TURN port seems to be +1 than in config #6672

CJosso · 2020-05-12T16:24:20Z

This Issue tracker is only for reporting bugs and tracking code related issues.

Before posting, please make sure you check community.jitsi.org to see if the same or similar bugs have already been discussed.
General questions, installation help, and feature requests can also be posted to community.jitsi.org.

Description

After a fresh install on debian 10.4 turn port seems to get a +1 than what is configured

Current behavior

/etc/turnserver.conf :

# jitsi-meet coturn config. Do not modify this line
use-auth-secret
keep-address-family
static-auth-secret=shadowed
realm=pr-j-aca-2
cert=/etc/jitsi/meet/pr-j-aca-2.crt
pkey=/etc/jitsi/meet/pr-j-aca-2.key

no-tcp
listening-port=4445
tls-listening-port=4444
external-ip=;; connection timed out; no servers could be reached

syslog

Then after a :
systemctl restart coturn

root@pr-j-aca-2:/etc# netstat -apntu | grep turnserver
udp        0      0 192.168.87.41:4445      0.0.0.0:*                           13496/turnserver    
udp        0      0 192.168.87.41:4445      0.0.0.0:*                           13496/turnserver    
udp        0      0 192.168.87.41:4445      0.0.0.0:*                           13496/turnserver    
udp        0      0 192.168.87.41:4445      0.0.0.0:*                           13496/turnserver    
udp        0      0 127.0.0.1:4445          0.0.0.0:*                           13496/turnserver    
udp        0      0 127.0.0.1:4445          0.0.0.0:*                           13496/turnserver    
udp        0      0 127.0.0.1:4445          0.0.0.0:*                           13496/turnserver    
udp        0      0 127.0.0.1:4445          0.0.0.0:*                           13496/turnserver    
udp        0      0 192.168.87.41:4446      0.0.0.0:*                           13496/turnserver    
udp        0      0 192.168.87.41:4446      0.0.0.0:*                           13496/turnserver    
udp        0      0 192.168.87.41:4446      0.0.0.0:*                           13496/turnserver    
udp        0      0 192.168.87.41:4446      0.0.0.0:*                           13496/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13496/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13496/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13496/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13496/turnserver    
udp6       0      0 ::1:4445                :::*                                13496/turnserver    
udp6       0      0 ::1:4445                :::*                                13496/turnserver    
udp6       0      0 ::1:4445                :::*                                13496/turnserver    
udp6       0      0 ::1:4445                :::*                                13496/turnserver    
udp6       0      0 ::1:4446                :::*                                13496/turnserver    
udp6       0      0 ::1:4446                :::*                                13496/turnserver    
udp6       0      0 ::1:4446                :::*                                13496/turnserver    
udp6       0      0 ::1:4446                :::*                                13496/turnserver

Expected Behavior

Than the port configured are exposed

Possible Solution

Steps to reproduce

Fresh Debian install with nginx installed first

Environment details

The text was updated successfully, but these errors were encountered:

damencho · 2020-05-12T16:43:04Z

On a fresh install coturn is listening on 4445 and 4446 (we are going to change those there is PR for that) and Nginx is multiplexing traffic and forwarding turn to port 4445 for turns
https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet/jitsi-meet.conf#L10
And prosody is advertising 4446 for just turn udp https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example#L10

What is the problem, actually?

CJosso · 2020-05-13T07:08:38Z

The problem is that if I modify the exposed ports in the file /etc/turnserver.conf (like I did in this example) the port that turnserver actually listen are not those configured but are +1 :

listening-port=4445
tls-listening-port=4444

Gives turnserver listening on 4445 and 4446.

CJosso · 2020-05-13T07:18:54Z

With another try, it seems that it is not +1,
It is just that coturn takes the listening-port and use listening-port and listening-port + 1 not tls-listening-port

This is not what one could expect when modifying this configuration file.

damencho · 2020-05-13T16:05:05Z

So more information you can find at https://github.com/coturn/coturn/blob/master/README.turnserver

Echolon · 2020-05-13T19:50:04Z

ref.
#6406
#6383
#6167
#6165

unfortunately I lag the technical understanding to decide if there is a duplicate.

