Am i doing the right (safe) thing here?........

DanTheMan

Dear Cloudron team and forum members,

Because I host my Cloudron at home, i depend on my Internet Service Provider (ISP) and their decisions regarding opening ports to the Internet.
Now unfortunately they have blocked turn/stun ports 3478 and 5349 TCP/UDP to the internet.

No problem i thought, because I still have another Cloudron instance installed on Hetzner, wich i can (maybe) use for my turn server at home.

Now comes my BIG QUESTION...
I transferred (copied) the turn settings included the "turn_shared_secret" from the Cloudron instance installed on Hetzner, to my own self-hosted instance of Cloudron at home.
So that way my Matrix synapse installation at home is now using an external Turn server, my Cloudron instance on Hetzner.

I copied these settings into the turn settings of Matrix synapse (homeserver.yml) and everything (calls and videocalls) seem to work perfectly again, maybe even better than before.

I do see some weird complaining logs about credentials, in the turn logs on Hetzner instance ....

Like i said, video calls and normal calls through Matrix synapse are working prefectly.
However, it does worry me whether this is the correct and safe way to do it?

DanTheMan

Getting back to the strange authentication logs I saw in turn at the cloudron instance on Hetzner.
They disappeared after I added the following to the config of my matrix installation at home...

"turn_user_lifetime: 2h"

Video calling and voice calling still work great and I have had no problems with them in the meantime.
Now my only question remains, is this a correct and safe way?

nebulon

This should be fine. The secret may change in the future, if so you of course have to reset it on the matrix side.
Not sure what that stun_auth error was, maybe some other client trying to use it.