this post was submitted on 13 May 2024
6 points (100.0% liked)

Matrix

3288 readers
2 users here now

An open network for secure, decentralized communication

founded 4 years ago
MODERATORS
6
submitted 6 months ago* (last edited 6 months ago) by Lemmchen@feddit.de to c/matrix@lemmy.ml
 

I've set up my homeserver via matrix-docker-ansible-deploy, but made the mistake of using my domain as ansible_host variable at first. I think that is why now my Coturn server doesn't work as intended. Calls can only be made (in Element) when I enable turn.matrix.org as an alternative in the settings.

Since the initital setup, I've correctly replaced the domain with the server IP in the ansible inventory file and reran just setup-all, but I still can't make calls via my homeserver.

  1. Is it likely that the mistake I made is causing this issue?
  2. What can I do to correct the Coturn configuration or otherwise fix this issue?

EDIT:
I've found this in the docs: https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-playbook-turn.md#manually-defining-your-public-ip
I'll try this and report back.

EDIT2: This did not fix the issue.

you are viewing a single comment's thread
view the rest of the comments
[–] Lemmchen@feddit.de 1 points 6 months ago* (last edited 6 months ago) (1 children)

If this was the case, the playbook would surely set up two different Coturn instances. Also, I don't understand why it would work that way.
My setup is not a "special usecase", but a single unfederated homeserver. Calls do not work between users unless turn.matrix.org is enabled.

[–] jakob@soc.schuerz.at 1 points 6 months ago (1 children)

@Lemmchen

The stun protocoll is btokering a direct p2p-connection between devices, when it's possible in case of network.

When a direct connection is not possible (both devices are behind differen natted networks/firewalls), turn is needed (turns with ssl) and the audio/video datastream runs through the turn-server.

Are your devices in the same LAN/WLAN? Or in different?
Is one at home, the other in office-network?

If they are in different networks, (it belongs to the clients, not the server!) a stun server is needed outside the network in the free, for both reachable internet!
So both can see and reach the stun/turn server.

I think, your coturn is not not good reachable from outside in your setup, that's why turn.matrix.org works, and yours not.

Coturn can work as turn and stun at the same time.

Maybe the standardports 5439 and 3478 (each also +1) or the highports are blocked by your firewall.

So you can try to let them listen on port 443 (turns) and 80 (stun) from outside. Most firewalls won't block those ports...

Or describe please, how exactly do you use your matrix? Where is your homeserver, in which networks are your clients? Do you use vpn?

This is hardcore network-stuff snd not directly related to matrix.

[–] Lemmchen@feddit.de 1 points 6 months ago (1 children)

The homeserver incl. Coturn is running on a VPS, no ports blocked.
The clients are in different networks. Everything should just work, but it doesn't for some reason.

[–] jakob@soc.schuerz.at 1 points 6 months ago (1 children)

@Lemmchen the different client-networks csn be the problem.

Some providers block webrtc or stun/turn...

Did you try to test your coturn on
webrtc.github.io/samples/src/c…

Delete all servers there and fill in your stun and turn (turn incl. credentials) andvtest ist.

You should get relay (=turn) and srflx (=stun) marked entries

[–] Lemmchen@feddit.de 2 points 6 months ago* (last edited 6 months ago) (1 children)

Did you try to test your coturn

The test correctly gathers the srflx candidates, so STUN should be working. But I can't get it to find relay candidates, so I guess TURN isn't?

[–] jakob@soc.schuerz.at 1 points 6 months ago

@Lemmchen

This is only stun.
For a working turn you need also "relay" entries