Unable to get video and audio using TURN server

ℹ️ Support 💬 Talk (spreed)
1

Hi everyone,

This week-end, I finally installed coturn on my private server so I could use Talk with my family.
I installed the backport since I am still using debian 8 (otherwise I wouls get coturn v4.2, I read it was advised to use version 4.5 and above).

Unfortunately, I could not get video and audio transmission through the TURN server (ssl or not) … only a black screen.

I am not sure where I should start looking, I already followed 3 or 4 tutorials going through the installation procedure, verified the TURN server. everything seems to be ok on that side …

Anybody could give clue to understand where the problem may come from ?

2

This is my current working configuration for Spreed and also Nextcloud Talk.

https://ict.milieudefensie.nl/2017/12/22/turn-server-configuration-for-spreed-webrtc/

I would also test different browsers, could be a issue with those.

3

Did you forward the turn server ports in the router to the turn server and opened them in the firewall?

4

Hi guys,

thanks for the replies.
here is the configuration I have:

listening-port=3478
tls-listening-port=5349
listening-ip=my.ip.adress
relay-ip=my.ip.adress
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=YoullNeverGuessThis
realm=my.awesome.domain.name
total-quota=100
stale-nonce
cert=/path/to/fullchain.pem
pkey=/path/to/privkey.pem
cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5"
no-loopback-peers
no-multicast-peers

The ports I specified are open (I doubled checked this 5 minutes ago)

5

Check this guide:
https://www.allerstorfer.at/install-spreed-video-calls-on-nextcloud/

6

One detail I forgot, I posted in the spreedme category, but I am using the Talk app, which is essentially the same from what I understood.

I’ll try another browser to see if something changes.

7

could you please take a look at your logs (via ssh) while trying to establish a connection?

in ubuntu its something like this:

tails -f /var/log/turn_2230_XXYYZZ.log

and tell us what you see there - or even better, make a screenshot or upload the obvious errors.

8

Here is the log of the call I just attempted. I’ve changed the ip and domain names to phoneIP, homeIP, serverIP and domain.tld

