Problem with TURN (coTURN) server

Install & Config
#1

Hi there!

I’m using two different machines.

  • Machine 1: JVB
  • Machine 2: STUN / TURN server

On machine 1 I configured the following:
[1] nano /etc/prosody/conf.avail/www.mydomain.de.cfg.lua

turncredentials_secret = “mysecet”;

turncredentials = { 
   { type = "stun", host = "stun.mydomain.de", port = "443" }, 
   { type = "turn", host = "stun.mydomain.de", port = "443", transport = "udp" }, 
   { type = "turns", host = "stun.mydomain.de", port = "443", transport = "tcp" } 
};

[2] /etc/jitsi/meet/www.mydomain.de-config.js

useStunTurn: true,
p2p: {
       useStunTurn: true,

[3] /etc/jitsi/videobridge/sip-communicator.properties

org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true

On machine 2 this is my coTURN configuraiton:

    #listening-port=3478
    tls-listening-port=443
    listening-ip=myIP
    relay-ip=myIP
    fingerprint
    use-auth-secret
    static-auth-secret=mySecret
    realm=myServerDNSName
    total-quota=100
    bps-capacity=0
    no-udp
    no-tcp
    stale-nonce=600
    cert=/etc/ssl/certs/ecsa_cert.pem
    pkey=/etc/ssl/private/ecsa_cert.key
    cipher-list="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
    ec-curve-name=secp384r1
    dh-file=/etc/ssl/certs/dhparam.pem
    no-stdout-log
    log-file=/var/log/turnserver.log
    simple-log
    no-multicast-peers
    cli-port=5766
    no-tlsv1 
    no-tlsv1_1

On machine 2 (coTURN) I see entries like this:

926: session 000000000000000069: closed (2nd stage), user <1586515859> realm <stun.myrealm.de> origin <>, local 91.173.65.126:443, remote 82.180.172.127:50576, reason: TLS/TCP socket buffer operation error (callback)

Testing it with about:webrtc in Firefox I get:

Remote SDP (Offer)
[…]
a=candidate:1 1 udp 2130706431 2a03:4000:10:50b:c8d4:daff:fe62:f2b2 10000 typ host generation 0
a=candidate:2 1 udp 2130706431 JVB-IP 10000 typ host generation 0
[…]
a=candidate:1 1 udp 2130706431 2a03:4000:10:50b:c8d4:daff:fe62:f2b2 10000 typ host generation 0
a=candidate:2 1 udp 2130706431 JVB-IP 10000 typ host generation 0

As far as I can tell: No TURN server is used. Any advice?
I’m testing with clients behind NAT with firewall blocked port 10000. So TURN should be used.

#2

I had similar problems to get TURN working on a separate server. Unfortunately, I didn’t get it working.

What about installing TURN-server on same machine as JVB?
I guess that in my case it was a problem of the certificates for the communication JVB --> TURN

As soon as I installed coturn on the same server as jitsi, it worked

#3

Well I’m using Let’s Encrypt certs.
openssl s_client -connect stun.mydomain.de:443
from JVB to TURN server seems good.

I also tested my TURN server with this: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/

Also no problems.