[ISSUE] How to configure turn server with jvb like meet.jit.si?

Why do you say that it don’t work on your server ? Your screenshot shows a working Turn connection.

I’m testing with 3 computers: 2 with a normal network and 1 behind a proxy and a more restricted firewall.
With my jitsi server the more restricted computer has no video and screen sharing.
The same test with meet.jit.si works without changes on the proxy and firewall.
I don’t know why.

You mean that when you did this screenshot, there was no video ?

As first, i thought than the turnserver caused the problem but I have the information (turn) in statistics and all works with computers on a normal network.
With the computer on network more restricted, i haven’t information, no video and no screenshare, view below.
2022-02-21 12_21_55-Testadm 2102 _ Jitsi Meet et 5 pages de plus - Profil 1 – Microsoft​ Edge
How to troubleshooting this?
I checked the firewall and the proxy, nothing is blocked.

I found an error “401 unauthotrized” in turnserver logfile.

--------------TEST-----------------------------
3.2:55998
43499: : IPv4. tcp or tls connected to: __IP_PUBLIC___:56056
43499: : IPv4. tcp or tls connected to: __IP_PUBLIC___:56058
43499: : IPv4. tcp or tls connected to: __IP_PUBLIC___:56060
43499: : session 000000000000000019: realm <turn-jitsi-meet.domain.com> user <>: incoming packet message processed, error 401: Unauthorized
43499: : IPv4. Local relay addr: __IP_PUBLIC___:53110
43499: : session 000000000000000019: new, realm=<turn-jitsi-meet.domain.com>, username=<1645530268>, lifetime=600, cipher=TLS_AES_256_GCM_SHA384, method=TLSv1.3
43499: : session 000000000000000019: realm <turn-jitsi-meet.domain.com> user <1645530268>: incoming packet ALLOCATE processed, success
43506: : session 003000000000000015: TLS/TCP socket closed remotely __IP_PUBLIC___:55998
43506: : session 003000000000000015: usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43506: : session 003000000000000015: peer usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43506: : session 003000000000000015: closed (2nd stage), user <> realm <turn-jitsi-meet.domain.com> origin <>, local __IP_PUBLIC___:5349, remote __IP_PUBLIC___:55998, reason: TLS/TCP connection closed by client (callback)
43506: : session 003000000000000015: SSL shutdown received, socket to be closed (local __IP_PUBLIC___:5349, remote __IP_PUBLIC___:55998)
43507: : IPv4. tcp or tls connected to: __IP_PUBLIC___:56086
43524: : session 002000000000000021: TLS/TCP socket closed remotely __IP_PUBLIC___:56086
43524: : session 002000000000000021: usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43524: : session 002000000000000021: peer usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43524: : session 002000000000000021: closed (2nd stage), user <> realm <turn-jitsi-meet.domain.com> origin <>, local __IP_PUBLIC___:5349, remote __IP_PUBLIC___:56086, reason: TLS/TCP connection closed by client (callback)
43524: : session 002000000000000021: SSL shutdown received, socket to be closed (local __IP_PUBLIC___:5349, remote __IP_PUBLIC___:56086)
43524: : IPv4. tcp or tls connected to: __IP_PUBLIC___:56112
43542: : session 003000000000000016: TLS/TCP socket closed remotely __IP_PUBLIC___:56112
