Help with setting up my own TURN server

Jorge · February 16, 2025, 5:52pm

Hi,

My longer term goal is to set up a private group Jami network.

Hypothetically consider a group of people have just arrived on Mars and want to set up Jami to communicate between several bases. There is no Internet back to Earth to reach existing Jami infrastructure.

Step 1 is to have a dhtnode (which I installed and seems to be working well)

Step 2 is to have a TURN server (which I have installed and is not working well with Jami)

If anyone can, please offer helpful suggestions on setting up a coturn TURN server.

I have followed: (Note: I used ring instead of sf1 to save retyping this info while testing)
https://docs.jami.net/en_US/developer/going-further/setting-up-your-own-turn-server.html
Setting up your own TURN server

nano /etc/turnserver.conf

listening-port=10000
listening-ip=0.0.0.0
min-port=10000
max-port=30000
lt-cred-mech
realm=ring

turnadmin -a -u ring -p ring -r ring

When testing with:

turn:myturn.mydoman.com:10000 [ring:ring]

All (Gather candidates)

Time Type Foundation Protocol Address Port Priority URL (if present) relayProtocol (if present)
0.001 host 0 udp 0ce2351c-4419-4933-98ce-dd7bfcd99d03.local 58678 126 | 32512 | 255
0.001 host 3 udp 601eb8c2-83be-45be-b956-f15140e4e27a.local 59173 126 | 32256 | 255
0.001 host 6 tcp 0ce2351c-4419-4933-98ce-dd7bfcd99d03.local 9 125 | 32704 | 255
0.001 host 7 tcp 601eb8c2-83be-45be-b956-f15140e4e27a.local 9 125 | 32448 | 255
0.001 host 0 udp 0ce2351c-4419-4933-98ce-dd7bfcd99d03.local 33374 126 | 32512 | 254
0.001 host 3 udp 601eb8c2-83be-45be-b956-f15140e4e27a.local 48514 126 | 32256 | 254
0.001 host 6 tcp 0ce2351c-4419-4933-98ce-dd7bfcd99d03.local 9 125 | 32704 | 254
0.001 host 7 tcp 601eb8c2-83be-45be-b956-f15140e4e27a.local 9 125 | 32448 | 254
0.296 srflx 4 udp zz.zz.zz.zz 59173 100 | 32287 | 255
0.297 relay 5 udp xx.xx.xx.xx 11802 5 | 32287 | 255
0.307 Done

All seems to work well.

However when connecting two Jami users (both behind different NAT firewalls) things did not work:

sent text was not received
audio / video calls could not be established

When using turn.jami.net, the two Jami users work correctly with text and calls.
TURN address: turn.jami.net
TURN username: ring
TURN password: ring
TURN Realm: ring

sblin · February 16, 2025, 10:22pm

Your turn server is hosted in a different network (and see the public IPS of the peers?)

Jorge · February 17, 2025, 12:40pm

Thanks for your reply.
I had a busy day to day and have not had chance to retest.

I want to retest so I can post new log information.

Jorge · February 17, 2025, 12:43pm

I am using three test environments:


Configuration 1) Attempt to simulate a company's internal LAN but with Internet access (for applying updates).
Note: there seems to be an issue with Jami (ICE or Coturn) finding the real Internet Facing IP address and trying to use this to find the two Jami users.

                                                (        )
                                               ( Internet )
                                                (        )
                                                     |
                      [NAT Firewall with Internet Facing IP address, and company LAN IP gateway] 
                                                     | 
 [Computer running Virtual test environment via Virt-Manager and its NAT firewall with company LAN IP facing IP address, and Test env IP address]
                                                     | (Network 192.168.100.0/24, GW: 192.168.100.1)
[Bind9 Name server (192.168.100.11)] <-----------------------------------> [dht and Coturn server for jami (192.168.100.2)]  
                      (192.168.100.101) |                            | (192.168.100.102)
                         [Company 1 - NAT IPFire wall]   [Company 2 NAT IPFire wall]
              (Network: 192.168.0.0/24) |                            | (Network: 102.168.0.0/24)	
                                        |                            |
                           [Company 1, User 1 Computer]      [Company 2, User 1 Computer]  
                             (192.168.0.103/24)                  (192.168.0.101/24) 



Configuration 2) Internal LAN with no Earth Internet access (Simulating living on Mars?).


