BBB Turn Server blocked by Firewall

[Jonathan]

Hi,

we often have problems with users behind restricted firewalls that can not access our BBB because the required Ports are blocked. We have set up a TURN/STUN Server for those cases but still, it's not working for everyone.

Here our /etc/turnserver.conf file:

---------------------------------------

listening-port=3478
tls-listening-port=443
alt-tls-listening-port=5349 # We used that as a ios workaround
external-ip=XXX
min-port=32769
max-port=65535
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=XXX
cert=XXX
pkey=XXX
cipher-list="ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS"
dh2066
no-tlsv1
no-tlsv1_1
simple-log
# To enbale timestamps in logs
new-log-timestamp

------------------------------------------------------------

and /usr/share/bbb-web/WEB-INF/classes/spring/turn-stun-servers.xml file:

------------------------------------------------------------

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">

    <bean id="stun0" class="org.bigbluebutton.web.services.turn.StunServer">
        <constructor-arg index="0" value="stun:ourdomain.com"/>
    </bean>


    <bean id="turn0" class="org.bigbluebutton.web.services.turn.TurnServer">
        <constructor-arg index="0" value="secret"/>
        <constructor-arg index="1" value="turns:ourdomain.com:443?transport=tcp"/>
        <constructor-arg index="2" value="86400"/>
    </bean>

    <bean id="turn1" class="org.bigbluebutton.web.services.turn.TurnServer">
        <constructor-arg index="0" value="secret"/>
        <constructor-arg index="1" value="turn:ourdomain.com:443?transport=tcp"/>
        <constructor-arg index="2" value="86400"/>
    </bean>

    <bean id="stunTurnService"
            class="org.bigbluebutton.web.services.turn.StunTurnService">
        <property name="stunServers">
            <set>
                <ref bean="stun0"/>
            </set>
        </property>
        <property name="turnServers">
            <set>
                <ref bean="turn0"/>
                <ref bean="turn1"/>
            </set>
        </property>
    </bean>
</beans>

------------------------------------------------------------

We deployed the Turn Server on an AWS ec2 instance and therefore added the external ip to the coturn config.

Can you spot any mistakes in our setup?

Any ideas are much appreciated!

Cheers Jonathan

[Vis]

Jonathan....I have similar coturn setup. Not sure about your firewall arrangement but I only use at the moment in turn-stun-servers.xml the first of

<bean id="stun0" class="org.bigbluebutton.web.services.turn.StunServer">

        <constructor-arg index="0" value="stun:ourdomain.com:3478"/>
    </bean>

Previously I had all ourdomain:3478 in all 3 places and it worked for me too.

Hope that helps

Vis

[Daniel Schröter]

jona...@gmail.com schrieb am Dienstag, 6. Juli 2021 um 19:09:43 UTC+2:

        <constructor-arg index="1" value="turn:ourdomain.com:443?transport=tcp"/>

it should be "turns:" and not "turn:"

turn0 and turn1 have different FQDNs?

BTW: Put it to /etc/bigbluebutton/turn-stun-servers.xml and updates are easier ;-)

Which file shows

bbb-conf  --check

for STUN Server?