Echolon · 2020-05-13T20:42:40Z

Also this:
Android App Rejects Let's Encrypt Chain on TURNS Connection #5589

CJosso · 2020-05-14T08:33:28Z

So more information you can find at https://github.com/coturn/coturn/blob/master/README.turnserver

Ok, understood. I close this here as it is not related to jitsi but coturn.

CJosso · 2020-05-14T08:54:53Z

Sorry but I'm reopening it as on a fresh install of jitsi-meet I got these :

# cat /etc/turnserver.conf

# jitsi-meet coturn config. Do not modify this line
use-auth-secret
keep-address-family
static-auth-secret=4IObPyaMySPUAkDu
realm=pr-j-aca-1
cert=/etc/jitsi/meet/pr-j-aca-1.crt
pkey=/etc/jitsi/meet/pr-j-aca-1.key

no-tcp
listening-port=4446
tls-listening-port=4445
external-ip=;; connection timed out; no servers could be reached

syslog

# cat /etc/nginx/modules-enabled/60-jitsi-meet.conf

# this is jitsi-meet nginx module configuration
# this forward all http traffic to the nginx virtual host port
# and the rest to the turn server

stream {
    upstream web {
        server 127.0.0.1:4444;
    }
    upstream turn {
        server 127.0.0.1:4445;
    }
    # since 1.13.10
    map $ssl_preread_alpn_protocols $upstream {
        ~\bh2\b         web;
        ~\bhttp/1\.     web;
        default         turn;
    }

    server {
        listen 443;
        listen [::]:443;