 [Computer running Virtual test environment via Virt-Manager simulating a global isolated network]
                                                     | (Network 192.168.100.0/24, GW: 192.168.100.1)
[Bind9 Name server (192.168.100.11)] <-----------------------------------> [dht and Coturn server for jami (192.168.100.2)]  
                      (192.168.100.101) |                            | (192.168.100.102)
                         [Company 1 - NAT IPFire wall]   [Company 2 NAT IPFire wall]
              (Network: 192.168.0.0/24) |                            | (Network: 102.168.0.0/24)	
                                        |                            |
                           [Company 1, User 1 Computer]      [Company 2, User 1 Computer]  
                             (192.168.0.103/24)                  (192.168.0.101/24) 


Configuration 3) Internet facing dhtnode and Coturn server (no NAT), Company Internal NATed LAN, company user working externally via Mobile Data network connection.
Note: While I was hoping Jami would work in the above test environments, I decided to try an Internet connected Turn sever as a third test environment.

                     (                                                                            )
                    (  --------------------------- Internet--------------------------------------- )
                     (     |                         |                                       |    )
               [dht and Coturn server]     [Company NATed Firewall]    [Company external laptop user via Mobile Data network (not mobile phone)]
                                                     |
                                          [Company User Computer]






====================================================================================

I hope the above explains how I am trying to test Jami.

I will post again once I have had chance to do more testing.

Jorge · February 18, 2025, 2:49am

Testing with above Configuration 2)

PC 2 (Jami test user 2) - Attempting to send message to PC 1 (Jami Test User 1) the logs on PC2 show: “Connection to 192.168.100.2 failed - reset”

Feb 18 13:04:38 pc02 jami[984]: [ice:0x7f63180109c0] Negotiation starting (5 remote candidates)
Feb 18 13:04:40 pc02 jami[984]: [Account c61454ce9bdef69d] Refresh cache for TURN server resolution
Feb 18 13:04:40 pc02 jami[984]: [Account c61454ce9bdef69d] Cache refreshed for TURN resolution
Feb 18 13:04:40 pc02 jami[984]: Connection to 192.168.100.2 failed - reset
Feb 18 13:04:40 pc02 jami[984]: [Account c61454ce9bdef69d] Cache for TURN resolution failed.
Feb 18 13:04:42 pc02 jami[984]: [device 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689] Received request
Feb 18 13:04:42 pc02 jami[984]: Found peer device: 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689 account:ee3010e14e8887a59c71c21b15bbd59238c224cf CA:fd42474791adae0f0220c19ac6aa71a5665c0948
Feb 18 13:04:42 pc02 jami[984]: [device 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689] New connection request
Feb 18 13:04:42 pc02 jami[984]: Found peer device: 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689 account:ee3010e14e8887a59c71c21b15bbd59238c224cf CA:fd42474791adae0f0220c19ac6aa71a5665c0948
Feb 18 13:04:42 pc02 jami[984]: Accepting ICE request from ee3010e14e8887a59c71c21b15bbd59238c224cf
Feb 18 13:04:42 pc02 jami[984]: Store DHT public IPv4 address: 192.168.100.102
Feb 18 13:04:42 pc02 jami[984]: [device 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689] Accepting connection
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] Creating IceTransport session for ""
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] Initializing the session - comp count 1 - as a master
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] Add srflx reflexive candidates [192.168.0.101:9 : 192.168.100.102:9] for comp 1
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] TCP initialization success
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] as master
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] (local) ufrag=2d9376e8, pwd=47dd4f0b1c9587444fc97732
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] Add remote candidate: Hc0a80067 1 TCP 2130706431 192.168.0.103 43953 typ host tcptype passive
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] Add remote candidate: Hc0a80067 1 TCP 2130706175 192.168.0.103 9 typ host tcptype active
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] Add remote candidate: H6cb3d128 1 TCP 2130706431 fe80::e383:536e:cf10:3292 59459 typ host tcptype passive
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] Add remote candidate: H6cb3d128 1 TCP 2130706175 fe80::e383:536e:cf10:3292 9 typ host tcptype active
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] Add remote candidate: Sc0a80067 1 TCP 1694498303 192.168.100.101 9 typ srflx tcptype active
Feb 18 13:04:42 pc02 jami[984]: [device 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689] Connection accepted, DHT reply
Feb 18 13:04:42 pc02 jami[984]: [ice:0x7f6318056b40] Negotiation starting (5 remote candidates)
Feb 18 13:04:42 pc02 jami[984]: [device 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689] Answer to connection request: put encrypted ok
Feb 18 13:04:50 pc02 jami[984]: [Account c61454ce9bdef69d] Refresh cache for TURN server resolution
Feb 18 13:04:50 pc02 jami[984]: [Account c61454ce9bdef69d] Cache refreshed for TURN resolution
Feb 18 13:04:50 pc02 jami[984]: Connection to 192.168.100.2 failed - reset
Feb 18 13:04:50 pc02 jami[984]: [Account c61454ce9bdef69d] Cache for TURN resolution failed.
Feb 18 13:04:51 pc02 jami[984]: [ice:0x7f63180109c0] TCP negotiation failed: All ICE checklists failed (PJNATH_EICEFAILED)
Feb 18 13:04:51 pc02 jami[984]: [device 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689] ICE negotiation failed.
Feb 18 13:04:51 pc02 jami[984]: [ice:0x7f63180109c0] Destroying ice_strans 0x7f63180b6ad8```

