coturn icon indicating copy to clipboard operation
coturn copied to clipboard

Published 20 hours ago verified publisher icon coturn

TURNS not working (matrix-docker-ansible-deploy)

Open roughnecks opened this issue 2 years ago • 2 comments

Hello,

I'm trying to se up TURNS for my Matrix HomeServer, running Debian 11 and matrix-docker-ansible-deploy playbook.

This is my turnserver.conf:

use-auth-secret
static-auth-secret=SECRET
realm=matrix.redacted.tld

min-port=49152
max-port=49172
external-ip=matrix.redacted.tld

log-file=stdout
pidfile=/var/tmp/turnserver.pid
userdb=/var/tmp/turnserver.db

no-cli

cert=/matrix/ssl/coturn/fullchain.pem
pkey=/matrix/ssl/coturn/privkey.pem
no-tlsv1
no-tlsv1_1

prod
no-tcp-relay

syslog
verbose

This is my log:

Sep 07 22:21:36 pandora.redacted systemd[1]: Starting Matrix Coturn server...
Sep 07 22:21:37 pandora.redacted systemd[1]: Started Matrix Coturn server.
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: Version Coturn-4.5.2 'dan Eider'
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: Max number of open files/sockets allowed for this process: 1048576
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: Due to the open files/sockets limitation,
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: max supported number of TURN Sessions possible is: 524000 (approximately)
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: ==== Show him the instruments, Practical Frost: ====
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : TLS supported
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : DTLS supported
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : DTLS 1.2 supported
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : TURN/STUN ALPN supported
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Third-party authorization (oAuth) supported
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : GCM (AEAD) supported
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : OpenSSL compile-time version: OpenSSL 1.1.1q  5 Jul 2022 (0x1010111f)
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : SQLite supported, default database location is /var/lib/coturn/turndb
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Redis supported
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : PostgreSQL supported
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : MySQL supported
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : MongoDB supported
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Default Net Engine version: 3 (UDP thread per CPU core)
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: =====================================================
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Domain name:
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Default realm: matrix.redacted
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: CONFIG: --no-tcp-relay: TCP relay endpoints are not allowed.
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : SSL23: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : SSL23: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : TLS1.2: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : TLS1.2: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : TLS cipher suite: DEFAULT
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : DTLS: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : DTLS: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : DTLS1.2: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : DTLS1.2: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : DTLS cipher suite: DEFAULT
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : ===========Discovering listener addresses: =========
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Listener address to use: 127.0.0.1
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Listener address to use: 172.19.0.2
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : =====================================================
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Total: 1 'real' addresses discovered
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : =====================================================
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : ===========Discovering relay addresses: =============
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Relay address to use: 172.19.0.2
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : =====================================================
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Total: 1 relay addresses discovered
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : =====================================================
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : pid file created: /var/tmp/turnserver.pid
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : IO method (main listener thread): epoll (with changelist)
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Wait for relay ports initialization...
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: :   relay 172.19.0.2 initialization...
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: :   relay 172.19.0.2 initialization done
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : Relay ports initialization done
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : IO method (general relay thread): epoll (with changelist)
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : turn server id=0 created
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : IPv4. TLS/SCTP listener opened on : 127.0.0.1:3478
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : IPv4. TLS/SCTP listener opened on : 127.0.0.1:5349
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : IPv4. TLS/SCTP listener opened on : 172.19.0.2:3478
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : IPv4. TLS/TCP listener opened on : 172.19.0.2:3478
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : IPv4. TLS/SCTP listener opened on : 172.19.0.2:5349
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : IPv4. TLS/TCP listener opened on : 172.19.0.2:5349
Sep 07 22:21:45 pandora.redacted matrix-coturn[262496]: 0: : IO method (general relay thread): epoll (with changelist)

I'm testing it via https://test.voip.librepush.net/ and it always says that encryption isn't available (no relay server for TURNS).

So I tried adding this line: listening-ip=PUBLIC_FACING_IP to turnserver.conf because on the log it says NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED and same for relay but when I restart I get this error:

Sep 07 22:13:27 pandora.redacted systemd[1]: Starting Matrix Coturn server...
Sep 07 22:13:27 pandora.redacted systemd[1]: Started Matrix Coturn server.
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : Listener address to use: 51.195.redacted
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: Version Coturn-4.5.2 'dan Eider'
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: Max number of open files/sockets allowed for this process: 1048576
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: Due to the open files/sockets limitation,
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: max supported number of TURN Sessions possible is: 524000 (approximately)
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: ==== Show him the instruments, Practical Frost: ====
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : TLS supported
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : DTLS supported
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : DTLS 1.2 supported
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : TURN/STUN ALPN supported
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : Third-party authorization (oAuth) supported
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : GCM (AEAD) supported
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : OpenSSL compile-time version: OpenSSL 1.1.1q  5 Jul 2022 (0x1010111f)
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : SQLite supported, default database location is /var/lib/coturn/turndb
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : Redis supported
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : PostgreSQL supported
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : MySQL supported
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : MongoDB supported
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : Default Net Engine version: 3 (UDP thread per CPU core)
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: =====================================================
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : Domain name:
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : Default realm: matrix.redacted
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: CONFIG: --no-tcp-relay: TCP relay endpoints are not allowed.
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : SSL23: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : SSL23: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : TLS1.2: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : TLS1.2: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : TLS cipher suite: DEFAULT
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : DTLS: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : DTLS: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : DTLS1.2: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : DTLS1.2: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : DTLS cipher suite: DEFAULT
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : Relay address to use: 51.195.redacted
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : pid file created: /var/tmp/turnserver.pid
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : IO method (main listener thread): epoll (with changelist)
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : Wait for relay ports initialization...
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: :   relay 51.195.redacted initialization...
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: :   relay 51.195.redacted initialization done
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : Relay ports initialization done
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: 0: : IO method (general relay thread): epoll (with changelist)
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:29 pandora.redacted matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : turn server id=0 created
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Trying to bind fd 12 to <51.195.redacted:3478>: errno=99
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Cannot bind TLS/TCP listener socket to addr 51.195.redacted:3478
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Trying to bind TLS/TCP listener socket to addr 51.195.redacted:3478, again...
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : IO method (general relay thread): epoll (with changelist)
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : turn server id=1 created
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Trying to bind fd 18 to <51.195.redacted:3478>: errno=99
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Cannot bind DTLS/UDP listener socket to addr 51.195.redacted:3478
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Trying to bind DTLS/UDP listener socket to addr 51.195.redacted:3478, again...
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Trying to bind fd 17 to <51.195.redacted:3478>: errno=99
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Cannot bind TLS/TCP listener socket to addr 51.195.redacted:3478
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Trying to bind TLS/TCP listener socket to addr 51.195.redacted:3478, again...
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Trying to bind fd 12 to <51.195.redacted:3478>: errno=99
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Cannot bind TLS/TCP listener socket to addr 51.195.redacted:3478
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Trying to bind TLS/TCP listener socket to addr 51.195.redacted:3478, again...
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Trying to bind fd 18 to <51.195.redacted:3478>: errno=99
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: 0: : Cannot bind DTLS/UDP listener socket to addr 51.195.redacted:3478
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:30 pandora.redacted matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:31 pandora.redacted matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:31 pandora.redacted matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:31 pandora.redacted matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:31 pandora.redacted matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:31 pandora.redacted matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:31 pandora.redacted matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:32 pandora.redacted matrix-coturn[248390]: bind: Address not available

Looks like errno 99 is for EADDRNOTAVAIL, so I'm a bit confused here, since that's my VPS's IP Address.

Any advice on how shall I proceed? Thanks

roughnecks avatar Sep 10 '22 17:09 roughnecks

listener-ip needs to be the private IP, not the public IP. So the second error is expected.

Regarding the first error it looks to me like a matrix configuration issue. What are the turn servers you are configuring in matrix? Do you include a turns url? (I don't know much about matrix tbh).

ggarber avatar Sep 14 '22 10:09 ggarber

Hello.

It's running this:

Sep 12 04:25:41 matrix-coturn[516679]: RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Sep 12 04:25:41 matrix-coturn[516679]: Version Coturn-4.5.2 'dan Eider'

Do you need other info, because I wouldn't know where to get them..

This is my conf in matrix:

# Coturn
matrix_coturn_enabled: true
matrix_coturn_turn_static_auth_secret: "MySecret"

matrix_coturn_tls_enabled: true

matrix_coturn_container_additional_volumes: [{"src": "/matrix/ssl/coturn/fullchain.pem", "dst": "/matrix/ssl/coturn/fullchain.pem", "options": "rw"}, {"src": "/matrix/ssl/coturn/privkey.pem", "dst": "/matrix/ssl/coturn/privkey.pem", "options": "rw"}]

matrix_coturn_tls_cert_path: "/matrix/ssl/coturn/fullchain.pem"
matrix_coturn_tls_key_path: "/matrix/ssl/coturn/privkey.pem"

# Point Synapse to your other Coturn server
matrix_synapse_turn_uris:
- turns:woodpeckersnest.space?transport=udp
- turns:woodpeckersnest.space?transport=tcp
- turn:woodpeckersnest.space?transport=udp
- turn:woodpeckersnest.space?transport=tcp

This is the reference I'm following: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/roles/matrix-coturn/defaults/main.yml

roughnecks avatar Sep 14 '22 19:09 roughnecks