Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Where is the coturn config located?

    Support
    4
    13
    52
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • robi
      robi @atrilahiji last edited by

      @atrilahiji we can't guess as to what app, network config and where clients are coming from.. or logs with errors.

      atrilahiji 1 Reply Last reply Reply Quote 0
      • atrilahiji
        atrilahiji App Dev @robi last edited by atrilahiji

        @robi This is the error I'm running into: 0c0117f4-1720-41ed-b232-4243e30e4de0-image.png

        For reference, this is the internal IP of my cloudron server. I tried calling my brother in another city using my phone (the iOS nextcloud talk app) on LTE

        robi 1 Reply Last reply Reply Quote 0
        • robi
          robi @atrilahiji last edited by

          @atrilahiji that looks like an error in NC Talk.

          I have a Cloudron with a similar setup and once the v6 upgrade happened our NC:T went down. We just needed the new ports added to the router for STUN & TURN.

          atrilahiji 1 Reply Last reply Reply Quote 1
          • atrilahiji
            atrilahiji App Dev @robi last edited by

            @robi Those logs are for the TURN service in the services page on my cloudron btw. So I get the exact same thing when I try a video chat with Kopano Meet. These are my forwaded ports for the same IP that is apparently being blocked:

            3478,3479,5349,5350,49152:65535/tcp
            3478,3479,5349,5350,49152:65535/udp

            robi 1 Reply Last reply Reply Quote 0
            • robi
              robi @atrilahiji last edited by

              @atrilahiji I see..
              can you find the process and trace it to a container?

              I have to run atm, but would dig into the CL TURN docs and see how or why they restrict the private networks if that's where it's blocked.

              1 Reply Last reply Reply Quote 1
              • atrilahiji
                atrilahiji App Dev last edited by

                The documentation seems quite lacking in this regard. Perhaps @girish or @nebulon have more info on this? Meanwhile I'll see if I can figure something out combing through the cloudron/box repo

                nebulon 1 Reply Last reply Reply Quote 0
                • nebulon
                  nebulon Staff @atrilahiji last edited by

                  @atrilahiji So the turn addon is configured as per https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf to have the following ports:

                  listening-port=3478
                  tls-listening-port=5349
                  min-port=50000
                  max-port=51000
                  

                  We have also included a section for preventing some attack, which I think is what you may hit?

                  # https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
                  no-multicast-peers
                  denied-peer-ip=0.0.0.0-0.255.255.255
                  denied-peer-ip=10.0.0.0-10.255.255.255
                  denied-peer-ip=100.64.0.0-100.127.255.255
                  denied-peer-ip=127.0.0.0-127.255.255.255
                  denied-peer-ip=169.254.0.0-169.254.255.255
                  denied-peer-ip=127.0.0.0-127.255.255.255
                  denied-peer-ip=172.16.0.0-172.31.255.255
                  denied-peer-ip=192.0.0.0-192.0.0.255
                  denied-peer-ip=192.0.2.0-192.0.2.255
                  denied-peer-ip=192.88.99.0-192.88.99.255
                  denied-peer-ip=192.168.0.0-192.168.255.255
                  denied-peer-ip=198.18.0.0-198.19.255.255
                  denied-peer-ip=198.51.100.0-198.51.100.255
                  denied-peer-ip=203.0.113.0-203.0.113.255
                  denied-peer-ip=240.0.0.0-255.255.255.255
                  

                  Those IPs are anyways no public IPs and thus would not help you to achieve connectivity through it as far as I understand.

                  atrilahiji 1 Reply Last reply Reply Quote 0
                  • atrilahiji
                    atrilahiji App Dev @nebulon last edited by

                    @nebulon I didn’t see those lines in /etc/turn server.conf. Is this configured per app or is there a config file somewhere else I’m missing?

                    girish 1 Reply Last reply Reply Quote 0
                    • girish
                      girish Staff @atrilahiji last edited by

                      @atrilahiji The config is in /run/turnserver/turnserver.conf inside the container

                      atrilahiji 1 Reply Last reply Reply Quote 1
                      • atrilahiji
                        atrilahiji App Dev @girish last edited by

                        @girish perfect, thanks! I’ll play around in there and see if I can get this sorted.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post