I do not understand the connection failure. Is there a way to manually test the connection to the Turn server (on an isolated network, and from PC2 where the Jami client is installed) ?

nslookup for dhtturn.myjami.com.au returns the correct IP address of 192.168.100.2 so PC2 can and is find the turn server.

The listening port is set to 10000 and the PC Jami client is set to dhtturn.myjami.com.au:10000 with user id of ring, password of ring, and realm of sf1.

Rubus_chiliadenus · February 18, 2025, 9:03pm

A packet capture file may help.
tcpdump -i <interface> -w <file.pcap> 'tcp and host 192.168.100.2'

sblin · February 19, 2025, 3:34pm

coTURN should show some logs too. Seems it’s refusing the connection

reactormonk · February 19, 2025, 3:53pm

I’m also in the process of setting up my own TURN server (coturn), and according to the server logs, when I set username/password, jami doesn’t actually send them, I just get lines of

Feb 19 15:52:55 turn turnserver[1627]: 3301: : session 001000000000000125: realm <> user <>: incoming packet message processed, error 401: Unauthorized
Feb 19 15:52:55 turn turnserver[1627]: 3301: : session 001000000000000125: realm <> user <>: incoming packet message processed, error 400: Bad Request

Testing the server with Trickle ICE works fine and produces these logs:

Feb 19 15:55:25 turn turnserver[1627]: 3451: : session 000000000000000174: realm <> user <>: incoming packet message processed, error 401: Unauthorized
Feb 19 15:55:25 turn turnserver[1627]: 3451: : session 001000000000000135: realm <> user <>: incoming packet message processed, error 401: Unauthorized
Feb 19 15:55:25 turn turnserver[1627]: 3451: : IPv4. Local relay addr: IP0:57508
Feb 19 15:55:25 turn turnserver[1627]: 3451: : session 000000000000000174: new, realm=<>, username=<user>, lifetime=3600
Feb 19 15:55:25 turn turnserver[1627]: 3451: : session 000000000000000174: realm <> user <user>: incoming packet ALLOCATE processed, success
Feb 19 15:55:25 turn turnserver[1627]: 3451: : IPv4. Local relay addr: IP0:62205
Feb 19 15:55:25 turn turnserver[1627]: 3451: : session 001000000000000135: new, realm=<>, username=<user>, lifetime=3600
Feb 19 15:55:25 turn turnserver[1627]: 3451: : session 001000000000000135: realm <> user <user>: incoming packet ALLOCATE processed, success
Feb 19 15:55:25 turn turnserver[1627]: 3451: : session 000000000000000174: refreshed, realm=<>, username=<user>, lifetime=0
Feb 19 15:55:25 turn turnserver[1627]: 3451: : session 001000000000000135: refreshed, realm=<>, username=<user>, lifetime=0
Feb 19 15:55:25 turn turnserver[1627]: 3451: : session 000000000000000174: realm <> user <user>: incoming packet REFRESH processed, success
Feb 19 15:55:25 turn turnserver[1627]: 3451: : session 001000000000000135: realm <> user <user>: incoming packet REFRESH processed, success
Feb 19 15:55:26 turn turnserver[1627]: 3452: : session 001000000000000135: usage: realm=<>, username=<user>, rp=3, rb=252, sp=3, sb=288
Feb 19 15:55:26 turn turnserver[1627]: 3452: : session 000000000000000174: usage: realm=<>, username=<user>, rp=3, rb=252, sp=3, sb=288
Feb 19 15:55:26 turn turnserver[1627]: 3452: : session 000000000000000174: peer usage: realm=<>, username=<user>, rp=0, rb=0, sp=0, sb=0
Feb 19 15:55:26 turn turnserver[1627]: 3452: : session 000000000000000174: closed (2nd stage), user <user> realm <> origin <>, local IP0:3478, remote IP1:33323, reason: allocation timeout
Feb 19 15:55:26 turn turnserver[1627]: 3452: : session 000000000000000174: delete: realm=<>, username=<user>
Feb 19 15:55:26 turn turnserver[1627]: 3452: : session 001000000000000135: peer usage: realm=<>, username=<user>, rp=0, rb=0, sp=0, sb=0
Feb 19 15:55:26 turn turnserver[1627]: 3452: : session 001000000000000135: closed (2nd stage), user <user> realm <> origin <>, local IP0:3478, remote IP1:45974, reason: allocation timeout
Feb 19 15:55:26 turn turnserver[1627]: 3452: : session 001000000000000135: delete: realm=<>, username=<user>

