matrix-docker-ansible-deploy
matrix-docker-ansible-deploy copied to clipboard
spantaleev
Coturn stopped working
I again have a problem with my coturn config. Everything (building for arm32 & self-check) seems fine, but when making a (video)call regardless from where to where I get stuck on "establishing call" with the Debug event "m.call.select.answer" or "m.call.negotiate". After the long awaited fix for the building problem for arm32 (https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1072#issuecomment-879475398 --> manually upgrade libseccomb2) it was working for a few calls and then (without upgrading or changing anything) I'm stucked with this issue (again).
As I said, I didn't make any changes to the config (nor to the network of my server) which was working like that. Are there any recent changes I might have missed to put in
my vars.yml file?!
matrix_architecture: arm32
matrix_domain: {hidden, its a dyndns-address}
matrix_coturn_container_image_self_build: true
matrix_coturn_turn_static_auth_secret: {hidden}
matrix_synapse_macaroon_secret_key: {hidden}
matrix_client_element_enabled: false
#matrix_nginx_proxy_enabled: false
matrix_ssl_retrieval_method: manually-managed
matrix_ssl_config_dir_path: /etc/letsencrypt
matrix_postgres_connection_password: {hidden}
matrix_mailer_enabled: false
matrix_synapse_max_upload_size_mb: 10000
matrix_synapse_url_preview_enabled: false
matrix_synapse_email_enabled: true
matrix_synapse_email_smtp_host: matrix
matrix_registration_enabled: false
matrix_synapse_admin_enabled: true
matrix_ma1sd_enabled: false
matrix_synapse_log_level: "INFO"
matrix_synapse_storage_sql_log_level: "INFO"
matrix_synapse_root_log_level: "INFO"
Thanks in advance
After some fiddling I was able to produce an error log:
Aug 07 16:12:40 Pi4 matrix-coturn[6717]: 0: : ERROR: Could not start Prometheus collector!
Aug 07 17:40:00 Pi4 matrix-coturn[6717]: 5239: : create_relay_ioa_sockets: no available ports 3
Aug 07 17:40:00 Pi4 matrix-coturn[6717]: 5239: : create_relay_ioa_sockets: no available ports 3
Aug 07 17:40:00 Pi4 matrix-coturn[6717]: 5239: : create_relay_ioa_sockets: no available ports 3
Aug 07 17:40:00 Pi4 matrix-coturn[6717]: 5239: : create_relay_ioa_sockets: no available ports 3
Aug 07 17:40:00 Pi4 matrix-coturn[6717]: 5239: : create_relay_ioa_sockets: no available ports 3
Aug 07 17:40:00 Pi4 matrix-coturn[6717]: 5239: : create_relay_ioa_sockets: no available ports 3
Aug 07 17:40:00 Pi4 matrix-coturn[6717]: 5239: : create_relay_ioa_sockets: no available ports 3
Aug 07 17:40:00 Pi4 matrix-coturn[6717]: 5239: : create_relay_ioa_sockets: no available ports 3
Aug 07 17:40:02 Pi4 matrix-coturn[6717]: 5242: : ERROR: session 003000000000000002: TLS/TCP socket error: Connection reset by peer 192.168.0.1:43572
so I guess its a portforwarding/firewall problem? Strange thing is
- it worked before with the exact same router and firewall config
- I just checked (again): in my router I forwarded the tcp+udp ports 3478 & 5349 and the udp ports 49152-49172 (as given here and on ufw as well (it shows the same error when disabling ufw completely)
edit: after I read over this text again I realized: why is it trying to open a connection to port 43572 when the portrange in turnserver.conf is set between 49152-49172??! when trying again and again the ports failing are changing regarding to the coturn-log but they seem to never be set in between 49152-49172...
Try increasing the port range for the relay. By default, a Coturn relay running on bare metal occupies the entire top half of the TCP/UDP port space, but due to Docker creating individual iptables rules for the redirects, we can't have that, unfortunately. Increase it to a hundred, see if that fixes your issue.
The TLS error is related to a bug in the Android WebRTC library used by Element. You can fix it by removing your TLS TURN URI's, which is done automatically if the playbook manages the certificates (see #1145)
Yeah, that did the trick!! Wow, what a fail to not have tried that!! Thanks a lot @pushytoxin!!!
Increase it to a hundred, see if that fixes your issue.
Ok, Actually I was wondering why it uses so much less ports with the playbooks config but I thought it has to make sense somehow and as so many seem to use it like that I never tried... I put it to 49152-49272 udp, set ufw and portforwarding accordingly and restarted coturn and... it just started!!
The TLS error is related to a bug in the Android WebRTC library used by Element. You can fix it by removing your TLS TURN URI's, which is done automatically if the playbook manages the certificates (see #1145)
Oh missed that, sorry and thanks for the hint. I changed the lines in the synapse/config/homeserver.yaml from turns to turn and the error is gone...
@pushytoxin (or others) Now for making it perfect: can anyone tell me how to put that in the vars.yml so I don't have to reconfigure manually every time I update?! I tried it but failed... thats why I didn't close the issue yet....
Hello guys! I'm not able to fix this issue for days even after applying all the changes recommended by you here. I used the same playbook. Below is my current turnserver config. For synapse I tried both turn: and turns: addresses - nothing changed. Nothing else in the Internet is helpful, so I'm just experimenting( on a previous server (non-Docker) coturn with +- the same config works (even with Let's encrypt) but fails to proccess around 10 percent all calls. If you have any ideas, I'd reallt appreciate an advise. Now all 1-1 calls (Android-Android, Android-Web) are in neverending "connecting state", and the coturn log shows errors posted below
use-auth-secret
static-auth-secret=1f10.....
realm=turn.matrix.my.domain
min-port=49152
max-port=51000
external-ip=88.......
log-file=stdout
pidfile=/var/tmp/turnserver.pid
userdb=/var/tmp/turnserver.db
no-cli
cert=/matrix/ssl/config/live/matrix.my.domain/fullchain.pem
pkey=/matrix/ssl/config/live/matrix.my.domain/privkey.pem
no-tlsv1
no-tlsv1_1
verbose
prod
no-tcp-relay
The error is still
matrix-coturn[75696]: 2557: : create_relay_ioa_sockets: no available ports 3
