Maybe I should have clarified at the end of my last post, but it was all working with the configuration I described 
O[quote=“damencho, post:19, topic:73443”]
I think this is not correct, as contacting the turnserver using localhost confuses it or the deny peer was playing a role, not sure where was the problem … but🐼 there is a reason to communicate using the public address.
[/quote]
OK, I have changed this to be server __PUBLIC_IP__:5349
. It’s all still fine.
In that case I don’t know what value I should have for STUN_MAPPING_HARVESTER_ADDRESSES? I can’t seem to find a good explainer for it. It was previously set to meet-jit-si-turnrelay.jitsi.net:443
so I thought changing it to my new turn server address turn-myjitsidomain:443
was a good fit.
OK, I’ve now enabled UDP:10000 in the security group and instead I’ve blocked communication to that port from my machine using the windows firewall. I still have problems if I uncomment that line; i.e. if I deny access to that 172.16.0.0/12 range, but it works otherwise.
Here’s the coturn log with censored values, demonstrating the error I get if access to 172.16.0.0/12 is denied:
Nov 03 13:28:12 ip-172-31-19-74 turnserver[24060]: 1302: session 006000000000000019: delete: realm=<turn-myjitsidomain.com>, username=<1604496407>
Nov 03 13:28:13 ip-172-31-19-74 turnserver[24060]: 1303: IPv4. tcp or tls connected to: __PUBLIC_IP__:46338
Nov 03 13:28:13 ip-172-31-19-74 turnserver[24060]: 1303: session 003000000000000023: realm <turn-myjitsidomain.com> user <>: incoming packet message processed, error 401: Unauthorized
Nov 03 13:28:14 ip-172-31-19-74 turnserver[24060]: 1304: IPv4. Local relay addr: 172.31.19.74:62947
Nov 03 13:28:14 ip-172-31-19-74 turnserver[24060]: 1304: session 003000000000000023: new, realm=<turn-myjitsidomain.com>, username=<1604496395>, lifetime=600, cipher=TLS_AES_256_GCM_SHA384, method=UNKNOWN
Nov 03 13:28:14 ip-172-31-19-74 turnserver[24060]: 1304: session 003000000000000023: realm <turn-myjitsidomain.com> user <1604496395>: incoming packet ALLOCATE processed, success
Nov 03 13:28:14 ip-172-31-19-74 turnserver[24060]: 1304: A peer IP 172.31.19.74 denied in the range: 172.16.0.0-172.31.255.255
Nov 03 13:28:14 ip-172-31-19-74 turnserver[24060]: 1304: session 003000000000000023: realm <turn-myjitsidomain.com> user <1604496395>: incoming packet CREATE_PERMISSION processed, error 403: Forbidden IP
Nov 03 13:28:14 ip-172-31-19-74 turnserver[24060]: 1304: session 003000000000000023: realm <turn-myjitsidomain.com> user <1604496395>: incoming packet message processed, error 403: Forbidden IP
Nov 03 13:28:15 ip-172-31-19-74 turnserver[24060]: 1305: IPv4. tcp or tls connected to: __PUBLIC_IP__:46342
and here’s my log when I comment out the denied-peer-ip=172.16… line and all appears to be working:
Nov 03 13:41:44 ip-172-31-19-74 turnserver[24507]: 674: session 000000000000000002: usage: realm=<turn-myjitsidomain.com>, username=<1604497269>, rp=1297, rb=1121581, sp=751, sb=510352
Nov 03 13:41:46 ip-172-31-19-74 turnserver[24507]: 676: session 004000000000000002: usage: realm=<turn-myjitsidomain.com>, username=<1604497198>, rp=1091, rb=805099, sp=957, sb=698004
Nov 03 13:41:48 ip-172-31-19-74 turnserver[24507]: 678: session 000000000000000002: usage: realm=<turn-myjitsidomain.com>, username=<1604497269>, rp=1090, rb=805753, sp=958, sb=706508
Nov 03 13:41:51 ip-172-31-19-74 turnserver[24507]: 680: session 004000000000000002: usage: realm=<turn-myjitsidomain.com>, username=<1604497198>, rp=1064, rb=752886, sp=984, sb=696732
Nov 03 13:41:51 ip-172-31-19-74 turnserver[24507]: 681: IPv4. tcp or tls connected to: __PUBLIC_IP__:47410
Nov 03 13:41:51 ip-172-31-19-74 turnserver[24507]: 681: session 004000000000000004: realm <turn-myjitsidomain.com> user <>: incoming packet message processed, error 401: Unauthorized
Nov 03 13:41:52 ip-172-31-19-74 turnserver[24507]: 681: IPv4. Local relay addr: 172.31.19.74:64551
Nov 03 13:41:52 ip-172-31-19-74 turnserver[24507]: 681: session 004000000000000004: new, realm=<turn-myjitsidomain.com>, username=<1604497269>, lifetime=600, cipher=TLS_AES_256_GCM_SHA384, method=UNKNOWN
Nov 03 13:41:52 ip-172-31-19-74 turnserver[24507]: 681: session 004000000000000004: realm <turn-myjitsidomain.com> user <1604497269>: incoming packet ALLOCATE processed, success
Nov 03 13:41:53 ip-172-31-19-74 turnserver[24507]: 682: IPv4. tcp or tls connected to: __PUBLIC_IP__:47430
Many thanks for your advice