Using Stun/Turn Server and why

I have just a basic knowledge of what Stun/Turn server is and how they help video conferencing.

But I am a little confused about Stun/Turn server-related configs in jitsi. In the earlier days, jitsi were using google’s stun servers but then moved to their own stun/turn server. So, should we just use google’s Stun/Turn server, or we should deploy it on our own in the same machine or in a separate machine? and How much it can affect the conference performance?
currently, I am just seeing “useStunTurn: true” in meet.jit.si , so does this mean it automatically installs the default open-source stun turn server in the same machine as there was no address parameter there?
useTurnUdp”/“useTurnTcp” is another thing,should we set it to true/false and why. how can this affect our conference?
Thanks in advance for any help…! :heartbeat:

STUN and TURN are used when users have restricted connectivity (some types or NAT, or restrictive corporate firewalls).

There are many publicly available STUN servers which often do not require authentication, and some browsers have built-in defaults. However, STUN only helps with public IP/port discovery, and doesn’t actually act as a traffic relay. So there are many kinds of restrictive network where STUN alone will not be enough.

TURN, on the other hand, actually relays the traffic, so it will work even in the most restrictive network setups. Because it’s relaying the traffic, most TURN servers require authentication to prevent misuse. If you’re deploying your own Jitsi setup, you should deploy a TURN server for compatibility with the widest range of possible user network configurations.

useStunTurn: true without listing servers means that the STUN/TURN servers will be automatically detected through XMPP’s external services mechanism. (If using Prosody, mod_external_services or the old mod_turncredentials). Using this mechanism a time-limited credential is also provided for TURN.

Jitsi can use TURN to help P2P participants reach each other (which reduces load on the videobridge which they would otherwise fall back to using), and also to help participants reach the videobridge in n>2 conferences (e.g. when UDP is blocked). TURN/TCP is superior to the videobridge’s built-in TCP mechanism because it does a real TLS exchange so is less likely to be blocked by restrictive firewalls.

On a small setup you can run everything on one server. We use separate servers for performance reasons.

4 Likes

Thanks a lot for the Infos.
So that’s mean If I useStunTurn to true without listing stun servers then it means it will automatically configure stun/turn server for me in the same machine jitsi-meet is running on and performance won’t be good for big number of conferences,right? here the performance you meant is connecting to my jitsi server?
so if I wanna use my own stun/turn server (to improve performance) I have to deploy stun/turn (both?) in defferent macine/server and make it listed in the configs and set the variable to true?
what if I set it to false or doesn’t even set it, what happens then?
another thing is what is the use of useTurnUdp/useTurnTcp? and again Thanks a lot for the info’s

useStunTurn: true doesn’t magically configure a TURN server for you. It just means that jitsi-meet (the client side) will try to discover TURN server details via the XMPP server. You would still need to set up a TURN server (e.g. coturn) and configure the XMPP server (Prosody) to provide the hostname/IP and port and credentials for that TURN server via mod_external_services (or the old mod_turncredentials). That TURN server can be on the same machine or another.

If you don’t set useStunTurn, I think it defaults to true anyway. If you set it to false (or if you set it to true but don’t configure any STUN/TURN details for Prosody to hand out) then there will be no STUN/TURN capability unless the user’s browser has some built-in default.

useTurnUdp and useTurnTcp enable TURN for UDP and TCP respectively, as the names suggest. There’s generally no point in enabling it for UDP for n>2 conferences, as if the user can reach the TURN server over UDP they can probably reach the videobridge over UDP anyway.

2 Likes

So the best thing for me now is to set useStunTurn to true and set up Stun and Turn servers and make it listed? or only setting up Turn server is ok as there are free stun servers. if I dont set up stun/turn server or set it to false can it affect conference performance like in audio/video transmission?
and as I don’t really care about p2p so I can just use useTurnUdp to false and useTurnTcp to true?

Most TURN server software (including coturn, which seems to be the most popular open source one) does both STUN and TURN.

If you don’t have working STUN/TURN you can expect some people to be unable to connect (typical symptom is they can join the conference but have no working audio or video).

useTurnUdp: false is the default anyway.

2 Likes

This is not related in performance and the performance will be worse when TURN used because there will be an extra layer between JVB and client but this is the only option to communicate on some situations.

If the clients can have a meeting although with a bad quality audio/video, TURN has nothing to do

3 Likes