270: handle_udp_packet: New UDP endpoint: local addr serverIP:3478, remote addr phoneIP:12610
270: handle_udp_packet: New UDP endpoint: local addr serverIP:3478, remote addr phoneIP:12611
270: session 000000000000000001: realm <domain.tld> user <>: incoming packet BINDING processed, success
270: session 003000000000000001: realm <domain.tld> user <>: incoming packet BINDING processed, success
270: handle_udp_packet: New UDP endpoint: local addr serverIP:3478, remote addr phoneIP:12612
270: session 003000000000000002: realm <domain.tld> user <>: incoming packet BINDING processed, success
270: session 003000000000000002: realm <domain.tld> user <>: incoming packet message processed, error 401: Unauthorized
270: session 003000000000000001: realm <domain.tld> user <>: incoming packet message processed, error 401: Unauthorized
270: session 000000000000000001: realm <domain.tld> user <>: incoming packet message processed, error 401: Unauthorized
270: IPv4. tcp or tls connected to: phoneIP:60225
270: IPv4. tcp or tls connected to: phoneIP:60223
270: session 002000000000000001: realm <domain.tld> user <>: incoming packet message processed, error 401: Unauthorized
270: session 005000000000000001: realm <domain.tld> user <>: incoming packet message processed, error 401: Unauthorized
270: IPv4. Local relay addr: serverIP:49228
270: session 003000000000000002: new, realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>, lifetime=600
270: session 003000000000000002: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet ALLOCATE processed, success
270: IPv4. tcp or tls connected to: phoneIP:60224
270: session 004000000000000001: realm <domain.tld> user <>: incoming packet message processed, error 401: Unauthorized
270: IPv4. Local relay addr: serverIP:49216
270: session 003000000000000001: new, realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>, lifetime=600
270: session 003000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet ALLOCATE processed, success
270: IPv4. Local relay addr: serverIP:49219
270: session 000000000000000001: new, realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>, lifetime=600
270: session 000000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet ALLOCATE processed, success
270: IPv4. Local relay addr: serverIP:49201
270: session 005000000000000001: new, realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>, lifetime=600
270: session 005000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet ALLOCATE processed, success
270: IPv4. Local relay addr: serverIP:49247
270: session 002000000000000001: new, realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>, lifetime=600
270: session 002000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet ALLOCATE processed, success
270: IPv4. Local relay addr: serverIP:49221
270: session 004000000000000001: new, realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>, lifetime=600
270: session 004000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet ALLOCATE processed, success
272: handle_udp_packet: New UDP endpoint: local addr serverIP:3478, remote addr homeIP:55319
272: session 002000000000000002: realm <domain.tld> user <>: incoming packet BINDING processed, success
272: session 002000000000000002: realm <domain.tld> user <>: incoming packet message processed, error 401: Unauthorized
272: IPv4. tcp or tls connected to: homeIP:60352
272: session 003000000000000003: realm <domain.tld> user <>: incoming packet message processed, error 401: Unauthorized
272: IPv4. Local relay addr: serverIP:49248
272: session 002000000000000002: new, realm=<domain.tld>, username=<1539363949:Z0XceHqwtkk0vcve>, lifetime=600
272: session 002000000000000002: realm <domain.tld> user <1539363949:Z0XceHqwtkk0vcve>: incoming packet ALLOCATE processed, success
272: session 002000000000000002: peer serverIP lifetime updated: 300
272: session 002000000000000002: realm <domain.tld> user <1539363949:Z0XceHqwtkk0vcve>: incoming packet CREATE_PERMISSION processed, success
272: session 002000000000000002: peer 100.101.112.234 lifetime updated: 300
272: session 002000000000000002: realm <domain.tld> user <1539363949:Z0XceHqwtkk0vcve>: incoming packet CREATE_PERMISSION processed, success
272: session 002000000000000002: peer phoneIP lifetime updated: 300
272: session 002000000000000002: realm <domain.tld> user <1539363949:Z0XceHqwtkk0vcve>: incoming packet CREATE_PERMISSION processed, success
272: IPv4. Local relay addr: serverIP:49243
272: session 003000000000000003: new, realm=<domain.tld>, username=<1539363949:Z0XceHqwtkk0vcve>, lifetime=600
272: session 003000000000000003: realm <domain.tld> user <1539363949:Z0XceHqwtkk0vcve>: incoming packet ALLOCATE processed, success
272: session 003000000000000003: peer serverIP lifetime updated: 300
272: session 003000000000000003: realm <domain.tld> user <1539363949:Z0XceHqwtkk0vcve>: incoming packet CREATE_PERMISSION processed, success
272: session 003000000000000003: peer 100.101.112.234 lifetime updated: 300
272: session 003000000000000003: realm <domain.tld> user <1539363949:Z0XceHqwtkk0vcve>: incoming packet CREATE_PERMISSION processed, success
272: session 003000000000000003: peer phoneIP lifetime updated: 300
272: session 003000000000000003: realm <domain.tld> user <1539363949:Z0XceHqwtkk0vcve>: incoming packet CREATE_PERMISSION processed, success
273: session 003000000000000003: peer serverIP lifetime updated: 300
273: session 003000000000000003: realm <domain.tld> user <1539363949:Z0XceHqwtkk0vcve>: incoming packet CREATE_PERMISSION processed, success
273: session 002000000000000002: peer serverIP lifetime updated: 300
273: session 002000000000000002: realm <domain.tld> user <1539363949:Z0XceHqwtkk0vcve>: incoming packet CREATE_PERMISSION processed, success
273: session 004000000000000001: refreshed, realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>, lifetime=0
273: session 005000000000000001: refreshed, realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>, lifetime=0
273: session 005000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet REFRESH processed, success
273: session 000000000000000001: refreshed, realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>, lifetime=0
273: session 004000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet REFRESH processed, success
273: session 000000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet REFRESH processed, success
