Jitsi conference not working between mix network after configuring coturn server

Install & Config
1

Jitsi conference is not giving any audio or video when trying between mixed network after configuring coturn server. (e.g. 1 participant joined from VPN and 1 joined from public network).
The same is working if both the participants are either in VPN or in public network.

Kindly, help in this to resolve the issue. Attaching the config files that have been used to setup coturn.

configmap.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: turnserver-config
namespace: coturn
labels:
app.kubernetes.io/name: coturn
app.kubernetes.io/instance: coturn
app.kubernetes.io/version: 0.0.1
data:
turnserver.conf: |
server-name=turnpublic.“domain”
cert=/tls/tls.crt
pkey=/tls/tls.key
realm=turnpublic.“domain”
listening-ip=0.0.0.0
relay-ip=0.0.0.0
listening-port=443
min-port=36***
max-port=46***
tls-listening-port=443
log-file=stdout
verbose
static-auth-secret=my-secret

deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: coturn
name: coturn
labels:
app.kubernetes.io/name: coturn
app.kubernetes.io/instance: coturn
app.kubernetes.io/version: 0.0.1
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: coturn
app.kubernetes.io/instance: coturn
app.kubernetes.io/version: 0.0.1
template:
metadata:
labels:
app.kubernetes.io/name: coturn
app.kubernetes.io/instance: coturn
app.kubernetes.io/version: 0.0.1
spec:
hostNetwork: true
containers:
- name: coturn
image: coturn/coturn
imagePullPolicy: Always
envFrom:
- secretRef:
name: my-secret
args: [“-c”, “/turnserver.conf”]
ports:
- name: turn-port1
containerPort: 10000
hostPort: 10000
protocol: UDP
- name: turn-port2
containerPort: 443
hostPort: 443
protocol: TCP
volumeMounts:
- name: turnserver-config
mountPath: /turnserver.conf
subPath: turnserver.conf
readOnly: true
- name: tls
mountPath: /tls
readOnly: true
# - name: my-secret
# mountPath: /my-secret
# readOnly: true
volumes:
- name: turnserver-config
configMap:
name: turnserver-config
- name: tls
secret:
secretName: turnpublic.“domain”

service.yaml
apiVersion: v1
kind: Service
metadata:
name: coturn
namespace: coturn
spec:
ports:
- name: turn-tcp
port: 443
protocol: UDP
targetPort: 10000
- name: turn-tcp-tls
port: 443
protocol: TCP
targetPort: 443
selector:
app.kubernetes.io/name: coturn
app.kubernetes.io/instance: coturn
app.kubernetes.io/version: 0.0.1
type: LoadBalancer
loadBalancerIP: “loadbalancerip”

2

And a 3way call was working before configuring coturn?
port UDP 10000 is for jvb not for coturn.

3

yes it was working. can you suggest what changes should be done

4

Remove the mapping of port 10000 for coturn, that is used by the jvb and probably that is your problem.

5

Ok so what port should i pass for udp? 3478 or 443? i tried 3478 as well, but it didnt get resolved.

6

Your coturn is configured to listen to 443 only.

7

we have jvb-stateful configuration file where we have mentioned the port udp port as 36300 is working for us and 10000 is not allowed for us. kindly suggest how to configure the jvb with coturn. We are using kubernetes for the configuration of coturn.