43542: : session 003000000000000016: usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43542: : session 003000000000000016: peer usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43542: : session 003000000000000016: closed (2nd stage), user <> realm <turn-jitsi-meet.domain.com> origin <>, local __IP_PUBLIC___:5349, remote __IP_PUBLIC___:56112, reason: TLS/TCP connection closed by client (callback)
43542: : session 003000000000000016: SSL shutdown received, socket to be closed (local __IP_PUBLIC___:5349, remote __IP_PUBLIC___:56112)
43542: : IPv4. tcp or tls connected to: __IP_PUBLIC___:56136
43544: : session 002000000000000020: TLS/TCP socket disconnected: __IP_PUBLIC___:56056
43544: : session 002000000000000020: usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43544: : session 002000000000000020: peer usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43544: : session 002000000000000020: closed (2nd stage), user <> realm <turn-jitsi-meet.domain.com> origin <>, local __IP_PUBLIC___:5349, remote __IP_PUBLIC___:56056, reason: TLS/TCP socket buffer operation error (callback)
43544: : session 000000000000000018: TLS/TCP socket disconnected: __IP_PUBLIC___:56058
43544: : session 000000000000000018: usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43544: : session 000000000000000018: peer usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43544: : session 000000000000000018: closed (2nd stage), user <> realm <turn-jitsi-meet.domain.com> origin <>, local __IP_PUBLIC___:5349, remote __IP_PUBLIC___:56058, reason: TLS/TCP socket buffer operation error (callback)
43544: : session 000000000000000019: refreshed, realm=<turn-jitsi-meet.domain.com>, username=<1645530268>, lifetime=0, cipher=TLS_AES_256_GCM_SHA384, method=TLSv1.3
43544: : session 000000000000000019: realm <turn-jitsi-meet.domain.com> user <1645530268>: incoming packet REFRESH processed, success
43544: : session 000000000000000019: TLS/TCP socket disconnected: __IP_PUBLIC___:56060
43544: : session 000000000000000019: usage: realm=<turn-jitsi-meet.domain.com>, username=<1645530268>, rp=3, rb=276, sp=3, sb=332
43544: : session 000000000000000019: peer usage: realm=<turn-jitsi-meet.domain.com>, username=<1645530268>, rp=0, rb=0, sp=0, sb=0
43544: : session 000000000000000019: closed (2nd stage), user <1645530268> realm <turn-jitsi-meet.domain.com> origin <>, local __IP_PUBLIC___:5349, remote __IP_PUBLIC___:56060, reason: TLS/TCP socket buffer operation error (callback)
43544: : session 000000000000000019: delete: realm=<turn-jitsi-meet.domain.com>, username=<1645530268>
43559: : session 003000000000000017: TLS/TCP socket closed remotely __IP_PUBLIC___:56136
43559: : session 003000000000000017: usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43559: : session 003000000000000017: peer usage: realm=<turn-jitsi-meet.domain.com>, username=<>, rp=0, rb=0, sp=0, sb=0
43559: : session 003000000000000017: closed (2nd stage), user <> realm <turn-jitsi-meet.domain.com> origin <>, local __IP_PUBLIC___:5349, remote __IP_PUBLIC___:56136, reason: TLS/TCP connection closed by client (callback)
43559: : session 003000000000000017: SSL shutdown received, socket to be closed (local __IP_PUBLIC___:5349, remote __IP_PUBLIC___:56136)

