Stun seems to work, but not turn

207 views
Skip to first unread message

coturn help

unread,
Jan 27, 2023, 3:20:20 PM1/27/23
to turn-server-project...@googlegroups.com
I have coTurn and ejabberd set up on a Freedombox (Debian Pure Blend). I didn't create the configs myself. I entered some values into a config wizard when I said I wanted to install ejabberd, and the rest was done behind the scene.

Problem. I can complete calls to some users, but not to others. All have ejabberd accounts, and all are using Conversations IM app on Android. For those that don't work, the callee can see an incoming call, but after tapping the answer button, the call never gets completed. Voice and Video are the same.

I've tried called (and been called) without problem between my phone and a backup phone while my phone was on mobile data only, and the backup phone on wifi. I've successfully called (and been called by) my nephew who doesn't have and mobile data on his plan, so can only contect by Wifi. My nephew is in the same city. I can connect whether I'm using mobile data, or my wifi. However, I am unable to make or receive calls to a friend who lives several hundred kilometers from me.

I have server logs, and adb logcat output from Conversations IM. I'd be happy to share configs. Please let me know what information you need in order to help me figure out what needs fixing.

I should point out that I previously had the same problem with my nephew. It MAY have been (emphasis intentional) because I added a "listening-ip" directive with my ipv4 static address to the 2 existing "listening-ip"directives that were in  ipv6 format only. But, kids being sometimes hard to pin down to do testing with, I haven't conclusively determined that it was my config change was responsible and not my having restarted the server.

If anyone can think what may be missing in my coturn setup, please let me know

Pavel Punsky

unread,
Jan 28, 2023, 10:11:13 PM1/28/23
to TURN Server (Open-Source project)
Hi!
This seem to be very nuanced issue and definitely related to networking though not specifically coturn
I would start with trying to figure out what is special and different about the clients you fail to connect to.

coturn help

unread,
Jan 29, 2023, 11:45:28 AM1/29/23
to Pavel Punsky, TURN Server (Open-Source project)
Sorry, I initially replied only to Pavel. I am resending also to the list.

I have no idea how to go about discovering what is "special and different" about the clients I can't connect to. Can you give an example or two of what I might try?

What makes you think this isn't coturn specific. Could it not be a configuration error? I've had it suggested that stun seems to work but not turn.


------- Original Message -------
--
You received this message because you are subscribed to the Google Groups "TURN Server (Open-Source project)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/turn-server-project-rfc5766-turn-server/64e3b82d-3758-47a8-99e6-0af8214a8686n%40googlegroups.com.

Pavel Punsky

unread,
Jan 29, 2023, 5:46:51 PM1/29/23
to TURN Server (Open-Source project)
Specific means:
- WiFi vs cellular connection
- IPv4 vs IPv6
- Can connect to other servers
- Compare client logs if you can and discover differences (between those succeeding and those not)

If you think this is related to coturn pls review and compare coturn logs of successful/unsuccessful sessions to confirm the theory.

coturn help

unread,
Jan 31, 2023, 9:47:42 PM1/31/23
to turn-server-project...@googlegroups.com
I have figured this out. Though the configuration error that prevented turn from working was in ejabberd rather than coturn, I'm putting the solution here. It was quite a journey to arrive at the solution, and others may pass through there looking for the solution as I did. So, ...

Android usb-debugging logs for the client showed messages such as "skipping turn/tcp without username and password". For some reason credentials were not getting to the client.

https://docs.ejabberd.im/admin/configuration/modules/#mod-stun-disco at Available options->services->restricted says "This option determines whether temporary credentials for accessing the service are offered." The freedombox configuration wizard was incorrectly setting this to false for turn. Changing it to true was sufficient to make turn services available to clients.

The fix has been reported to Freedombox devs.

------- Original Message -------
Reply all
Reply to author
Forward
0 new messages