Problems getting Coturn TURN server to work outside of LAN
-
Hi folks, over the last month or so I've been working on learning about everything that pfSense has to offer, and getting it set up well for my network. I'm running pfSense on a standalone box with 8Gb RAM and an I5 CPU. I'm currently trying figure out what is preventing me from getting VoIP calls to work through Matrix Synapse using Coturn. When a user calls from outside of the local network to another user on the same local network as the VM the call rings but never fully connects after being answered. This also happens if the user on the LAN calls the external user. However, if both users are on the same LAN (the LAN the Coturn/Synapse VM is on) then both voice and video calls work.
I am using this Coturn docker image as part of the matrix-docker-ansible-deploy stack running in an Ubuntu Server VM. My web server is on the host machine so the domain name and certain other Matrix function are reverse proxied to the VM using NGINX.
In pfSense I have the ports 3478(tcp/udp), 5349 (tcp/udp), and 49152-49172 (udp) forwarded to the VM directly and NAT outbound traffic from the VM is set to use static ports.
This is my turnserver.conf
use-auth-secret static-auth-secret=<secret-pass> realm=my.domain listening-port=3478 tls-listening-port=5349 min-port=49152 max-port=49172 external-ip=<my-external-ip> log-file=stdout pidfile=/var/tmp/turnserver.pid userdb=/var/tmp/turnserver.db no-cli cert=/matrix/ssl/config/live/my.domain/fullchain.pem pkey=/matrix/ssl/config/live/my.domain/privkey.pem prod no-tcp-relay user-quota=12 total-quota=1200 denied-peer-ip=10.0.0.0-10.255.255.255 denied-peer-ip=192.168.0.0-192.168.255.255 denied-peer-ip=172.16.0.0-172.31.255.255 allowed-peer-ip=10.0.0.1
In my Synapse homserver.yaml Coturn is set to allow guests (at the moment at least), the shared-auth-secret is set, and the turn-uris are:
- turns:my.domain?transport=udp - turns:my.domain?transport=tcp - turn:my.domain?transport=udp - turn:my.domain?transport=tcp
I've been trying to figure this out for a couple of weeks now but haven't had any luck even figuring out where the problem is originating. When I run
journalctl -fu matrix-coturn
the logs don't show anything except for the creation of the turn servers and connection to the SQlite database.Any ideas about how I can continue trouble shooting this, or what might be going wrong?
-
-
I did eventually get this working but I'm sad to say that I can't remember exactly what it was that sorted it out. Going back through my rules I believe it may have had to do setting up two NAT outbound rules (one for TCP and one for UDP) with the "static port" option selected using two port aliases - TURNPortsTCP and TURNPorts UDP - that included my chosen ports, 3478, 5349, 49152:49172. Hope that helps!
-
-
I am facing the same problem. Could you show me your rules? I can't get it right :-(