From what I can see, the TURN support in jami is broken, reported: TURN support broken? (#633) · Issues · savoirfairelinux / dhtnet · GitLab

… digging in.

Jorge · February 21, 2025, 10:10am

Some logs from further testing:

Using my test environment and using turn.jami.net for as the TURN server (which works well).

Feb 18 15:41:41 pc02 jami[1023]: Added TURN server '51.222.138.120', port 3478
Feb 18 15:41:42 pc02 jami[1023]: [ice:0x7f58bc110de0] TCP initialization success
Feb 18 15:41:42 pc02 jami[1023]: [ice:0x7f58bc110de0] as master
Feb 18 15:41:42 pc02 jami[1023]: [ice:0x7f58bc110de0] (local) ufrag=1e35a61c, pwd=2fea1bc3332fbd844ac90b3a
Feb 18 15:41:42 pc02 jami[1023]: [ice:0x7f58bc110de0] Add remote candidate: Hc0a80067 1 TCP 2130706431 192.168.0.103 51513 typ host tcptype passive
Feb 18 15:41:42 pc02 jami[1023]: [ice:0x7f58bc110de0] Add remote candidate: Hc0a80067 1 TCP 2130706175 192.168.0.103 9 typ host tcptype active
Feb 18 15:41:42 pc02 jami[1023]: [ice:0x7f58bc110de0] Add remote candidate: H6cb3d128 1 TCP 2130706431 fe80::e383:536e:cf10:3292 42215 typ host tcptype passive
Feb 18 15:41:42 pc02 jami[1023]: [ice:0x7f58bc110de0] Add remote candidate: H6cb3d128 1 TCP 2130706175 fe80::e383:536e:cf10:3292 9 typ host tcptype active
Feb 18 15:41:42 pc02 jami[1023]: [ice:0x7f58bc110de0] Add remote candidate: Sc0a80067 1 TCP 1694498303 XX.XX.XX.XX 9 typ srflx tcptype active
Feb 18 15:41:42 pc02 jami[1023]: [ice:0x7f58bc110de0] Add remote candidate: R33de8a78 1 TCP 16777215 51.222.138.120 15376 typ relay tcptype passive
Feb 18 15:41:42 pc02 jami[1023]: [device 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689] Connection accepted, DHT reply
Feb 18 15:41:42 pc02 jami[1023]: [ice:0x7f58bc110de0] Negotiation starting (6 remote candidates)
Feb 18 15:41:42 pc02 jami[1023]: Building device sync from fa44bac1c4d278779dd5baf02d7c9889972edd13cc816cb4233d7e9b9ba481cf
Feb 18 15:41:46 pc02 jami[1023]: Store DHT public IPv4 address: XX.XX.XX.XX
Feb 18 15:41:46 pc02 jami[1023]: [ice:0x7f58bc206690] Creating IceTransport session for ""
Feb 18 15:41:46 pc02 jami[1023]: [ice:0x7f58bc206690] Initializing the session - comp count 1 - as a slave
Feb 18 15:41:46 pc02 jami[1023]: [ice:0x7f58bc206690] Add srflx reflexive candidates [192.168.0.101:9 : XX.XX.XX.XX:9] for comp 1

Using my test environment and my internet facing turn server (YY.YY.YY.YY) for the TURN server, which fails.

