Conferences not working through Turn Servers

Hi All,

I am running a self hosted jitsi with latest version and everything is working fine.
Problem is that when i block all the udp ports from my firewall (as a client) and start the conference, there is an error present in the console output stating [Bridge Channel send: no opened channel].

I have tried all the solutions stated in the community but unfortunately end up with same issue.

my configs are:-

turnserver.conf

`# jitsi-meet coturn config. Do not modify this line
use-auth-secret
keep-address-family
static-auth-secret=XXXXXXXXXX
realm=turn-xyzcom
server-name=turn-xyzcom
cert=/etc/ssl/xyz.pem
pkey=/etc/ssl/xyz.key
no-multicast-peers
no-cli
no-loopback-peers
no-tcp-relay
no-tcp
listening-port=443
tls-listening-port=5349
listening-ip=0.0.0.0
min-port=10000
max-port=20000
external-ip=X
no-tlsv1
no-tlsv1_1
log-file=/var/log/turnserver.log
verbose

denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
syslog`

nginx modules enables stream

`
load_module modules/ngx_stream_module.so;
stream {
map $ssl_preread_server_name $name {
xyzcom web_backend;
turn-xyzcom turn_backend;
}

upstream web_backend {
    server 127.0.0.1:4444;
}

upstream turn_backend {
    server xyz:5349;
}

server {
    listen 443;
    listen [::]:443;

    # since 1.11.5
    ssl_preread on;

    proxy_pass $name;

    # Increase buffer to serve video
    proxy_buffer_size 10m;
}

}
`

prosody conf.avail xyz.cfg.lua

`
turncredentials_secret = “XXXXX”;

turncredentials_ttl = 86400;

turncredentials_port = 443;
turncredentials = {
{ type = “stun”, host = “turn-xyzcom” },
{ type = “turn”, host = “turn-xyzcom”, port = “443”},-- transport = “udp” },
{ type = “turns”, host = “turn-xyzcom”, port = “443”, transport = “tcp” }
};
`

1 Like

@damencho Can you please help here. I am getting the same issue. Have followed multiple forum questions and posts and jitsi handbook for the same. Somehow, the issue still persists.

1 Like

Are you blocking all 10000 access, coturn may require this port in order to connect to jvb. It can connect from internal address to the public address on port 10000 to communicate with jvb.
Another option is to allow communicating on the internal network between coturn and jvb by deleting the appropriate denied-peer-ip or add allowed-peer-ip=your-jvb-private-ip-here.

1 Like

Thanks @damencho , it worked for me , i havent allowed the jvb private IP earlier in coturn.

working fine after removing my private subnet ip range having jvb from the ‘denied-peer-ip’ attribuye in coturn