Matrix Synapse TURN configuration fails

Question

Platform: Debian 9

Matrix Synapse version: 0.22.1-1

Coturn version: 4.5.0.5-1+b1

https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.rst

I tried to follow this guide but TURN server keeps failing to connect users across separate NATs. Here are the exact steps i took:

$ sudo apt install coturn

$ sudo nano /etc/turnserver.conf

Edited so that:

lt-cred-mech use-auth-secret static-auth-secret=[sharedsecretkey] realm=turn.perthchat.org no-tcp-relay allowed-peer-ip=10.0.0.1 user-quota=16 total-quota=800 

$ sudo nano /etc/default/coturn

# # Uncomment it if you want to have the turnserver running as # an automatic system service daemon # TURNSERVER_ENABLED=1 

$ sudo ufw allow 3478

$ sudo nano /etc/matrix-synapse/homeserver.yaml

turn_uris: [ "turn:turn.perthchat.org:3478?transport=udp", "turn:turn.perthchat.org:3478?transport=tcp" ] turn_shared_secret: sharedsecretkey turn_user_lifetime: 86400000 turn_allow_guests: True 

$ sudo systemctl start coturn

$ sudo systemctl restart matrix-synapse

Calling fails across NATs, it gets stuck on 'Call Connecting...'

These are the last logs that appeared before coturn mysteriously stopped generating new logs:

$ tail -n 20 /var/log/turn.log 0: IO method (general relay thread): epoll (with changelist) 0: turn server id=0 created 0: IPv4. TCP listener opened on : 127.0.0.1:3478 0: IPv4. TCP listener opened on : 127.0.0.1:3479 0: IPv4. TCP listener opened on : 209.58.177.136:3478 0: IPv4. TCP listener opened on : 209.58.177.136:3479 0: IPv6. TCP listener opened on : ::1:3478 0: IPv6. TCP listener opened on : ::1:3479 0: IPv4. UDP listener opened on: 127.0.0.1:3478 0: IPv4. UDP listener opened on: 127.0.0.1:3479 0: IPv4. UDP listener opened on: 209.58.177.136:3478 0: IPv4. UDP listener opened on: 209.58.177.136:3479 0: IPv6. UDP listener opened on: ::1:3478 0: IPv6. UDP listener opened on: ::1:3479 0: Total General servers: 2 0: IO method (admin thread): epoll (with changelist) 0: IPv4. CLI listener opened on : 127.0.0.1:5766 0: IO method (auth thread): epoll (with changelist) 0: IO method (auth thread): epoll (with changelist) 0: SQLite DB connection success: /var/lib/turn/turndb 

I tried opening port 3479 but that did nothing, i am unsure how to connect SSL to the coturn service.

Any help getting the TURN calling working would be greatly appreciated.

Answer 1

Here are the extra steps i took to fix this:

First i edited /etc/turnserver.conf and uncommented:

# Lower and upper bounds of the UDP relay endpoints: # (default values are 49152 and 65535) # min-port=49152 max-port=65535 

Then I reset the services:

$ sudo systemctl restart coturn $ sudo systemctl restart matrix-synapse 

I then configured a simple A DNS record pointing turn.perthchat.org to the server IP. Works great now! :)

Answer 2

Have you looked at your firewall log to see if packets are being rejected? Which client/browser are you using? If chome, can you see how connecting to turn works from chrome://webrtc-internals ?