Where is the coturn config located?
I am trying to resolve my issues with the TURN server not working (across multiple apps) for me. It seems I just get errors saying local ports are blocked. I have port forwarded.
Where would I find the coturn config for Cloudron? the one I found in /etc/ seems to have everything commented out.
@atrilahiji that just means it's using defaults, no?
otherwise it's in a container?
When I had TURN issues it was not with Cloudron, but with router or App. And since Apps are managed config, they should be good.
@robi Huh... my issue seems to be happening regardless of what I do in terms of my port forwarding and the app I use
@atrilahiji we can't guess as to what app, network config and where clients are coming from.. or logs with errors.
@robi This is the error I'm running into:
For reference, this is the internal IP of my cloudron server. I tried calling my brother in another city using my phone (the iOS nextcloud talk app) on LTE
@atrilahiji that looks like an error in NC Talk.
I have a Cloudron with a similar setup and once the v6 upgrade happened our NC:T went down. We just needed the new ports added to the router for STUN & TURN.
@robi Those logs are for the TURN service in the services page on my cloudron btw. So I get the exact same thing when I try a video chat with Kopano Meet. These are my forwaded ports for the same IP that is apparently being blocked:
@atrilahiji I see..
can you find the process and trace it to a container?
I have to run atm, but would dig into the CL TURN docs and see how or why they restrict the private networks if that's where it's blocked.
@atrilahiji So the turn addon is configured as per https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf to have the following ports:
listening-port=3478 tls-listening-port=5349 min-port=50000 max-port=51000
We have also included a section for preventing some attack, which I think is what you may hit?
# https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/ no-multicast-peers denied-peer-ip=0.0.0.0-0.255.255.255 denied-peer-ip=10.0.0.0-10.255.255.255 denied-peer-ip=100.64.0.0-100.127.255.255 denied-peer-ip=127.0.0.0-127.255.255.255 denied-peer-ip=169.254.0.0-169.254.255.255 denied-peer-ip=127.0.0.0-127.255.255.255 denied-peer-ip=172.16.0.0-172.31.255.255 denied-peer-ip=192.0.0.0-188.8.131.52 denied-peer-ip=192.0.2.0-192.0.2.255 denied-peer-ip=184.108.40.206-220.127.116.11 denied-peer-ip=192.168.0.0-192.168.255.255 denied-peer-ip=198.18.0.0-198.19.255.255 denied-peer-ip=198.51.100.0-198.51.100.255 denied-peer-ip=203.0.113.0-203.0.113.255 denied-peer-ip=240.0.0.0-255.255.255.255
Those IPs are anyways no public IPs and thus would not help you to achieve connectivity through it as far as I understand.
@nebulon I didn’t see those lines in /etc/turn server.conf. Is this configured per app or is there a config file somewhere else I’m missing?
@atrilahiji The config is in
/run/turnserver/turnserver.confinside the container
@girish perfect, thanks! I’ll play around in there and see if I can get this sorted.