{{- range $shard, $e := until (int $.Values.shardCount) }}

apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
k8s-app: {{ $.Values.jvb.name }}
scope: jitsi
shard: {{ $shard | quote }}
name: shard-{{ $shard }}-{{ $.Values.jvb.name }}
namespace: {{ $.Values.namespace }}
spec:
podManagementPolicy: Parallel
replicas: {{ $.Values.jvb.replicas }}
selector:
matchLabels:
k8s-app: {{ $.Values.jvb.name }}
scope: jitsi
shard: {{ $shard | quote }}
serviceName: jvb
template:
metadata:
labels:
k8s-app: {{ $.Values.jvb.name }}
scope: jitsi
shard: {{ $shard | quote }}
annotations:
kubectl.kubernetes.io/default-container: jvb
spec:
nodeSelector:
node_pool: {{ $.Values.node_pool }}
containers:
- args:
{{- if empty $.Values.jvb.hostPort }}
- “{{ $.Values.jvb.nodeportPrefix }}{{ add $shard 3 }}00”
{{- end }}
- /init
command:
- /entrypoint/entrypoint.sh
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: DOCKER_HOST_ADDRESS
value: {{ $.Values.JVB_ADVERTISE_IPS }}
- name: JVB_AUTH_PASSWORD
value: {{ $.Values.JVB_AUTH_PASSWORD }}
- name: JVB_AUTH_USER
value: {{ $.Values.JVB_AUTH_USER }}
- name: JVB_BREWERY_MUC
value: jvbbrewery
- name: JVB_TCP_PORT
value: “1720”
- name: TURN_CREDENTIALS
value: “{{ $.Values.turnserver.TURN_CREDENTIALS }}”
- name: TURN_HOST
value: “{{ $.Values.TURN_HOST }}”
- name: TURN_PORT
value: “{{ $.Values.turnserver.TURN_PORT }}”
- name: TURNS_HOST
value: “{{ $.Values.TURNS_HOST }}”
- name: TURNS_PORT
value: “{{ $.Values.turnserver.TURNS_PORT }}”
- name: JVB_TCP_HARVESTER_DISABLED
value: “true”
- name: PUBLIC_URL
value: https://{{ $.Values.publicDomain }}
- name: TZ
value: UTC
- name: XMPP_AUTH_DOMAIN
value: auth.{{ $.Values.publicDomain }}
- name: XMPP_INTERNAL_MUC_DOMAIN
value: internal-muc.{{ $.Values.publicDomain }}
- name: XMPP_SERVER
value: shard-{{ $shard }}-{{ $.Values.prosody.name }}.{{ $.Values.namespace }}.svc.cluster.local
- name: ENABLE_XMPP_WEBSOCKET
value: “1”
- name: ENABLE_COLIBRI_WEBSOCKET
value: “1”
- name: XMPP_DOMAIN
value: {{ $.Values.publicDomain }}
- name: JICOFO_AUTH_USER
value: “{{ $.Values.JICOFO_AUTH_USER }}”
- name: JICOFO_AUTH_PASSWORD
value: {{ $.Values.JICOFO_AUTH_PASSWORD }}
- name: XMPP_MUC_DOMAIN
value: {{ $.Values.publicDomain }}
- name: JVB_WS_SERVER_ID
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: JVB_ADVERTISE_IPS
value: {{ $.Values.JVB_ADVERTISE_IPS }}
{{- if $.Values.jvb.extraEnvs }}
{{- toYaml $.Values.jvb.extraEnvs | nindent 8 }}
{{- end }}
image: {{ $.Values.jvb.image }}
imagePullPolicy: {{ $.Values.jvb.imagePullPolicy }}
lifecycle:
preStop:
exec:
command:
- bash
- /shutdown/graceful_shutdown.sh
- -t 3
name: jvb
volumeMounts:
- mountPath: /entrypoint
name: jvb-entrypoint
- mountPath: /shutdown
name: jvb-shutdown
terminationGracePeriodSeconds: 2147483647
volumes:
- configMap:
defaultMode: 484
name: jvb-entrypoint
name: jvb-entrypoint
- configMap:
defaultMode: 484
name: jvb-shutdown
name: jvb-shutdown
updateStrategy:
type: RollingUpdate
{{ end }}

in the helms value.yaml file the below details are mentioned which has been used in the jvb stateful config file:

jvb:
name: jvb
replicas: 3
image: jitsi/jvb:stable-8319
imagePullPolicy: Always
nodeportPrefix: “36”

turnserver:
TURN_CREDENTIALS: *****
TURN_PORT: 443
TURNS_PORT: 443
TURN_HOST: “”
TURNS_HOST: “”