        # since 1.11.5
        ssl_preread on;
        proxy_pass $upstream;

        # Increase buffer to serve video
        proxy_buffer_size 10m;
    }
}

and

# netstat -apntu

Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale          Adresse distante        Etat        PID/Program name    
tcp        0      0 0.0.0.0:5280            0.0.0.0:*               LISTEN      1890/lua5.2         
tcp        0      0 127.0.0.1:5347          0.0.0.0:*               LISTEN      1890/lua5.2         
tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      1890/lua5.2         
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1992/nginx: worker  
tcp        0      0 0.0.0.0:5269            0.0.0.0:*               LISTEN      1890/lua5.2         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      520/sshd            
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1992/nginx: worker  
tcp        0      0 0.0.0.0:4444            0.0.0.0:*               LISTEN      1992/nginx: worker  
tcp        0      0 192.168.87.41:80        195.221.67.174:56960    TIME_WAIT   -                   
tcp        0    232 192.168.87.41:22        172.29.212.138:51872    ESTABLISHED 2892/sshd: root@pts 
tcp        0      0 192.168.87.41:80        195.221.67.174:16070    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.174:14885    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.175:41173    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.174:47386    TIME_WAIT   -                   
tcp        0      0 127.0.0.1:5222          127.0.0.1:39580         ESTABLISHED 1890/lua5.2         
tcp        0      0 192.168.87.41:80        195.221.67.175:45231    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.175:16813    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.175:45046    TIME_WAIT   -                   
tcp        0     44 192.168.87.41:22        172.29.212.138:48934    ESTABLISHED 30276/sshd: root@pt 
tcp        0      0 192.168.87.41:80        195.221.67.174:47200    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.175:18692    TIME_WAIT   -                   
tcp        0      0 127.0.0.1:5222          127.0.0.1:39576         ESTABLISHED 1890/lua5.2         
tcp        0      0 192.168.87.41:80        195.221.67.174:48124    TIME_WAIT   -                   
tcp        0      0 127.0.0.1:5347          127.0.0.1:34086         ESTABLISHED 1890/lua5.2         
tcp        0      0 192.168.87.41:80        195.221.67.174:64253    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.175:44862    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.174:34176    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.175:16252    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.175:45872    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.174:47570    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.175:26245    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.174:48033    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.175:45414    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.175:41159    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.174:54598    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.175:45137    TIME_WAIT   -                   
tcp        0      0 192.168.87.41:80        195.221.67.174:47754    TIME_WAIT   -                   
tcp6       0      0 :::5280                 :::*                    LISTEN      1890/lua5.2         
tcp6       0      0 ::1:5347                :::*                    LISTEN      1890/lua5.2         
tcp6       0      0 :::5222                 :::*                    LISTEN      1890/lua5.2         
tcp6       0      0 :::80                   :::*                    LISTEN      1992/nginx: worker  
tcp6       0      0 :::5269                 :::*                    LISTEN      1890/lua5.2         
tcp6       0      0 :::22                   :::*                    LISTEN      520/sshd            
tcp6       0      0 :::8888                 :::*                    LISTEN      32673/java          
tcp6       0      0 :::443                  :::*                    LISTEN      1992/nginx: worker  
tcp6       0      0 :::4444                 :::*                    LISTEN      1992/nginx: worker  
tcp6       0      0 127.0.0.1:34086         127.0.0.1:5347          ESTABLISHED 32673/java          
tcp6       0      0 127.0.0.1:39580         127.0.0.1:5222          ESTABLISHED 32188/java          
tcp6       0      0 127.0.0.1:39576         127.0.0.1:5222          ESTABLISHED 32673/java          
udp        0      0 192.168.87.41:4446      0.0.0.0:*                           1957/turnserver     
udp        0      0 192.168.87.41:4446      0.0.0.0:*                           1957/turnserver     
udp        0      0 192.168.87.41:4446      0.0.0.0:*                           1957/turnserver     
udp        0      0 192.168.87.41:4446      0.0.0.0:*                           1957/turnserver     
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           1957/turnserver     
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           1957/turnserver     
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           1957/turnserver     
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           1957/turnserver     
udp        0      0 192.168.87.41:4447      0.0.0.0:*                           1957/turnserver     
udp        0      0 192.168.87.41:4447      0.0.0.0:*                           1957/turnserver     
udp        0      0 192.168.87.41:4447      0.0.0.0:*                           1957/turnserver     
udp        0      0 192.168.87.41:4447      0.0.0.0:*                           1957/turnserver     
udp        0      0 127.0.0.1:4447          0.0.0.0:*                           1957/turnserver     
udp        0      0 127.0.0.1:4447          0.0.0.0:*                           1957/turnserver     
udp        0      0 127.0.0.1:4447          0.0.0.0:*                           1957/turnserver     
udp        0      0 127.0.0.1:4447          0.0.0.0:*                           1957/turnserver     
udp6       0      0 ::1:4446                :::*                                1957/turnserver     
udp6       0      0 ::1:4446                :::*                                1957/turnserver     
udp6       0      0 ::1:4446                :::*                                1957/turnserver     
udp6       0      0 ::1:4446                :::*                                1957/turnserver     
udp6       0      0 ::1:4447                :::*                                1957/turnserver     
udp6       0      0 ::1:4447                :::*                                1957/turnserver     
udp6       0      0 ::1:4447                :::*                                1957/turnserver     
udp6       0      0 ::1:4447                :::*                                1957/turnserver     
udp6       0      0 :::20119                :::*                                32673/java

So, turnserver will never be reached by the nginx proxy rule as nothing is listening on 4445 because of the coturn bug explained before.

damencho · 2020-05-14T11:29:11Z

Can you include the coturn logs from the same run.

CJosso · 2020-05-14T12:13:28Z

# journalctl -u coturn


mai 14 10:37:53 pr-j-aca-2 systemd[1]: Starting coTURN STUN/TURN Server...
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: error resolving ';; connection timed out; no servers could be reached' hostname: Name or service not known
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: 
                                             RFC 3489/5389/5766/5780/6062/6156 STUN/TURN Server
                                             Version Coturn-4.5.1.1 'dan Eider'
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: 
                                             Max number of open files/sockets allowed for this process: 524288
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: 
                                             Due to the open files/sockets limitation,
                                             max supported number of TURN Sessions possible is: 262000 (approximately)
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: 
                                             
