Do I need a STUN server if I have p2p: { enabled: false } in /etc/jitsi/meet/*-config.js ? Security aspects?

The title more or less says it. I have the turn STUN server running and am experiencing strange network traffic. Not understanding STUN, I was thinking perhaps that server is being used by others than my users. So:

  1. Do I need STUN at all when I have disabled p2p / peer-to-peer connections anyway?

  2. When the turn STUN server is running, can I limit its use to users of my Jitsi Meet server?

I suppose if I do not need it (reply[1]==false) the second question becomes less relevant. However, if someone could answer that it would also be good for completeness and when I need it in the future.

If you are talking about coturn, it is not only a STUN server, it is also a TURNS server which is used when a client cannot connect to JVB directly.

OK, thanks for the clarification. So, does that mean I need it? Can I find out if anyone used it in the past days for my JM meetings?

Also, if you have a hint for question 2 please let me know.

The TURNS service has a secret key which is shared only with your meeting participants.

OK, thanks. Can you confirm that I do not need the STUN functionality when disabling P2P? That was not 100% clear to me.

Can coturn be configured to disable STUN and just leave the TURNS functionality? Perhaps even block the STUN incoming TCP/UDP port if TURNS uses a different one?

Which ports do they use by default?

You can stop your STUN service but JVB needs a STUN service which is meet-jit-si-turnrelay.jitsi.net by default. So stopping your own coturn doesn’t affect your system.

TCP/5349

Thanks. What is STUN used for without P2P please?

Do STUN and TURNS functionalities use the same port TCP/5349?