Feb 18 16:18:20 pc02 jami[992]: Added TURN server 'YY.YY.YY.YY', port 3478
Feb 18 16:18:20 pc02 jami[992]: [ice:0x7f9fbc1274c0] TCP initialization success
Feb 18 16:18:20 pc02 jami[992]: [ice:0x7f9fbc1274c0] as master
Feb 18 16:18:20 pc02 jami[992]: [ice:0x7f9fbc1274c0] (local) ufrag=048dcc70, pwd=2c4a8ae65c6d6f2179b2f3e7
Feb 18 16:18:20 pc02 jami[992]: [ice:0x7f9fbc1274c0] Add remote candidate: Hc0a80067 1 TCP 2130706431 192.168.0.103 34539 typ host tcptype passive
Feb 18 16:18:20 pc02 jami[992]: [ice:0x7f9fbc1274c0] Add remote candidate: Hc0a80067 1 TCP 2130706175 192.168.0.103 9 typ host tcptype active
Feb 18 16:18:20 pc02 jami[992]: [ice:0x7f9fbc1274c0] Add remote candidate: H6cb3d128 1 TCP 2130706431 fe80::e383:536e:cf10:3292 47431 typ host tcptype passive
Feb 18 16:18:20 pc02 jami[992]: [ice:0x7f9fbc1274c0] Add remote candidate: H6cb3d128 1 TCP 2130706175 fe80::e383:536e:cf10:3292 9 typ host tcptype active
Feb 18 16:18:20 pc02 jami[992]: [ice:0x7f9fbc1274c0] Add remote candidate: Sc0a80067 1 TCP 1694498303 XX.XX.XX.XX 9 typ srflx tcptype active
Feb 18 16:18:20 pc02 jami[992]: [ice:0x7f9fbc1274c0] Add remote candidate: Rcb10d00c 1 TCP 16777215 YY.YY.YY.YY 26524 typ relay tcptype passive
Feb 18 16:18:20 pc02 jami[992]: [device 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689] Connection accepted, DHT reply
Feb 18 16:18:20 pc02 jami[992]: [ice:0x7f9fbc1274c0] Negotiation starting (6 remote candidates)
Feb 18 16:18:22 pc02 jami[992]: [device 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689] Answer to connection request: put encrypted ok
Feb 18 16:18:23 pc02 jami[992]: [ice:0x7f9fbc0b5bd0] TCP negotiation failed: All ICE checklists failed (PJNATH_EICEFAILED)
Feb 18 16:18:23 pc02 jami[992]: [device 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689] ICE negotiation failed.
Feb 18 16:18:23 pc02 jami[992]: [ice:0x7f9fbc0b5bd0] Destroying ice_strans 0x7f9fbc03ac98
Feb 18 16:18:31 pc02 jami[992]: [ice:0x7f9fbc1274c0] TCP negotiation failed: All ICE checklists failed (PJNATH_EICEFAILED)
Feb 18 16:18:31 pc02 jami[992]: [device 7e018dce2ecb5788041fe1f1be3411a4782b54bc3470627135d8fd7b75ee1689] ICE negotiation failed.
Feb 18 16:18:31 pc02 jami[992]: [ice:0x7f9fbc1274c0] Destroying ice_strans 0x7f9fbc1360c8

From the logs and other tests, the message “All ICE checklists failed” seems to be where reports indicate failure.

I do not know how ICE is used for the Jami communications.

I believe the Trickle ICE tests show no issues. (Note: I just realised that I could use Trickle ICE to test both turn.jami.net and my test TURN server, then compare the difference if any. To be honest I do not expect in significant or helpful differences to be shown.)

Any information on Jami and ICE, particularly from other who successfully run their won TURN servers, could be useful.

Jorge.

Rubus_chiliadenus · February 21, 2025, 11:17am

Feb 18 16:18:20 pc02 jami[992]: Added TURN server ‘YY.YY.YY.YY’, port 3478

Oh, Jami used port 3478, not port 10000.

Jorge · February 21, 2025, 12:17pm

Yes, the normal TURN port is 3478, which turn.jami.net actually uses.

The instructions in “Setting up your own TURN server” suggests to specifically use port 10000. I do not know why these instruction suggest using port 10000, but it does not matter if you change the port as long as it is changed both on your turn server’s listening port and in the Jami client’s turn settings. (at least this is my understanding).

For my internet facing turn server, I decided to use port 3478 for the turn server listening port.

