coturn icon indicating copy to clipboard operation
coturn copied to clipboard
verified publisher icon coturn

Can we successfully run Coturn in PRIVATE subnet of any public cloud ?

Open Govind10g opened this issue 11 months ago • 5 comments

Hi Team,

I heard that running coturn in private subnet has some network complexity and it doesn't work as expected.

So wanted to check if we successfully run Coturn in PRIVATE subnet of any public cloud ?

Govind10g avatar Jan 13 '25 03:01 Govind10g

You need to elaborate on what you're asking about, the question isn't clear.

jonesmz avatar Jan 13 '25 04:01 jonesmz

Hi @jonesmz

I was trying to setup the TURN server for Synapse and as per synapse doc, I got to know that they are not suggesting to host TURN server in Private subnet and instead of Public server.

image

https://matrix-org.github.io/synapse/v1.40/turn-howto.html#configuration

Govind10g avatar Jan 13 '25 04:01 Govind10g

The image you included in the document seems pretty clear to me. You shouldn't do this.

But if you absolutely have to, then you need to set the external-ip address to say what the turnserver's public ip address is.

jonesmz avatar Jan 13 '25 06:01 jonesmz

Actually I already tried to run in Private subnet but it didn't work even after using the external-ip hence wanted to check with community if they have any server which is running in Private subnet ? Or have done such kind of implementation in past ?

Govind10g avatar Jan 13 '25 06:01 Govind10g

It didn't work in what manner? You'll need to describe the actual setup you did before someone can correct any misconfigurations.

jonesmz avatar Jan 13 '25 06:01 jonesmz

I am running coturn behind a NAT. But it was a real hassle to implement it and to verify it works. (Took me the better part of a day till it worked)

make sure that you configured coturn right:

  • you need to configure the external-ip
  • I also needed to configure the listening ip (docker MAC-Vlan thing?)
  • And i needed to configure the min- and max- port (without it, it failed for some reason)
  • I highly recommend to turn on verbose mode to see what actually fails
  • Turn on no-auth while testing -> add a the authentication mechanism later when in production .... There are a cupple more settings you may want to set

Next Configure the Firewall with ALL the ports you configured to use to point to the Server. (not only the min-max TURN UDP ports but also the STUN and STUN TLS ports)

Next check with this website if you can reach your Turn/Stun server: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ (Format: stun:(YOUR SERVER) or turn:(YOUR SERVER))

Next configure authentication and your Matrix to use coturn Sadly the Matrix tester is defunct so you need to test with 2 clients who call each other. Also use a few different clients with a few different connections (browser/app mobilephone/windows/linux/mac wired connection/cell connection/wlan) because some configurations dont like one thing or another

hope this helps

Error00101 avatar Mar 13 '25 20:03 Error00101

No answer from the author since January, closing. Thank you guys for supporting him.

ggarber avatar May 22 '25 09:05 ggarber

I have same problem

FunkyYang avatar Aug 23 '25 07:08 FunkyYang

@Error00101

TQ for this info

https://github.com/coturn/coturn/issues/1627#issuecomment-2722604416 here.

meng7171 avatar Oct 08 '25 07:10 meng7171