Firefox: coTURN/ICE: error 401 (but working in Chrome)

Hey :slight_smile:

We use coturn with default setup from jitsi. However, when Port UDP/10000 is blocked, Chrome is working anyway (I assume its using coturn). But Firefox stops working.

To make it short: Firefox tries to contact the coturn but fails with 401 response, while Chrome can connect. Where to start searching?

Coturn:

# jitsi-meet coturn config. Do not modify this line
use-auth-secret
keep-address-family
static-auth-secret=secret
realm=meeting.host.tld
cert=/etc/ssl/meeting.host.tld.crt
pkey=/etc/ssl/meeting.host.tld.key

no-tcp
listening-port=4446
tls-listening-port=4445
external-ip=<external-ip>

syslog

Firefox related lines:

(generic/INFO) Write buffer not empty for IP4:192.168.205.19:443/TCP 44 - already armed (@00000213A09931F4), not connected

(generic/INFO) Invoking writable_cb on connected (44)

(generic/INFO) Writable_cb IP4:192.168.205.19:443/TCP (0 (00000213A09931F4) pending)

(stun/INFO) STUN-CLIENT(relay(IP4:172.31.30.115:0/TLS|meeting.julius-kuehn.de:443)::TURN): Received response; processing

(stun/WARNING) STUN-CLIENT(relay(IP4:172.31.30.115:0/TLS|meeting.julius-kuehn.de:443)::TURN): nr_stun_process_error_response failed

(stun/WARNING) STUN-CLIENT(relay(IP4:172.31.30.115:0/TLS|meeting.julius-kuehn.de:443)::TURN): Error processing response: Retry may be possible, stun error code 401.

(stun/INFO) STUN-CLIENT(relay(IP4:172.31.30.115:0/TLS|meeting.julius-kuehn.de:443)::TURN): Received response; processing

(stun/WARNING) STUN-CLIENT(relay(IP4:172.31.30.115:0/TLS|meeting.julius-kuehn.de:443)::TURN): XOR-MAPPED-ADDRESS is bogus

(stun/WARNING) STUN-CLIENT(relay(IP4:172.31.30.115:0/TLS|meeting.julius-kuehn.de:443)::TURN): Error processing response: Invalid data, stun error code 0.

Why 401 ? Why XOR-MAPPED-ADDRESS is bogus ?

Many thanks and regards!

coturn log when connecting from Firefox:

May 13 08:05:42 qb-conf-01v turnserver: 780064: IPv4. tcp or tls connected to: 127.0.0.1:60818
May 13 08:05:42 qb-conf-01v turnserver: 780064: session 002000000000000105: realm <meeting.julius-kuehn.de> user <>: incoming packet message processed, error 401: Unauthorized
May 13 08:05:42 qb-conf-01v turnserver: 780064: IPv4. Local relay addr: 127.0.0.1:61818
May 13 08:05:42 qb-conf-01v turnserver: 780064: session 002000000000000105: new, realm=<meeting.julius-kuehn.de>, username=<1589436341>, lifetime=3600, cipher=TLS_AES_256_GCM_SHA384, method=UNKNOWN
May 13 08:05:42 qb-conf-01v turnserver: 780064: session 002000000000000105: realm <meeting.julius-kuehn.de> user <1589436341>: incoming packet ALLOCATE processed, success