Run Webrtc on Public network with Limited ports
50 views
Skip to first unread message
ajaas shaik
Aug 8, 2025, 2:58:38 AMAug 8
to discuss-webrtc
Hi
I've been working on WebRTC to work on public network with only port allowed 443.
I have installed a Turn server separately and configured in rtp.conf and phone.js.
Below are the configurations
turnserver.conf
# Listen only on port 443 (for TCP and TLS)
listening-port=443
tls-listening-port=443
# Only support TCP (remove or comment out proto=udp and do NOT use UDP)
# proto=tcp # (This is not a valid setting, coturn listens on both TCP/UDP by default for the listed ports.)
# Bind TURN to your local IP
listening-ip=0.0.0.0
# Map internal to public IP (as before)
#external-ip=103.167.xxx.xx/192.168.0.xx
external-ip=103.167.xxx.xx
# Min/max relay ports (optional, for relayed media connections)
min-port=49152
max-port=65535
max-allocations=1000
allocation-timeout=120
# Authentication, realm, logging (keep as before)
lt-cred-mech
user=dxxx:dxxx123
realm=dxxx
fingerprint
# Security
no-multicast-peers
no-loopback-peers
log-level=DEBUG
# Logging
verbose
simple-log
log-file=/var/log/turnserver.log
# Certificates for TLS
cert=/etc/nginx/ssl/nginx-selfsigned.crt
pkey=/etc/nginx/ssl/nginx-selfsigned.key
# Disable UDP (optional but recommended for strict TCP-only)
no-udp
js file code
let IceStunServerJson = getDbItem("IceStunServerJson", JSON.stringify([
{
urls: "turn:103.167.xxx.xx:443?transport=udp",
username: "dxxx",
credential: "dxxx123"
},
{
urls: "turn:103.167.xxx.xxx:443?transport=tcp",
username: "dxxx",
credential: "dxxx123"
}
]));
Issue facing: no voice
below is the webRTC dump log
https://103.167.XXX.XXX/dialer/Phone/index, { iceServers: [turn:103.167.xxx.xx:443?transport=udp, turn:103.167.xxx.xx:443?transport=tcp], iceTransportPolicy: relay, bundlePolicy: balanced, rtcpMuxPolicy: require, iceCandidatePoolSize: 0 },
ICE connection state: new => checking => checking => disconnected
Connection state: new => connecting => connecting => failed
Signaling state: new => have-remote-offer => stable => stable
ICE Candidate pair: (not connected)
ICE candidate grid
Time Event
8/7/2025, 3:31:52 PM
transceiverAdded [0], audio
8/7/2025, 3:31:52 PM
setRemoteDescription (type: "offer", 2 sections)
8/7/2025, 3:31:52 PM setRemoteDescriptionOnSuccess
8/7/2025, 3:31:52 PM
signalingstatechange
8/7/2025, 3:31:52 PM
transceiverModified [0], audio
8/7/2025, 3:31:52 PM
createAnswer
8/7/2025, 3:31:52 PM
createAnswerOnSuccess (type: "answer", 2 sections)
8/7/2025, 3:31:52 PM
setLocalDescription (type: "answer", 2 sections)
8/7/2025, 3:31:52 PM setLocalDescriptionOnSuccess
8/7/2025, 3:31:52 PM
signalingstatechange
8/7/2025, 3:31:52 PM
transceiverModified [0], audio
8/7/2025, 3:31:52 PM
icegatheringstatechange
8/7/2025, 3:31:52 PM
icecandidateerror
8/7/2025, 3:31:52 PM
iceconnectionstatechange
8/7/2025, 3:31:52 PM
connectionstatechange
8/7/2025, 3:31:52 PM
icecandidate(sdpMid: audio-0, sdpMLineIndex: 0, type: relay, url: turn:103.167.xxx.xx:443?transport=udp, relayProtocol: udp)
8/7/2025, 3:31:52 PM
icecandidate(sdpMid: audio-0, sdpMLineIndex: 0, type: relay, url: turn:103.167.xxx.xx:443?transport=tcp, relayProtocol: tcp)
8/7/2025, 3:32:05 PM
setRemoteDescription (type: "offer", 2 sections)
8/7/2025, 3:32:05 PM
setLocalDescription (munged) (type: "answer", 2 sections)
8/7/2025, 3:32:05 PM
Please help me out
I've been working on WebRTC to work on public network with only port allowed 443.
I have installed a Turn server separately and configured in rtp.conf and phone.js.