273: session 003000000000000001: refreshed, realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>, lifetime=0
273: session 003000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet REFRESH processed, success
273: session 004000000000000001: TCP socket closed remotely phoneIP:60224
273: session 005000000000000001: TCP socket closed remotely phoneIP:60223
273: session 004000000000000001: closed (2nd stage), user <1539363960:Wuz4gDykVjyNtXAQ> realm <domain.tld> origin <>, local serverIP:3478, remote phoneIP:60224, reason: TCP connection closed by client (callback)
273: session 005000000000000001: closed (2nd stage), user <1539363960:Wuz4gDykVjyNtXAQ> realm <domain.tld> origin <>, local serverIP:3478, remote phoneIP:60223, reason: TCP connection closed by client (callback)
273: session 004000000000000001: delete: realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>
273: session 005000000000000001: delete: realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>
273: session 002000000000000001: peer 192.168.0.84 lifetime updated: 300
273: session 002000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet CREATE_PERMISSION processed, success
273: session 002000000000000001: peer homeIP lifetime updated: 300
273: session 002000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet CREATE_PERMISSION processed, success
273: session 003000000000000002: peer 192.168.0.84 lifetime updated: 300
273: session 002000000000000001: peer serverIP lifetime updated: 300
273: session 003000000000000002: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet CREATE_PERMISSION processed, success
273: session 002000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet CREATE_PERMISSION processed, success
273: session 003000000000000002: peer homeIP lifetime updated: 300
273: session 003000000000000002: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet CREATE_PERMISSION processed, success
273: session 003000000000000002: peer serverIP lifetime updated: 300
273: session 003000000000000002: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet CREATE_PERMISSION processed, success
273: session 003000000000000002: peer serverIP lifetime updated: 300
273: session 003000000000000002: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet CREATE_PERMISSION processed, success
273: session 002000000000000001: peer serverIP lifetime updated: 300
273: session 002000000000000001: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet CREATE_PERMISSION processed, success
274: session 002000000000000002: closed (2nd stage), user <1539363949:Z0XceHqwtkk0vcve> realm <domain.tld> origin <>, local serverIP:3478, remote homeIP:55319, reason: general
274: session 002000000000000002: delete: realm=<domain.tld>, username=<1539363949:Z0XceHqwtkk0vcve>
274: session 002000000000000002: peer phoneIP deleted
274: session 002000000000000002: peer serverIP deleted
274: session 002000000000000002: peer 100.101.112.234 deleted
274: handle_udp_packet: New UDP endpoint: local addr serverIP:3478, remote addr homeIP:55319
274: session 003000000000000003: closed (2nd stage), user <1539363949:Z0XceHqwtkk0vcve> realm <domain.tld> origin <>, local serverIP:3478, remote homeIP:60352, reason: general
274: session 003000000000000003: delete: realm=<domain.tld>, username=<1539363949:Z0XceHqwtkk0vcve>
274: session 003000000000000003: peer phoneIP deleted
274: session 003000000000000003: peer serverIP deleted
274: session 003000000000000003: peer 100.101.112.234 deleted
274: session 002000000000000001: closed (2nd stage), user <1539363960:Wuz4gDykVjyNtXAQ> realm <domain.tld> origin <>, local serverIP:3478, remote phoneIP:60225, reason: general
274: session 002000000000000001: delete: realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>
274: session 002000000000000001: peer homeIP deleted
274: session 002000000000000001: peer serverIP deleted
274: session 002000000000000001: peer 192.168.0.84 deleted
274: session 003000000000000002: closed (2nd stage), user <1539363960:Wuz4gDykVjyNtXAQ> realm <domain.tld> origin <>, local serverIP:3478, remote phoneIP:12612, reason: general
274: session 003000000000000002: delete: realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>
274: session 003000000000000002: peer homeIP deleted
274: session 003000000000000002: peer serverIP deleted
274: session 003000000000000002: peer 192.168.0.84 deleted
274: handle_udp_packet: New UDP endpoint: local addr serverIP:3478, remote addr phoneIP:12612
274: session 003000000000000001: closed (2nd stage), user <1539363960:Wuz4gDykVjyNtXAQ> realm <domain.tld> origin <>, local serverIP:3478, remote phoneIP:12611, reason: allocation timeout
274: session 003000000000000001: delete: realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>
274: session 000000000000000001: closed (2nd stage), user <1539363960:Wuz4gDykVjyNtXAQ> realm <domain.tld> origin <>, local serverIP:3478, remote phoneIP:12610, reason: allocation timeout
274: session 000000000000000001: delete: realm=<domain.tld>, username=<1539363960:Wuz4gDykVjyNtXAQ>
280: session 003000000000000004: realm <domain.tld> user <>: incoming packet BINDING processed, success
282: session 002000000000000003: realm <domain.tld> user <>: incoming packet BINDING processed, success
290: session 003000000000000004: realm <domain.tld> user <>: incoming packet BINDING processed, success
292: session 002000000000000003: realm <domain.tld> user <>: incoming packet BINDING processed, success
300: session 003000000000000004: realm <domain.tld> user <>: incoming packet BINDING processed, success
302: session 002000000000000003: realm <domain.tld> user <>: incoming packet BINDING processed, success
304: session 002000000000000003: realm <domain.tld> user <1539363949:Z0XceHqwtkk0vcve>: incoming packet message processed, error 438: Wrong nonce
306: session 003000000000000004: realm <domain.tld> user <1539363960:Wuz4gDykVjyNtXAQ>: incoming packet message processed, error 438: Wrong nonce
334: session 002000000000000003: closed (2nd stage), user <1539363949:Z0XceHqwtkk0vcve> realm <domain.tld> origin <>, local serverIP:3478, remote homeIP:55319, reason: allocation watchdog determined stale session state
334: session 003000000000000004: closed (2nd stage), user <1539363960:Wuz4gDykVjyNtXAQ> realm <domain.tld> origin <>, local serverIP:3478, remote phoneIP:12612, reason: allocation watchdog determined stale session state