                                             ==== Show him the instruments, Practical Frost: ====
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: TLS supported
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: DTLS supported
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: DTLS 1.2 supported
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: TURN/STUN ALPN supported
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Third-party authorization (oAuth) supported
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: GCM (AEAD) supported
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: OpenSSL compile-time version: OpenSSL 1.1.1b  26 Feb 2019 (0x1010102f)
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0:
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: SQLite supported, default database location is /var/lib/turn/turndb
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Redis supported
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: PostgreSQL supported
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: MySQL supported
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: MongoDB is not supported
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0:
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Default Net Engine version: 3 (UDP thread per CPU core)
                                             
                                             =====================================================
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Domain name:
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Default realm: pr-j-aca-2.in.ac-rennes.fr
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: 
                                             CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: WARNING: cannot find private key file: /etc/jitsi/meet/pr-j-aca-2.in.ac-rennes.fr.key (1)
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: NO EXPLICIT LISTENER ADDRESS(ES) ARE CONFIGURED
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: ===========Discovering listener addresses: =========
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Listener address to use: 127.0.0.1
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Listener address to use: 192.168.87.41
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Listener address to use: ::1
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: =====================================================
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Total: 1 'real' addresses discovered
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: =====================================================
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: NO EXPLICIT RELAY ADDRESS(ES) ARE CONFIGURED
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: ===========Discovering relay addresses: =============
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Relay address to use: 192.168.87.41
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Relay address to use: ::1
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: =====================================================
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: Total: 2 relay addresses discovered
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: =====================================================
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: pid file created: /run/turnserver/turnserver.pid
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: IO method (main listener thread): epoll (with changelist)
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: Wait for relay ports initialization...
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0:   relay 192.168.87.41 initialization...
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0:   relay 192.168.87.41 initialization done
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0:   relay ::1 initialization...
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0:   relay ::1 initialization done
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: Relay ports initialization done
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: IO method (general relay thread): epoll (with changelist)
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: IO method (general relay thread): epoll (with changelist)
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: turn server id=1 created
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: turn server id=0 created
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: IO method (general relay thread): epoll (with changelist)
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: IO method (general relay thread): epoll (with changelist)
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: turn server id=2 created
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: turn server id=3 created
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: Total General servers: 4
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: IO method (auth thread): epoll (with changelist)
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: IO method (admin thread): epoll (with changelist)
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: IO method (auth thread): epoll (with changelist)
mai 14 10:37:53 pr-j-aca-2 turnserver[1957]: 0: SQLite DB connection success: /var/lib/turn/turndb
mai 14 10:37:55 pr-j-aca-2 systemd[1]: Started coTURN STUN/TURN Server.

The file exists :

# ls -l /etc/jitsi/meet/pr-j-aca-2.in.ac-rennes.fr.key
-rw------- 1 root root 3272 mai   14 10:37 /etc/jitsi/meet/pr-j-aca-2.in.ac-rennes.fr.key

damencho · 2020-05-14T12:21:07Z

Ah there is nothing about ports in there :(

CJosso · 2020-05-19T07:33:09Z

It says that it won't listen on TLS ports because :

mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: WARNING: cannot find private key file: /etc/jitsi/meet/pr-j-aca-2.in.ac-rennes.fr.key (1)
mai 14 10:37:53 pr-j-aca-2 turnserver[1956]: 0: WARNING: cannot start TLS and DTLS listeners because private key file is not set properly

And I found what the problem is :

The rights of the key file aren't good for turnserver to read it. The install script on debian should make the file group-owned by turnserver ant readable by group.

After those two manipulations, the server is starting right :

