/var/log/jitsi/jvb.log ... Address discovery through STUN failed

Install & Config
#1

Hello,

Is there any chance, that a turnserver.conf like this is responsible for the above mentioned message?

#jitsi-meet coturn config. Do not modify this line
lt-cred-mech
fingerprint
use-auth-secret
keep-address-family
static-auth-secret=aabbccddeeffgghh
realm=fqdnofmyserver
cert=/etc/coturn/certs/fqdnofmyserver.fullchain.pem
pkey=/etc/coturn/certs/fqdnofmyserver.privkey.pem
dh-file=/etc/letsencrypt/dhparam.pem
cipher-list=“ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305”
ec-curve-name=secp521r1:secp384r1
no-sslv3
no-tlsv1
no-tlsv1_1

no-tcp
no-udp
tls-listening-port=4445
external-ip=externalipofmyserver

no-stdout-log
log-file=/var/log/turnserver.log
simple-log

user-quota=12
total-quota=1200
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
no-loopback-peers
no-multicast-peers
verbose

Via webrtc,github,trickle-ice I get a confirmation, that stun is working. But my turnserver.log only reveals activity, whenever I try to establish a connection via turn:fqdnofmyserver:443?transport=tcp or turns:fqdnofmyserver:443?transport=tcp. Not working via udp makes sense to me.

Jitsi installation (on May, the 8th) was less spectacular:

echo ‘deb https://download.jitsi.org stable/’ > /etc/apt/sources.list.d/jitsi-stable.list
wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | apt-key add -
apt-get update
hostnamectl set-hostname xx
sed -z -i ‘s/localhost/localhost xx fqdnofmyserver/’ /etc/hosts
apt-get install nginx jitsi-meet -y
/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
… some config changes …
sed -i ‘s/meet-jit-si-turnrelay.jitsi.net/fqdnofmyserver/’ /etc/jitsi/videobridge/sip-communicator.properties
sed -i ‘3i org.jitsi.videobridge.DISABLE_TCP_HARVESTER=true’ /etc/jitsi/videobridge/sip-communicator.properties
sed -i ‘s@stun:meet-jit-si-turnrelay.jitsi.net:443@stun:fqdnofmyserver:443@’ /etc/jitsi/meet/fqdnofmyserver-config.js
The file /etc/nginx/modules-enabled/60-jitsi-meet.conf and the turncredentials in /etc/prosody/conf.avail/fqdnofmyserver.cfg.lua were left unchanged.

Authentication has been activated as well (incl. enabling module turncredentials for guest domain).

The system is working marvellous (whenever videobridge port UDP-10000 is open). But as soon as I close the port (and only leave ports 80/443 open) and force the connection to use the coturn server, the session comes up, but without audio/video - regardless of the number of people willing to participate.

Much thx for reading!

Cheers
Dandu

#2

Just read through the thread …

During the installation I definitely didn’t offer udp/443 access to the outside world. My server was basically hardened before. Thus, there was no chance for autodiscover to work (which might actually not be necessary, I’m not sure).

Cheers Dandu

#3

Maybe there is a misunderstanding. I expected the coturn server, that’s been installed automatically nowadays, to help the admin in abdicating the need to create one on another private server. Cheers Dandu

#4

that’s all right but then you have to setup yourself the public address in the javabridge sip-communicator.properties and (probably I don’t use it) in the coturn configuration.

#5

I solved it. It was a firewall problem (regarding traffic in between lo and eth0). The usual stuff. :wink: Much thx anyway, gpatel-fr!

Cheers Dandu