reason: TLS/TCP socket buffer operation error (callback
917 views
Skip to first unread message
Local Guru
Apr 30, 2020, 7:52:49 PM4/30/20
to TURN Server (Open-Source project)
Hi,
I set up coturn 4.5.1.1-1.1build2 on a fresh Ubuntu 20.04 LTS server and set it as stun/turn server in my jitsi/prosody config:
turncredentials = {
{ type = "stun", host = "turn.myserver.com", port = "443" },
{ type = "turn", host = "turn.myserver.com", port = "443", transport = "udp" },
{ type = "turns", host = "turn.myserver.com", port = "443", transport = "tcp" }
};
For testing TURN I droped all outgoing UDP traffic to port 10000 from my client to my jitsi videobridge, so that using turn is forced when starting a jitsi conference.
For some reason turns 443/tcp is not working. I see this in my log:
May 1 01:21:48 turn turnserver: 60: session 001000000000000001: closed (2nd stage), user <x> realm <turn.myserver.com> origin <>, local x.x.x.x:443, remote y.y.y.y:45558, reason: TLS/TCP socket buffer operation error (callback)
I checked port 443 of my coturn with "./testssl.sh turn.myserver.com:443" and the results are fine. cert and key are in pem format. The cert file contains the full chain. A check with "openssl s_client -connect turn.myserver.com:443" looks good too.
/etc/turnserver.conf:
listening-port=443
tls-listening-port=443
listening-ip=x.x.x.x
relay-ip=x.x.x.x
min-port=10000
max-port=20000
verbose
fingerprint
static-auth-secret=foobar
server-name=turn.myserver.com
realm=turn.myserver.com
cert=/etc/ssl/coturn/turn_myserver_com.crt
pkey=/etc/ssl/coturn/turn_myserver_com.key
dh-file=/etc/ssl/coturn/dhparam_2048.pem
no-stdout-log
syslog
simple-log
no-multicast-peers
mobility
no-tlsv1
no-tlsv1_1
For some reason, turns 443/tcp is not working. turn is working, but traffic is unencrypted on 443/udp.
Any ideas?
Ciao!
Marcus
Marcus
Local Guru
Apr 30, 2020, 9:20:48 PM4/30/20
to TURN Server (Open-Source project)
Just thinking about using nginx as reverse proxy for turns/tcp. But that would only be a stopgap solution, which makes the setup rather more complex. Would it be basically possible?
Nitin Dhami
Feb 8, 2021, 5:28:34 AM2/8/21
to TURN Server (Open-Source project)
Hi were you able to use Nginx for reverse proxy ?
Reply all
Reply to author
Forward
0 new messages