this post was submitted on 13 May 2024
4 points (83.3% liked)

Matrix

196 readers
2 users here now

An open network for secure, decentralized communication

founded 4 years ago
MODERATORS
 

I've set up my homeserver via matrix-docker-ansible-deploy, but made the mistake of using my domain as ansible_host variable at first. I think that is why now my Coturn server doesn't work as intended. Calls can only be made (in Element) when I enable turn.matrix.org as an alternative in the settings.

Since the initital setup, I've correctly replaced the domain with the server IP in the ansible inventory file and reran just setup-all, but I still can't make calls via my homeserver.

  1. Is it likely that the mistake I made is causing this issue?
  2. What can I do to correct the Coturn configuration or otherwise fix this issue?

EDIT:
I've found this in the docs: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-turn.md#manually-defining-your-public-ip
I'll try this and report back.

EDIT2: This did not fix the issue.

top 7 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 5 months ago (1 children)

@Lemmchen

I had big problems with pairdrop and webrtc which also needs coturn stun or turn(s) protocol...

I found a good hiden hint for coturn and webrtc...

For special usecases you need two stun-server with different ip-addresses to be able to detect a working p2p connection.

You can use 2 different machines in different datacenters or it could also work with the same coturn on a vm with 2 different public ip-addresses.

If a p2o-connection is not possible, a turn(s)-server should be configured in matrix homeserver too.
This can be the same coturn as for stun.

AND... this cost me days of research and trial&error...

For a propper webrtc-connection in a federated system as matrix is, BOTH matrix homeservers must have configured 2 stun and at least one turn(s) server in their homeserver.yaml

I reproduced this every time trying to establish a call from two different mobile-phones with natted internet-connections from different ISPs on different matrix homeservers with different or one with no stun/turn-server configured.
I tried all setups many times.

You won't find this info elsewhere...

What i still not got working is, ehen one client is connected through vpn, and the other not.
I've no chance to establish a connection.

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago) (1 children)

If this was the case, the playbook would surely set up two different Coturn instances. Also, I don't understand why it would work that way.
My setup is not a "special usecase", but a single unfederated homeserver. Calls do not work between users unless turn.matrix.org is enabled.

[–] [email protected] 1 points 5 months ago (1 children)

@Lemmchen

The stun protocoll is btokering a direct p2p-connection between devices, when it's possible in case of network.

When a direct connection is not possible (both devices are behind differen natted networks/firewalls), turn is needed (turns with ssl) and the audio/video datastream runs through the turn-server.

Are your devices in the same LAN/WLAN? Or in different?
Is one at home, the other in office-network?

If they are in different networks, (it belongs to the clients, not the server!) a stun server is needed outside the network in the free, for both reachable internet!
So both can see and reach the stun/turn server.

I think, your coturn is not not good reachable from outside in your setup, that's why turn.matrix.org works, and yours not.

Coturn can work as turn and stun at the same time.

Maybe the standardports 5439 and 3478 (each also +1) or the highports are blocked by your firewall.

So you can try to let them listen on port 443 (turns) and 80 (stun) from outside. Most firewalls won't block those ports...

Or describe please, how exactly do you use your matrix? Where is your homeserver, in which networks are your clients? Do you use vpn?

This is hardcore network-stuff snd not directly related to matrix.

[–] [email protected] 1 points 5 months ago (1 children)

The homeserver incl. Coturn is running on a VPS, no ports blocked.
The clients are in different networks. Everything should just work, but it doesn't for some reason.

[–] [email protected] 1 points 5 months ago (1 children)

@Lemmchen the different client-networks csn be the problem.

Some providers block webrtc or stun/turn...

Did you try to test your coturn on
webrtc.github.io/samples/src/c…

Delete all servers there and fill in your stun and turn (turn incl. credentials) andvtest ist.

You should get relay (=turn) and srflx (=stun) marked entries

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago) (1 children)

Did you try to test your coturn

The test correctly gathers the srflx candidates, so STUN should be working. But I can't get it to find relay candidates, so I guess TURN isn't?

[–] [email protected] 1 points 5 months ago

@Lemmchen

This is only stun.
For a working turn you need also "relay" entries