Calls in Matrix/Element
-
Yeah, these things are really hard to debug. I will invest some time next week to help people debug their setups and document it. It's not directly cloudron related but I think it will help everyone.
-
@girish There was a Cloudflare Proxy thing causing that weird "filtered" thing. Even with that disabled though and the nmap output being "open" it still doesn't work. I use the cloudflare proxy just because I don't want my IP to be exposed like it is without it.
-
@ericdrgn I think TURN behind cloudflare will never work because cloudflare can only proxy http traffic. Even with cloudflare disabled, I think the webrtc protocol requires the turn server to be publicly reachable for parties to connect reliably (after all, the main reason it exists is to act as a public tunnel for hosts behind NAT).
-
-
@girish With that though... Forgive me if I am thinking too simply here (I recognize I am barely scratching the surface of this networking stuff with my knowledge) if I had a VPN setup on my cloudron would users connecting to that be able to make calls to eachother when on the VPN?
-
So I mean, technically Cloudflare can proxy nearly any type of traffic. The amount they will be billing you for that service, however, does tend to mean it won't be in play for most users here. Spectrum on the cheaper plans is limited to proxying SSH on port 22 or Minecraft on port 25565 to a backend IP. RDP is an option on the higher plan, but to even access anything custom/general you've got to be an enterprise customer and going through their sales team. There are also user and bandwidth limits. Full details on https://support.cloudflare.com/hc/en-us/articles/360041721872 but suffice it to say that's likely all cost-prohibitive. VPNs might be able to do some of the things you're talking about, but there's then the problem of these extra networking configurations on your Cloudron box and/or fiddling with the docker networking directly, and you've got a recipe for disaster on your hands. It's going to be easier and cheaper to either use a completely separate TURN server or just leave that record non-proxying. If you can attach an additional IP that is more easily changed for that entry, like another floating IP from your hosting provider, you might have a halfway decent workaround.
-
Ah I think this is what I am experiencing. Yeah same issue where my TURN server throws permission errors (401s and 403s) when I connect to people outside my network. Note that my server is on the same network as my computer I am using to initiate calls.
Basically anything that uses the TURN addon for me is unusable for me and its quite frustrating. I am trying to provide conference calling for clients of mine and I have been unable to deliver thus far.
-
@atrilahiji @ericdrgn I started working on this yesterday and have similar questions.
In my case I just opened 3478 TCP & UDP on inbound traffic (on a VPC in AWS) and two users on the Cloudron could then make video calls - on Nextcloud Talk and Kopano Meet.
Monitoring the STUN/TURN logs going via the Services page, I could see a few 401s thrown before connection, but I'm not sure how to read what is happenining at this stage.
Do I need to open up 5349, as well, as indicated in the post above?