=/etc/ssl/certs/your-ssl-certificate.pem
pkey=/etc/ssl/private/your-ssl-certificate.key
cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"
simple-log
no-stun
no-loopback-peers
no-multicast-peers

Login to Nextcloud as admin, go to Talk and enter your turn server:
your.domain.com:5349 your-auth-secret TCP only
reboot
Forward port 3478 and 5349 to your TURN server

Thats how i’am running coturn on a PI for testing purposes.
Works great so far.
I tried to use/remove the non tls listening port, but got problems during calls, so I keep it in the configuration.

1 Like

Thanks for the summary @Timelord. Almost everything the same here, but only almost :slight_smile:

So you didn’t have to configure the app itself with user/pw, only static-auth-secret was enough?

@Timelord - erm… it works now :slight_smile:

I guess the relevant parameters were:

  • lt-cred-mech (no user/pw needed, static-auth-secret is enough)
  • fingerprint (maybe this really is mandatory)

Thanks

Exactly :slight_smile: It’s just for testing like mentioned before.

What would be a permanent solution?

Depends on the amount of users and your security needs.
To use it in production I suggest to run it on a seperate machine/instance, force security like user auth, strict encryption etc.
If you are running it for private use together with Nextcloud on the same machine, my config is good/secure enough to use it permanently.

Thanks!
I’ve never gotten NC Talk running properly outside of my LAN.before.
And all running on a little RP3…
Awesome,

1 Like

Hi @Timelord,

thx for your description. Can you please help me with the last step “Forward port 3478 and 5349 to your TURN server”? I don’t know how to do this.

Thx a lot
Sebastian

Try this HowTo: https://www.howtogeek.com/66214/how-to-forward-ports-on-your-router/

Ok. Now I understand. Port forwarding is only necessary in a local network?!? I’ve hosted a server with public IP address and running nextcloud and the Turnserver on it. But nevertheless Talk does not work with two users in different networks. I’ve tried so many things… Can anyone give me one more hint please?

For testing purposes of STUN/TURN there’s https://blues.viagenie.ca , they even support IPv6
Create an account and put those credentials in Talk admin config, that’s it…

Hi where exactly is the Talk admin file located, I’ve edited what I believe to be the correct file yet I still cannot get Talk to function.

Thanks

YES! Now it works! After reading this Bugreport: https://github.com/nextcloud/spreed/issues/681
I understood what to do: you have to enter the Turnserver in this way: your.domain.com:5349 (Just like Timelord wrote…) The misleading information is in the input field of the Talk configuration: Instead of your.domain.com:5349 there is https://your.domain.com:5349

1 Like

Glad you got it working!

Small update to this, according to the coturn developer, you can’t use these two mechanisms at the same time in the configuration. I’m using just lt-cred-mech and it works fine with Nextcloud.

1 Like

Hello,
I’m trying to use Nextcloud with coturn for month with no success (https://help.nextcloud.com/t/problem-configuring-talk-and-turn/34833)
I’m happy to see that someone really succeeded, would it be possible to have your configuration file ?

@Jerome
Please try: HowTo: Setup Nextcloud Talk with TURN server