Problems getting Coturn TURN server to work outside of LAN



  • Hi folks, over the last month or so I've been working on learning about everything that pfSense has to offer, and getting it set up well for my network. I'm running pfSense on a standalone box with 8Gb RAM and an I5 CPU. I'm currently trying figure out what is preventing me from getting VoIP calls to work through Matrix Synapse using Coturn. When a user calls from outside of the local network to another user on the same local network as the VM the call rings but never fully connects after being answered. This also happens if the user on the LAN calls the external user. However, if both users are on the same LAN (the LAN the Coturn/Synapse VM is on) then both voice and video calls work.

    I am using this Coturn docker image as part of the matrix-docker-ansible-deploy stack running in an Ubuntu Server VM. My web server is on the host machine so the domain name and certain other Matrix function are reverse proxied to the VM using NGINX.

    In pfSense I have the ports 3478(tcp/udp), 5349 (tcp/udp), and 49152-49172 (udp) forwarded to the VM directly and NAT outbound traffic from the VM is set to use static ports.

    This is my turnserver.conf

    use-auth-secret
    static-auth-secret=<secret-pass>
    realm=my.domain
    
    listening-port=3478
    tls-listening-port=5349
    min-port=49152
    max-port=49172
    external-ip=<my-external-ip>
    
    log-file=stdout
    pidfile=/var/tmp/turnserver.pid
    userdb=/var/tmp/turnserver.db
    
    no-cli
    
    cert=/matrix/ssl/config/live/my.domain/fullchain.pem
    pkey=/matrix/ssl/config/live/my.domain/privkey.pem
    
    prod
    no-tcp-relay
    
    user-quota=12
    total-quota=1200
    
    denied-peer-ip=10.0.0.0-10.255.255.255
    denied-peer-ip=192.168.0.0-192.168.255.255
    denied-peer-ip=172.16.0.0-172.31.255.255
    allowed-peer-ip=10.0.0.1
    

    In my Synapse homserver.yaml Coturn is set to allow guests (at the moment at least), the shared-auth-secret is set, and the turn-uris are:

    - turns:my.domain?transport=udp
    - turns:my.domain?transport=tcp
    - turn:my.domain?transport=udp
    - turn:my.domain?transport=tcp
    

    I've been trying to figure this out for a couple of weeks now but haven't had any luck even figuring out where the problem is originating. When I run journalctl -fu matrix-coturn the logs don't show anything except for the creation of the turn servers and connection to the SQlite database.

    Any ideas about how I can continue trouble shooting this, or what might be going wrong?


Log in to reply