I don’t know if it’s a real problem.
When i try, i see a connection attempt on the web interface like a black square since few seconds and nothing, the first letter of name is displayed. :frowning:

possibly linked to the lt-cred-mech instruction in the turnserver.conf, did you remove it ? if yes, that may mean that the turnserver credentials are icorrect.

I checked the password for prosody and turnserver. It’s same.
This error appear just when i restart the coturn service.

I have this error in jvb.log

JVB 2022-02-18 15:45:40.502 WARNING: [65] [confId=bfd670a7d719421f gid=53658 stats_id=Ken-i8S conf_name=static2@conference.jitsi.domain.com ufrag=66mou1fs6o592v epId=5057ea3d local_ufrag=66mou1fs6o592v] ConnectivityCheckClient.startCheckForPair#374: Failed to send BINDING-REQUEST(0x1)[attrib.count=6 len=92 tranID=0x95A6820D7F01A9EE031153B6]
java.lang.IllegalArgumentException: No socket found for __IP_PUBLIC__:10000/udp->172.20.131.6:55307/udp
        at org.ice4j.stack.NetAccessManager.sendMessage(NetAccessManager.java:631)
        at org.ice4j.stack.NetAccessManager.sendMessage(NetAccessManager.java:581)
        at org.ice4j.stack.StunClientTransaction.sendRequest0(StunClientTransaction.java:267)
        at org.ice4j.stack.StunClientTransaction.sendRequest(StunClientTransaction.java:245)
        at org.ice4j.stack.StunStack.sendRequest(StunStack.java:680)
        at org.ice4j.ice.ConnectivityCheckClient.startCheckForPair(ConnectivityCheckClient.java:335)
        at org.ice4j.ice.ConnectivityCheckClient.startCheckForPair(ConnectivityCheckClient.java:231)
        at org.ice4j.ice.ConnectivityCheckClient$PaceMaker.run(ConnectivityCheckClient.java:938)
        at org.ice4j.util.PeriodicRunnable.executeRun(PeriodicRunnable.java:206)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at java.base/java.lang.Thread.run(Thread.java:833)
JVB 2022-02-18 15:45:40.502 INFO: [65] [confId=bfd670a7d719421f gid=53658 stats_id=Ken-i8S conf_name=static2@conference.jitsi.domain.com ufrag=66mou1fs6o592v epId=5057ea3d local_ufrag=66mou1fs6o592v] ConnectivityCheckClient$PaceMaker.run#942: Pair failed: __IP_PUBLIC__:10000/udp/host -> 172.20.131.6:55307/udp/host (stream-5057ea3d.RTP)
JVB 2022-02-18 15:45:45.952 INFO: [26] HealthChecker.run#171: Performed a successful health check in PT0.000009713S. Sticky failure: false

I think the turnserver try to communicate with host with UDP but this input is blocked.

I captured packets during a meeting.
With my server, I have a lot of packets are tagged STUN with 10000 udp port of my locale ip address to the ip public and it don’t work.
With meet.jit.si, I have all packets are tagged TCP or TLS protocol and it’s works.
How to configure my server for work like that please?
I have a configuration problem somewhere.

Hi,
Can anyone help me please?
I have reinstall all services and i have the same issue.
java.lang.IllegalArgumentException: No socket found for _IP_ADDRESS__:10000/udp->192.168.211.48:51396/udp
I commented the restriction lines in turnserver.conf but nothing.
The UDP protocols are blocked on server and client.

Hi everybody,
I take an other way because i don’t solved my issue for the moment.
I try this script for don’t forget a parameter.

Everything work for somepeople but i have always the same error.
In nginx:
2022/03/26 04:19:13 [error] 29780#29780: *6179 recv() failed (104: Connection reset by peer) while proxying and reading from upstream, client: _IP_PUBLIC_CLIENT, server: 0.0.0.0:443, upstream: “_IP_PUBLIC_JITSI:5349”, bytes from/to client:495/4561, bytes from/to upstream:4561/742
In jvb:
java.lang.IllegalArgumentException: No socket found for IP_PUBLIC_JITSI:10000/udp->172.20.162.83:52952/udp
Do you have already solved this issue?

Seems that NAT rule which redirects TCP/5349 traffic coming from the internal network is missing. Therefore Nginx cannot connect Coturn through the public IP.

I have just a public address because my environment is directly exposed to internet.
Do i have a parameter to modify ?

I activated the debug mode on nginx service and i see a problem with the ssl certificat because it is rewrited by the proxy.
I don’t have this with meet.jit.si.
Do you know why i have this ?

Does the following command list only your public IP?

hostname -I

Which proxy?

No i have ipv6 address in the list.
For the proxy, it’s a participant behind a firewall and proxy ssl.
That doesn’t work for him.

To be sure, the proxy is on the client side in front of the client browser, so it intercepts HTTPS traffic. Correct?

Yes. That’s exactly it.

So it’s needed to fix the client side proxy. A quick fix would be to add an exception for Jitsi to bypass the proxy.

I understood but it’s not à solution.
As come i said, the meet.jit.si environment work then i want to find the same configuration.
I think I’m not alone with this problem because i read others topics but they didn’t given solutions at the end.