I also believe port 5349 is the turn server’s listening port if you enable SSL connections.

Jorge · February 21, 2025, 12:22pm

Further testing tonight has not really helped me get closer to a solution. However I now wonder if my problem might be firewalls due to my Internet router modem.

When using a laptop connected to the Internet via mobile data (from my phone), I was not able to successfully test turn.jami.net using Trickle ICE web site test. Nor was I able to successfully test my Internet facing turn server. Multiple internet connections (non-mobile data) to do successful tests.

Does anyone have experience testing turn servers?

Rubus_chiliadenus · February 22, 2025, 1:52am

Did you input myturn.mydoman.com:10000 at TURN address field?

Jorge · February 22, 2025, 3:49am

To answer the question, “Did you input myturn.mydoman.com:10000 at TURN address field?” Answer: When the turn server was listening to port 10000, yes, the Jami client’s need to be set to myturn.mydoman.com:10000.

When connecting to TURN servers that are listening on the default turn port of 3478, then it is not needed, e.g. turn.jami.net:3478 or turn.jami.net can be used. But using turn.jami.net:10000 does not work.

Do you know why the Jami TURN server documentation, “Setting up your own TURN server”, suggests using “listening-port=10000” and not the standard turn server ports?

Rubus_chiliadenus · February 22, 2025, 4:31am

Feb 18 16:18:20 pc02 jami[992]: [ice:0x7f9fbc1274c0] Add remote candidate: Rcb10d00c 1 TCP 16777215 YY.YY.YY.YY 26524 typ relay tcptype passive

PC 1 gathered a relay candidate, so your TURN server was working for PC 1, but it was not working for PC 2?

Jorge · February 23, 2025, 5:53am

I don’t think that was correct.

In my test, PC2 was trying to connect to PC1.

Using turn.jami.net, PC2 can connect to PC1.

Using my turn server, PC2 cannot connect to PC1.

However after further testing with a few friends today, I believe the issue is related to various firewall issues. But I have yet to be able to carefully analyse the results to make any firm conclusions.

Jorge · February 23, 2025, 5:55am

Should anyone else be having TURN server issues, and hoping some of my tests might give clues to other TURN related issues, I will post various information about my testing. I also hope some one may spot an issue with my configuration or want to make comment.

Jorge · February 23, 2025, 6:03am

My theory is that home router firewalls vary and give varying results (success or failure) for TURN servers.

Using the test web page:

One of my friends reported:

The server stun:turn.jami.net:3478 returned an error with code=701:
STUN host lookup received error.

The server turn:turn.jami.net:3478?transport=udp returned an error with code=701:
TURN host lookup received error.

Another friend’s tests returned the following:

stun:turn.jami.net

Time     Type     Foundation     Protocol     Address     Port     Priority     URL (if present)     relayProtocol (if present)
0.003    host    0    udp    5166aedc-68e1-4072-a815-2e31f07db302.local    62130    126 | 32256 | 255
0.007    host    2    udp    08e7abb3-2f50-46b2-8ecf-863b8a53641f.local    62131    126 | 32512 | 255
0.010    host    4    tcp    5166aedc-68e1-4072-a815-2e31f07db302.local    9    125 | 32448 | 255
0.010    host    5    tcp    08e7abb3-2f50-46b2-8ecf-863b8a53641f.local    9    125 | 32704 | 255
0.012    host    0    udp    5166aedc-68e1-4072-a815-2e31f07db302.local    62132    126 | 32256 | 254
0.012    host    2    udp    08e7abb3-2f50-46b2-8ecf-863b8a53641f.local    62133    126 | 32512 | 254
0.013    host    4    tcp    5166aedc-68e1-4072-a815-2e31f07db302.local    9    125 | 32448 | 254
0.013    host    5    tcp    08e7abb3-2f50-46b2-8ecf-863b8a53641f.local    9    125 | 32704 | 254
0.546    srflx    1    udp    ::ffff:144.6.174.56    62130    100 | 32287 | 255
0.572    srflx    1    udp    ::ffff:144.6.174.56    62132    100 | 32287 | 254

turn:turn.jami.net [ring,ring]