# chown :turnserver keyfile
# chmod g+r keyfile
# systemctl restart coturn
# netstat -apntu

Connexions Internet actives (serveurs et établies)
Proto Recv-Q Send-Q Adresse locale          Adresse distante        Etat        PID/Program name    
tcp        0      0 0.0.0.0:5269            0.0.0.0:*               LISTEN      2389/lua5.2         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      538/sshd            
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      8177/nginx: master  
tcp        0      0 0.0.0.0:4444            0.0.0.0:*               LISTEN      8177/nginx: master  
tcp        0      0 192.168.87.40:4445      0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 127.0.0.1:4445          0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 192.168.87.40:4445      0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 127.0.0.1:4445          0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 192.168.87.40:4445      0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 192.168.87.40:4445      0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 127.0.0.1:4445          0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 127.0.0.1:4445          0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 192.168.87.40:4446      0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 127.0.0.1:4446          0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 192.168.87.40:4446      0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 127.0.0.1:4446          0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 192.168.87.40:4446      0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 192.168.87.40:4446      0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 127.0.0.1:4446          0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 127.0.0.1:4446          0.0.0.0:*               LISTEN      13067/turnserver    
tcp        0      0 0.0.0.0:5280            0.0.0.0:*               LISTEN      2389/lua5.2         
tcp        0      0 127.0.0.1:5347          0.0.0.0:*               LISTEN      2389/lua5.2         
tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      2389/lua5.2         
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      8177/nginx: master  
tcp        0    232 192.168.87.40:22        172.29.212.151:37662    ESTABLISHED 13012/sshd: root@pt 
tcp        0      0 127.0.0.1:5222          127.0.0.1:43780         ESTABLISHED 2389/lua5.2         
tcp        0      0 127.0.0.1:5222          127.0.0.1:43710         ESTABLISHED 2389/lua5.2         
tcp        0      0 127.0.0.1:5347          127.0.0.1:35572         ESTABLISHED 2389/lua5.2         
tcp6       0      0 :::5269                 :::*                    LISTEN      2389/lua5.2         
tcp6       0      0 :::22                   :::*                    LISTEN      538/sshd            
tcp6       0      0 :::8888                 :::*                    LISTEN      723/java            
tcp6       0      0 :::443                  :::*                    LISTEN      8177/nginx: master  
tcp6       0      0 :::4444                 :::*                    LISTEN      8177/nginx: master  
tcp6       0      0 ::1:4445                :::*                    LISTEN      13067/turnserver    
tcp6       0      0 ::1:4445                :::*                    LISTEN      13067/turnserver    
tcp6       0      0 ::1:4445                :::*                    LISTEN      13067/turnserver    
tcp6       0      0 ::1:4445                :::*                    LISTEN      13067/turnserver    
tcp6       0      0 ::1:4446                :::*                    LISTEN      13067/turnserver    
tcp6       0      0 ::1:4446                :::*                    LISTEN      13067/turnserver    
tcp6       0      0 ::1:4446                :::*                    LISTEN      13067/turnserver    
tcp6       0      0 ::1:4446                :::*                    LISTEN      13067/turnserver    
tcp6       0      0 :::5280                 :::*                    LISTEN      2389/lua5.2         
tcp6       0      0 ::1:5347                :::*                    LISTEN      2389/lua5.2         
tcp6       0      0 :::5222                 :::*                    LISTEN      2389/lua5.2         
tcp6       0      0 :::80                   :::*                    LISTEN      8177/nginx: master  
tcp6       0      0 127.0.0.1:43710         127.0.0.1:5222          ESTABLISHED 723/java            
tcp6       0      0 127.0.0.1:35572         127.0.0.1:5347          ESTABLISHED 723/java            
tcp6       0      0 127.0.0.1:43780         127.0.0.1:5222          ESTABLISHED 8216/java           
udp        0      0 192.168.87.40:4445      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4445      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4445      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4445      0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4445          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4445          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4445          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4445          0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4446      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4446      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4446      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4446      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4446      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4446      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4446      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4446      0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4446          0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4447      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4447      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4447      0.0.0.0:*                           13067/turnserver    
udp        0      0 192.168.87.40:4447      0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4447          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4447          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4447          0.0.0.0:*                           13067/turnserver    
udp        0      0 127.0.0.1:4447          0.0.0.0:*                           13067/turnserver    
udp        0      0 0.0.0.0:5000            0.0.0.0:*                           8216/java           
udp6       0      0 :::57388                :::*                                723/java            
udp6       0      0 ::1:4445                :::*                                13067/turnserver    
udp6       0      0 ::1:4445                :::*                                13067/turnserver    
udp6       0      0 ::1:4445                :::*                                13067/turnserver    
udp6       0      0 ::1:4445                :::*                                13067/turnserver    
udp6       0      0 ::1:4446                :::*                                13067/turnserver    
udp6       0      0 ::1:4446                :::*                                13067/turnserver    
udp6       0      0 ::1:4446                :::*                                13067/turnserver    
udp6       0      0 ::1:4446                :::*                                13067/turnserver    
udp6       0      0 ::1:4446                :::*                                13067/turnserver    
udp6       0      0 ::1:4446                :::*                                13067/turnserver    
udp6       0      0 ::1:4446                :::*                                13067/turnserver    
udp6       0      0 ::1:4446                :::*                                13067/turnserver    
udp6       0      0 ::1:4447                :::*                                13067/turnserver    
udp6       0      0 ::1:4447                :::*                                13067/turnserver    
udp6       0      0 ::1:4447                :::*                                13067/turnserver    
udp6       0      0 ::1:4447                :::*                                13067/turnserver    
udp6       0      0 :::5000                 :::*                                8216/java           
udp6       0      0 192.168.87.40:10000     :::*                                8216/java