I also verified that I opened the udp ports for media relay but that did not do the trick…

Can you raed these log lines ?

9

For comparison please also check: HowTo: Setup Nextcloud Talk with TURN server

  • I collected and verified info from many other guides there, so it should be quite complete.

Btw: Avoid the guide linked by @Sanook (sorry, don’t take it personal :sweat_smile:), as it totally mixes up install of Spreed.ME (dedicated spreed-webrtc server) and Nextcloud Talk/speed app, which is two different things and you need just either the one or the other. Nextcloud Talk does not need some external WebRTC server!

€: Can you try to remove:

listening-ip=my.ip.adress
relay-ip=my.ip.adress

from your config. This works only, if your TURN server is not behind a NAT (directly connected to net) with static IP. Check: https://github.com/spreedbox/spreedbox/wiki/Use-TURN-server#run-turn-server-on-spreedbox-behind-nat

10

@MichaIng I already found your summary, followed all of it, but still, I seem to be missing a step .

I’ve commented the listening and relay ip in the settings, with no luck. The server is directly exposed to the internet with a static ip.

Initially I had forgotten to open the udp ports for media relaying. I opened them earlier tonight, but still without luck …

12

I suspect the last answer to be some scam / phishing site (at least, the url looks seriously fishy for something pretending to be the microsoft support, and is totally unrelated to the topic). Is it possible to report users/posts on discourse ?

13

@Zibc https://help.nextcloud.com/about
https://help.nextcloud.com/guidelines “Flag it”

@JasonBayton could you help?

14

For information, here are my iptables rules:

iptables -A INPUT -p udp --match multiport --dports 49200:49250 -j ACCEPT
iptables -A OUTPUT -p udp --match multiport --dports 49200:49250 -j ACCEPT

And I’ve set the ports accordingly in the server config.
After doing this, still can’t get video+sound from mobile network to home network.

I tried the Talk app with a relative of mine, different ISP, and it works fine, bu I have a feeling that it was using stun (at least from the webrtc info of firefox), although I find this suspicious

Any other idea ?

15

Dude, did you properly set your “REALM”?

what ive seen in your error is:
270: session 003000000000000002: new, realm=&lt;domain.tld

16

Hi “dude”,

I’ve sanitised the log file, the realm in my control file is correct (checked to be sure :slight_smile: )

17

lol

well, I call you a dude, because of reasons :wink:

did you check what the following site responded you? (change pw and user for ‘reasons’): https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/

and about the ports: Im not sure, but as far as I remember both TCP and UDP are necessary.

oh and, did you check the rights (x) on your certs/keys?

18

Hello,

did you get any success ? I’ve the same issue in the logfile.
My Nextcloud/Coturn failed after an update at some point :confused:

Even when I test with the Nextcloud interface, Coturn log give error :

8: session 001000000000000001: new, realm=<.duckdns.org>, username=<1551547403:turn-test-user>, lifetime=3600
8: session 001000000000000001: realm <duckdns.org> user <1551547403:turn-test-user>: incoming packet ALLOCATE processed, success
8: session 000000000000000003: realm <duckdns.org> user <>: incoming packet message processed, error 401: Unauthorized
8: IPv4. Local relay addr: 192.168.1.100:54825

While the check mark appears meaning config Ok, but i think this check is for the credencial only…

19

Hi,

Unfortunately no, still no success so I kind of have given up on it.
I also get the success on config check, but then, nothing when I try to place a call…

And from what I understood, the 401 errors you are seeing in the beginning of the TURN communication are normal.

But, if you find out how to fix the situation, I am very happy to hear about it!

21

What is the value of relay-ip and listening-ip? Is this behind NAT? If so for example you use azure you should also define external-ip with the value of your external ip and relay-ip with the local ip .
Also you don`t need to use both listening port and tls-listening port. Just choose one and comment out the other. If you use firefox use the about:webrtc page to debug the configuration. If you use chrome go to chrome://webrtc-internals/ page .

22

Hi

Just too make sure, can you confirm I get this right? I am setting up a turn server myself too. It is behind nat and I will port forward.

listening-ip=?

relay-ip=MY LOCAL IP
external-ip=MY EXT IP

Also how do I define so that Coturn uses LE certs for the domain? What port? I cant use 443 because it is already parked for Apache.