Time     Type     Foundation     Protocol     Address     Port     Priority     URL (if present)     relayProtocol (if present)
0.004    host    0    udp    1cf0fd2d-e611-486a-ad9c-5265b4d2da60.local    50868    126 | 32256 | 255
0.005    host    3    udp    f2724529-312d-4272-b354-ddbfcfca96a9.local    50869    126 | 32512 | 255
0.006    host    6    tcp    1cf0fd2d-e611-486a-ad9c-5265b4d2da60.local    9    125 | 32448 | 255
0.006    host    7    tcp    f2724529-312d-4272-b354-ddbfcfca96a9.local    9    125 | 32704 | 255
0.006    host    0    udp    1cf0fd2d-e611-486a-ad9c-5265b4d2da60.local    50870    126 | 32256 | 254
0.007    host    3    udp    f2724529-312d-4272-b354-ddbfcfca96a9.local    50871    126 | 32512 | 254
0.007    host    6    tcp    1cf0fd2d-e611-486a-ad9c-5265b4d2da60.local    9    125 | 32448 | 254
0.007    host    7    tcp    f2724529-312d-4272-b354-ddbfcfca96a9.local    9    125 | 32704 | 254
0.812    srflx    1    udp    ::ffff:144.6.174.56    50868    100 | 32287 | 255
0.812    relay    2    udp    144.217.83.140    17577    5 | 32287 | 255
0.840    srflx    1    udp    ::ffff:144.6.174.56    50870    100 | 32287 | 254
0.841    relay    2    udp    144.217.83.140    13989    5 | 32287 | 254

For my turn server, they received “11.505 Not reachable?”

Jorge · February 23, 2025, 6:09am

When I run the Trickle ICE test to a non-existent domain, I get

Time 	Type 	Foundation 	Protocol 	Address 	Port 	Priority 	URL (if present) 	relayProtocol (if present)
0.002	host	0	udp	5672527e-086c-4099-92f1-08bcc0f9b02d.local	51176	126 | 32512 | 255		
0.003	host	3	udp	37f0a19b-c95f-4409-9629-b6086d87f1dd.local	58939	126 | 32256 | 255		
0.003	host	6	tcp	5672527e-086c-4099-92f1-08bcc0f9b02d.local	9	125 | 32704 | 255		
0.003	host	7	tcp	37f0a19b-c95f-4409-9629-b6086d87f1dd.local	9	125 | 32448 | 255		
0.003	host	0	udp	5672527e-086c-4099-92f1-08bcc0f9b02d.local	46387	126 | 32512 | 254		
0.003	host	3	udp	37f0a19b-c95f-4409-9629-b6086d87f1dd.local	58708	126 | 32256 | 254		
0.003	host	6	tcp	5672527e-086c-4099-92f1-08bcc0f9b02d.local	9	125 | 32704 | 254		
0.004	host	7	tcp	37f0a19b-c95f-4409-9629-b6086d87f1dd.local	9	125 | 32448 | 254		
0.332	Not reachable?

Which leaves me to believe that

external people sometimes cannot reach my TURN server in a useful way.
the following report is not important for test success or failure? Where as previously I thought the “host” information was actually output from a successful test.

Time 	Type 	Foundation 	Protocol 	Address 	Port 	Priority 	URL (if present) 	relayProtocol (if present)
0.002	host	0	udp	5672527e-086c-4099-92f1-08bcc0f9b02d.local	51176	126 | 32512 | 255		
0.003	host	3	udp	37f0a19b-c95f-4409-9629-b6086d87f1dd.local	58939	126 | 32256 | 255		
0.003	host	6	tcp	5672527e-086c-4099-92f1-08bcc0f9b02d.local	9	125 | 32704 | 255		
0.003	host	7	tcp	37f0a19b-c95f-4409-9629-b6086d87f1dd.local	9	125 | 32448 | 255		
0.003	host	0	udp	5672527e-086c-4099-92f1-08bcc0f9b02d.local	46387	126 | 32512 | 254		
0.003	host	3	udp	37f0a19b-c95f-4409-9629-b6086d87f1dd.local	58708	126 | 32256 | 254		
0.003	host	6	tcp	5672527e-086c-4099-92f1-08bcc0f9b02d.local	9	125 | 32704 | 254		
0.004	host	7	tcp	37f0a19b-c95f-4409-9629-b6086d87f1dd.local	9	125 | 32448 | 254

Different Internet modem/routers and user environments can also play a big part in whether your TURN server will work or not.

Rubus_chiliadenus · February 23, 2025, 10:17am

Could you check firewall rules of your server? Ports 10000-30000 (the range in your turnserver.conf) should be allowed. (both UDP and TCP, due to Jami)