datenritter · 2020-05-19T16:42:06Z

The install script on debian should make the file group-owned by turnserver ant readable by group.

While this technically solves the problem, the install script should under no circumstances mess around with certficates which were not created by itself during the install process. Certificate owners have to find their own way to fix this.

Best way is to copy the keyfile into a directory which is accessible for turnserver only.

If only coturn wouldn't drop it's privileges so early...

damencho · 2020-05-19T19:31:42Z

So this is done when installing let's encrypt:
https://github.com/jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet-turn/coturn-certbot-deploy.sh#L26

stale · 2020-08-24T12:15:11Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Echolon · 2020-08-24T12:20:03Z

no stale

stale · 2020-11-22T12:23:16Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

CJosso closed this as completed May 14, 2020

CJosso reopened this May 14, 2020

saghul added config Configuration related issues packaging Issue related to packaging or build topics labels May 26, 2020

stale bot added the wontfix Issue won't be fixed label Aug 24, 2020

Echolon removed the wontfix Issue won't be fixed label Aug 24, 2020

toby63 mentioned this issue Oct 5, 2020

Can't see or hear any device outside my LAN using my Debian 10 server #7842

Closed

stale bot added the wontfix Issue won't be fixed label Nov 22, 2020

stale bot closed this as completed Dec 6, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TURN port seems to be +1 than in config #6672

TURN port seems to be +1 than in config #6672

CJosso commented May 12, 2020 •

edited

Loading

damencho commented May 12, 2020

CJosso commented May 13, 2020

CJosso commented May 13, 2020

damencho commented May 13, 2020

Echolon commented May 13, 2020

Echolon commented May 13, 2020

CJosso commented May 14, 2020

CJosso commented May 14, 2020 •

edited

Loading

damencho commented May 14, 2020

CJosso commented May 14, 2020

damencho commented May 14, 2020

CJosso commented May 19, 2020 •

edited

Loading

datenritter commented May 19, 2020 •

edited

Loading

damencho commented May 19, 2020

stale bot commented Aug 24, 2020

Echolon commented Aug 24, 2020

stale bot commented Nov 22, 2020

TURN port seems to be +1 than in config #6672

TURN port seems to be +1 than in config #6672

Comments

CJosso commented May 12, 2020 • edited Loading

Description

Current behavior

Expected Behavior

Possible Solution

Steps to reproduce

Environment details

damencho commented May 12, 2020

CJosso commented May 13, 2020

CJosso commented May 13, 2020

damencho commented May 13, 2020

Echolon commented May 13, 2020

Echolon commented May 13, 2020

CJosso commented May 14, 2020

CJosso commented May 14, 2020 • edited Loading

damencho commented May 14, 2020

CJosso commented May 14, 2020

damencho commented May 14, 2020

CJosso commented May 19, 2020 • edited Loading

datenritter commented May 19, 2020 • edited Loading

damencho commented May 19, 2020

stale bot commented Aug 24, 2020

Echolon commented Aug 24, 2020

stale bot commented Nov 22, 2020

CJosso commented May 12, 2020 •

edited

Loading

CJosso commented May 14, 2020 •

edited

Loading

CJosso commented May 19, 2020 •

edited

Loading

datenritter commented May 19, 2020 •

edited

Loading