I have installed my own STUN/TURN server and I am trying to use it from a WebRTC client behind a firewall allowing only TCP/443 to internet without success.
I tried the following unsuccessfully:
- Replace UDP/3478 with TCP/3478 or TCP/5349 or UDP/5349 on client's firewall
- URL on signaling server turn:(host FQDN)?transport=tcp
- Use on-udp and/or listening-port=443 in turnserver.conf
- I Checked of the certificates and are valid for the particular server's FQDN.
The only successful attempt was when
- I comment out line "tls-listening-port=443" in the turnserver.conf shown bellow
- I opened the UDP/3478 from client to STUN/TURN server.
- I used the URL turn:(host FQDN) on signaling server (without any port)
My environment:
STUN/TURN Server: Coturn-4.5.0.7 on a Ubuntu 18.04.6 LTS
turnserver.conf:
no-cli
cli-password=nocli
verbose
listening-ip=(host internal ip)
relay-ip=(host internal ip)
external-ip=(host public ip)
realm=(host domain name e.g. mydomain.com)
lt-cred-mech
mysql-userdb="host=localhost dbname=coturn user=turn password=(mysql password) connect_timeout=30 read_timeout=30"
cert=/etc/letsencrypt/live/(host FQDN)/fullchain.pem
pkey=/etc/letsencrypt/live/(host FQDN)/privkey.pem
tls-listening-port=443
no-stdout-log
use-auth-secret
static-auth-secret=(secret)
STUN/TURN Server Incoming firewall rules:
- TCP/80
- TCP/443
- any/3478
- any/5349
- UDP/49152-65535
Client: Chrome Version 103.0.5060.114 (64-bit) on a Windows 10 Pro Version 21H2
Client outgoing firewall rules: TCP/443 to the entire internet
STUN/TURN server URL on signaling server: turn:(host FQDN):443
Note: Client and STUN/TURN server are on entirely different networks and behind NAT
