matrix-docker-ansible-deploy icon indicating copy to clipboard operation
matrix-docker-ansible-deploy copied to clipboard

Published 20 hours ago verified publisher icon spantaleev

TLS for Coturn

Open roughnecks opened this issue 3 years ago • 4 comments

Playbook Configuration:

My vars.yml file looks like this:

matrix_coturn_enabled: true
matrix_coturn_tls_enabled: true
matrix_coturn_container_additional_volumes: [{"src": "/etc/ssl/certs/coturncert.crt", "dst": "/etc/ssl/certs/coturncert.crt", "options": "ro"}, {"src": "/etc/ssl/private/coturnprivate.key", "dst": "/etc/ssl/private/coturnprivate.key", "options": "ro"}]

Matrix Server:

  • OS: Debian 11
  • Architecture: amd64

Problem description:

I'm trying to setup TLS for Coturn using ZeroSSL; I created the certs and the site generated 3 files:

  1. certificate.crt
  2. private.key
  3. ca_bundle.crt

Then I combined 1 and 3 into cert.crt (cat certificate.crt ca_bundle.crt >> cert.crt) I copied the new cert and private.key into my host and set up my vars.yml as you can see above.

Did a "setup-all,start" and it didn't complain about anything. Then I did the voip test at https://test.voip.librepush.net/ but results still say my connection is unencrypted.

Is my vars.yaml correct? Any input why this is not working as expected? Thanks

roughnecks avatar Aug 18 '22 21:08 roughnecks

Forgot to say I checked coturn logs and they aren't telling anything. I also added: matrix_coturn_turn_static_auth_secret: "secret" to no avail.

roughnecks avatar Aug 18 '22 21:08 roughnecks

I also just found out that turnserver.conf in /matrix/coturn had wrong values for "cert" and "pkey", it was grabbing the default ones from default file, so I also added:

matrix_coturn_tls_cert_path: "/etc/ssl/certs/coturncert.crt"
matrix_coturn_tls_key_path: "/etc/ssl/private/coturnprivate.key"

and now it shows up correctly in turnserver.conf but the test still fails.

roughnecks avatar Aug 18 '22 22:08 roughnecks

I did a few other tests and I made progress but it's still not working:

After adding this to my conf:

matrix_synapse_turn_uris:
- turns:MY_IP?transport=udp
- turns:MY_IP?transport=tcp
- turn:MY_IP?transport=udp
- turn:MY_IP?transport=tcp

the test say "great" instead of good and for TLS it reports the following error:

turns:IP?transport=tcp
Didn't work
Fail
Failed the relaying test: VoIPTesterError [No relay candidates available to perform relay test]

while the working ones say:

turn:IP?transport=tcp
TURN
Excellent
Succeeded the relaying test.

Candidates:
IP port 49169/udp (relay (TURN))

roughnecks avatar Aug 25 '22 19:08 roughnecks

I've added verbose logging to turnserver.conf, otherwise I wouldn't be getting any log at all.. Now I'm getting this:

Sep 07 22:21:36 pandora.woodpeckersnest.space systemd[1]: Starting Matrix Coturn server...
Sep 07 22:21:37 pandora.woodpeckersnest.space systemd[1]: Started Matrix Coturn server.
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: Version Coturn-4.5.2 'dan Eider'
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: Max number of open files/sockets allowed for this process: 1048576
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: Due to the open files/sockets limitation,
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: max supported number of TURN Sessions possible is: 524000 (approximately)
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: ==== Show him the instruments, Practical Frost: ====
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : TLS supported
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : DTLS supported
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : DTLS 1.2 supported
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : TURN/STUN ALPN supported
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Third-party authorization (oAuth) supported
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : GCM (AEAD) supported
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : OpenSSL compile-time version: OpenSSL 1.1.1q  5 Jul 2022 (0x1010111f)
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : SQLite supported, default database location is /var/lib/coturn/turndb
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Redis supported
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : PostgreSQL supported
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : MySQL supported
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : MongoDB supported
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Default Net Engine version: 3 (UDP thread per CPU core)
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: =====================================================
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Domain name:
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Default realm: matrix.woodpeckersnest.space
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: :
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: CONFIG: --no-tcp-relay: TCP relay endpoints are not allowed.
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : SSL23: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : SSL23: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : TLS1.2: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : TLS1.2: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : TLS cipher suite: DEFAULT
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : DTLS: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : DTLS: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : DTLS1.2: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : DTLS1.2: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : DTLS cipher suite: DEFAULT
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : ===========Discovering listener addresses: =========
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Listener address to use: 127.0.0.1
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Listener address to use: 172.19.0.2
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : =====================================================
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Total: 1 'real' addresses discovered
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : =====================================================
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : ===========Discovering relay addresses: =============
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Relay address to use: 172.19.0.2
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : =====================================================
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Total: 1 relay addresses discovered
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : =====================================================
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : pid file created: /var/tmp/turnserver.pid
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : IO method (main listener thread): epoll (with changelist)
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Wait for relay ports initialization...
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: :   relay 172.19.0.2 initialization...
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: :   relay 172.19.0.2 initialization done
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : Relay ports initialization done
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : IO method (general relay thread): epoll (with changelist)
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : turn server id=0 created
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : IPv4. TLS/SCTP listener opened on : 127.0.0.1:3478
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : IPv4. TLS/TCP listener opened on : 127.0.0.1:3478
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : IPv4. TLS/SCTP listener opened on : 127.0.0.1:5349
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : IPv4. TLS/TCP listener opened on : 127.0.0.1:5349
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : IPv4. TLS/SCTP listener opened on : 172.19.0.2:3478
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : IPv4. TLS/TCP listener opened on : 172.19.0.2:3478
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : IPv4. TLS/SCTP listener opened on : 172.19.0.2:5349
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : IPv4. TLS/TCP listener opened on : 172.19.0.2:5349
Sep 07 22:21:45 pandora.woodpeckersnest.space matrix-coturn[262496]: 0: : IO method (general relay thread): epoll (with changelist)

But TURNS isn't working still, so I tried adding this line:

listening-ip=51.195.43.203

because on the log it says NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED and same for relay but when I restart I get this error:

Sep 07 22:13:27 pandora.woodpeckersnest.space systemd[1]: Starting Matrix Coturn server...
Sep 07 22:13:27 pandora.woodpeckersnest.space systemd[1]: Started Matrix Coturn server.
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Listener address to use: 51.195.43.203
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: Version Coturn-4.5.2 'dan Eider'
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: Max number of open files/sockets allowed for this process: 1048576
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: Due to the open files/sockets limitation,
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: max supported number of TURN Sessions possible is: 524000 (approximately)
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: ==== Show him the instruments, Practical Frost: ====
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : TLS supported
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : DTLS supported
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : DTLS 1.2 supported
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : TURN/STUN ALPN supported
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Third-party authorization (oAuth) supported
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : GCM (AEAD) supported
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : OpenSSL compile-time version: OpenSSL 1.1.1q  5 Jul 2022 (0x1010111f)
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : SQLite supported, default database location is /var/lib/coturn/turndb
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Redis supported
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : PostgreSQL supported
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : MySQL supported
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : MongoDB supported
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Default Net Engine version: 3 (UDP thread per CPU core)
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: =====================================================
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Domain name:
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Default realm: matrix.woodpeckersnest.space
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: :
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: CONFIG: --no-tcp-relay: TCP relay endpoints are not allowed.
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : SSL23: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : SSL23: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : TLS1.2: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : TLS1.2: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : TLS cipher suite: DEFAULT
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : DTLS: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : DTLS: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : DTLS1.2: Certificate file found: /matrix/ssl/coturn/fullchain.pem
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : DTLS1.2: Private key file found: /matrix/ssl/coturn/privkey.pem
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : DTLS cipher suite: DEFAULT
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Relay address to use: 51.195.43.203
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : pid file created: /var/tmp/turnserver.pid
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : IO method (main listener thread): epoll (with changelist)
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : WARNING: I cannot support STUN CHANGE_REQUEST functionality because only one IP address is provided
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Wait for relay ports initialization...
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: :   relay 51.195.43.203 initialization...
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: :   relay 51.195.43.203 initialization done
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Relay ports initialization done
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : IO method (general relay thread): epoll (with changelist)
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:29 pandora.woodpeckersnest.space matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : turn server id=0 created
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Trying to bind fd 12 to <51.195.43.203:3478>: errno=99
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Cannot bind TLS/TCP listener socket to addr 51.195.43.203:3478
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Trying to bind TLS/TCP listener socket to addr 51.195.43.203:3478, again...
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : IO method (general relay thread): epoll (with changelist)
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : turn server id=1 created
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Trying to bind fd 18 to <51.195.43.203:3478>: errno=99
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Cannot bind DTLS/UDP listener socket to addr 51.195.43.203:3478
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Trying to bind DTLS/UDP listener socket to addr 51.195.43.203:3478, again...
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Trying to bind fd 17 to <51.195.43.203:3478>: errno=99
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Cannot bind TLS/TCP listener socket to addr 51.195.43.203:3478
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Trying to bind TLS/TCP listener socket to addr 51.195.43.203:3478, again...
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Trying to bind fd 12 to <51.195.43.203:3478>: errno=99
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Cannot bind TLS/TCP listener socket to addr 51.195.43.203:3478
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Trying to bind TLS/TCP listener socket to addr 51.195.43.203:3478, again...
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Trying to bind fd 18 to <51.195.43.203:3478>: errno=99
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: 0: : Cannot bind DTLS/UDP listener socket to addr 51.195.43.203:3478
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:30 pandora.woodpeckersnest.space matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:31 pandora.woodpeckersnest.space matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:31 pandora.woodpeckersnest.space matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:31 pandora.woodpeckersnest.space matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:31 pandora.woodpeckersnest.space matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:31 pandora.woodpeckersnest.space matrix-coturn[248390]: bind: Address not available
Sep 07 22:13:31 pandora.woodpeckersnest.space matrix-coturn[248390]: Cannot bind local socket to addr: No such file or directory
Sep 07 22:13:32 pandora.woodpeckersnest.space matrix-coturn[248390]: bind: Address not available

Looks like errno 99 is for EADDRNOTAVAIL, so I'm a bit confused here, since that's my VPS's IP Address.

I'm pasting here my confs:

use-auth-secret
static-auth-secret=SECRET
realm=matrix.woodpeckersnest.space

min-port=49152
max-port=49172
external-ip=matrix.woodpeckersnest.space

log-file=stdout
pidfile=/var/tmp/turnserver.pid
userdb=/var/tmp/turnserver.db

no-cli

cert=/matrix/ssl/coturn/fullchain.pem
pkey=/matrix/ssl/coturn/privkey.pem
no-tlsv1
no-tlsv1_1

prod
no-tcp-relay

syslog
verbose

# Coturn
matrix_coturn_enabled: true
matrix_coturn_turn_static_auth_secret: "SECRET"

matrix_coturn_tls_enabled: true

#matrix.woodpeckersnest.space certbot
matrix_coturn_container_additional_volumes: [{"src": "/matrix/ssl/coturn/fullchain.pem", "dst": "/matrix/ssl/coturn/fullchain.pem", "options">

matrix_coturn_tls_cert_path: "/matrix/ssl/coturn/fullchain.pem"
matrix_coturn_tls_key_path: "/matrix/ssl/coturn/privkey.pem"

# Point Synapse to your other Coturn server
matrix_synapse_turn_uris:
- turns:woodpeckersnest.space?transport=udp
- turns:woodpeckersnest.space?transport=tcp
- turn:woodpeckersnest.space?transport=udp
- turn:woodpeckersnest.space?transport=tcp

roughnecks avatar Sep 07 '22 20:09 roughnecks