Hi, I wonder what TURN servers are tested with Nextcloud Talk. I’ve found connecting to calls pretty unreliable, so I’d like to see if it improves with a TURN server set up. I’ve tried reSIProcate reTurnServer, but authentication fails. I suppose it’s because reTurnServer requires a user while TURN server settings in Talk only allows you to configure a preshared key/password, no user account.
Maybe you have a better experience with Coturn. It works so far but YMMV.
I have a similar challenge with the talk app for external connection (NAted NC instance). My attempt to install and configure Coturn failed, because appearantly you need to use the coturn parameter lt-cred-mech (long term credentials) set in /etc/turnserver.conf , which itself needs user and password to be set.
I simply cannot find where to set these credentials in the ./app/spreed/ for the Talk app itself.
Help - I was never able to use Spreed, Talk, Calls and all outside my internal network. Trying for the last 2 years or so…
Maybe this helps:
Check in ‘/etc/default/coturn’ if its enabled
Create Auth-Secret for static-auth-secret
openssl rand -hex 32
Enable/modify following entries in ‘/etc/turnserver.conf’
Login to Nextcloud as admin, go to Talk and enter your turn server:
your.domain.com:5349 your-auth-secret TCP only
Forward port 3478 and 5349 to your TURN server
Thats how i’am running coturn on a PI for testing purposes.
Works great so far.
I tried to use/remove the non tls listening port, but got problems during calls, so I keep it in the configuration.
Thanks for the summary @Timelord. Almost everything the same here, but only almost
So you didn’t have to configure the app itself with user/pw, only static-auth-secret was enough?
@Timelord - erm… it works now
I guess the relevant parameters were:
- lt-cred-mech (no user/pw needed, static-auth-secret is enough)
- fingerprint (maybe this really is mandatory)
Exactly It’s just for testing like mentioned before.
What would be a permanent solution?
Depends on the amount of users and your security needs.
To use it in production I suggest to run it on a seperate machine/instance, force security like user auth, strict encryption etc.
If you are running it for private use together with Nextcloud on the same machine, my config is good/secure enough to use it permanently.
I’ve never gotten NC Talk running properly outside of my LAN.before.
And all running on a little RP3…
thx for your description. Can you please help me with the last step “Forward port 3478 and 5349 to your TURN server”? I don’t know how to do this.
Thx a lot
Ok. Now I understand. Port forwarding is only necessary in a local network?!? I’ve hosted a server with public IP address and running nextcloud and the Turnserver on it. But nevertheless Talk does not work with two users in different networks. I’ve tried so many things… Can anyone give me one more hint please?
For testing purposes of STUN/TURN there’s https://blues.viagenie.ca , they even support IPv6
Create an account and put those credentials in Talk admin config, that’s it…
Hi where exactly is the Talk admin file located, I’ve edited what I believe to be the correct file yet I still cannot get Talk to function.
YES! Now it works! After reading this Bugreport: https://github.com/nextcloud/spreed/issues/681
I understood what to do: you have to enter the Turnserver in this way: your.domain.com:5349 (Just like Timelord wrote…) The misleading information is in the input field of the Talk configuration: Instead of your.domain.com:5349 there is https://your.domain.com:5349
Glad you got it working!
Small update to this, according to the coturn developer, you can’t use these two mechanisms at the same time in the configuration. I’m using just lt-cred-mech and it works fine with Nextcloud.
I’m trying to use Nextcloud with coturn for month with no success (https://help.nextcloud.com/t/problem-configuring-talk-and-turn/34833)
I’m happy to see that someone really succeeded, would it be possible to have your configuration file ?