Below are the configurations
turnserver.conf
# Listen only on port 443 (for TCP and TLS)
listening-port=443
tls-listening-port=443
# Only support TCP (remove or comment out proto=udp and do NOT use UDP)
# proto=tcp # (This is not a valid setting, coturn listens on both TCP/UDP by default for the listed ports.)
# Bind TURN to your local IP
listening-ip=0.0.0.0
# Map internal to public IP (as before)
#external-ip=103.167.xxx.xx/192.168.0.xx
external-ip=103.167.xxx.xx
# Min/max relay ports (optional, for relayed media connections)
min-port=49152
max-port=65535
max-allocations=1000
allocation-timeout=120
# Authentication, realm, logging (keep as before)
lt-cred-mech
user=dxxx:dxxx123
realm=dxxx
fingerprint
# Security
no-multicast-peers
no-loopback-peers
log-level=DEBUG
# Logging
verbose
simple-log
log-file=/var/log/turnserver.log
# Certificates for TLS
cert=/etc/nginx/ssl/nginx-selfsigned.crt
pkey=/etc/nginx/ssl/nginx-selfsigned.key
# Disable UDP (optional but recommended for strict TCP-only)
no-udp
js file code
let IceStunServerJson = getDbItem("IceStunServerJson", JSON.stringify([
{
urls: "turn:103.167.xxx.xx:443?transport=udp",
username: "dxxx",
credential: "dxxx123"
},
{
urls: "turn:103.167.xxx.xxx:443?transport=tcp",
username: "dxxx",
credential: "dxxx123"
}
]));
Issue facing: no voice
below is the webRTC dump log
https://103.167.XXX.XXX/dialer/Phone/index, { iceServers: [turn:103.167.xxx.xx:443?transport=udp, turn:103.167.xxx.xx:443?transport=tcp], iceTransportPolicy: relay, bundlePolicy: balanced, rtcpMuxPolicy: require, iceCandidatePoolSize: 0 },
ICE connection state: new => checking => checking => disconnected
Connection state: new => connecting => connecting => failed
Signaling state: new => have-remote-offer => stable => stable
ICE Candidate pair: (not connected)
ICE candidate grid
Time Event
8/7/2025, 3:31:52 PM
transceiverAdded [0], audio
8/7/2025, 3:31:52 PM
setRemoteDescription (type: "offer", 2 sections)
8/7/2025, 3:31:52 PM setRemoteDescriptionOnSuccess
8/7/2025, 3:31:52 PM
signalingstatechange
8/7/2025, 3:31:52 PM
transceiverModified [0], audio
8/7/2025, 3:31:52 PM
createAnswer
8/7/2025, 3:31:52 PM
createAnswerOnSuccess (type: "answer", 2 sections)
8/7/2025, 3:31:52 PM
setLocalDescription (type: "answer", 2 sections)
8/7/2025, 3:31:52 PM setLocalDescriptionOnSuccess
8/7/2025, 3:31:52 PM
signalingstatechange
8/7/2025, 3:31:52 PM
transceiverModified [0], audio
8/7/2025, 3:31:52 PM
icegatheringstatechange
8/7/2025, 3:31:52 PM
icecandidateerror
8/7/2025, 3:31:52 PM
iceconnectionstatechange
8/7/2025, 3:31:52 PM
connectionstatechange
8/7/2025, 3:31:52 PM
icecandidate(sdpMid: audio-0, sdpMLineIndex: 0, type: relay, url: turn:103.167.xxx.xx:443?transport=udp, relayProtocol: udp)
8/7/2025, 3:31:52 PM
icecandidate(sdpMid: audio-0, sdpMLineIndex: 0, type: relay, url: turn:103.167.xxx.xx:443?transport=tcp, relayProtocol: tcp)
8/7/2025, 3:32:05 PM
setRemoteDescription (type: "offer", 2 sections)
8/7/2025, 3:32:05 PM
setLocalDescription (munged) (type: "answer", 2 sections)
8/7/2025, 3:32:05 PM
Please help me out
shakeeb nazmus
Aug 13, 2025, 6:54:28 AMAug 13
to discuss-webrtc
Hi Ajaas Shaik,
It seems that your TURN server configuration is not correct. In TURN, you cannot run UDP, TCP, and TLS protocols on the same port because the TURN protocol does not support TCP and TLS multiplexing at the application layer, unlike some other protocols.
Please change the following to a suitable, unused port
tls-listening-port=443
From your client’s configuration, it appears that TLS is not being used. In that case, the specific port you choose will not matter.
After setting up the TURN server, I recommend testing it using the Trickle ICE test page. You can find it by searching Google for "WebRTC Trickle ICE Testing Tool".
Thanks,
Shakeeb
Reply all
Reply to author
Forward
0 new messages