Building/configuring a TURN server

If there is no way to configure a custom DDNS URL, you could try configuring a host or route entry to override a preconfigured DDNS provider, routing the request to your freedombox IP instead.

You’re right regarding the interval. I only thought about my special case that I know that

  • usually my IP changes exclusively once in 24h
  • There are exactly two accounts on my matrix instance - one of them me - so that I exactly know when the server’s needed :wink:

Since the mere IP check isn’t very expensive it wasn’t an actual problem to make the cronjob far more regular.
10 seconds on the other hand seems to me like a heavy overhead. Let’s assume 10 minutes. That would mean that the maximum downtime of the coturn server would be 10 minutes. For most FB users this should be a marginal loss…

This could of course also be adjustable in the VoIP-Helper app’s interface.

Regarding the power saving state:
Are you sure? I mean … aren’t there lots of such regular jobs already running? E.g. if the matrix instance is running and my Android Client is on - aren’t there continous connections between server and client?
I’m not an expert for the power management but I actually doubt that the coturn IP check has to impede that more than any instant messenger service running on your box yet :thinking:

I could use the Fritzbox for DDNS. But as I have a running ddclient config since years I stick to that.
I am not sure if I understand exactly what you mean by catching the router’s request. Can you give an example how that request would look?

Thanks for your elaborating reply.

Ok, I see the polling interval could be shortened, but it’s so avoidable to create constant traffic, might even lead to problems by block/filter/usage listing or analytics, and is noise if you want to monitor your own connections. (at least for a fredombox supported setup)

Concerning the power saving, I think listening on an open connection can be delegated into a low power state of the network adapter, but cron + making nework requests causes CPU activity.

What I first had in mind was starting a webserver with python

But it could be much better as a test setup if maybe a freedombox developer could provide a hint about how to best configure a new port or subdirectory? served by the webserver that is already running on the freedombox.

Then your script could in the simplest form just loop over an inotifywait that watches that port/directory’s log file, to trigger the update after the router makes the http request.

Your router seems to support entering a custom URL in its DynDNS configuration, at least there seems to be a help page about it. So it should be possible to enter the local freedombox URL there.

(In case your are wondering, I’m myself still looking for updating my filesystem setup, and not there yet.)

When your script just inotifywaits for the router making a request, without extracting any info from it, I think it would first have to trigger your ddclient, to actually update the DNS, and then do your lookup+coturn update.

And your script would already be fully usable in freedombox if it could fallback to polling as long as the logfile does not exist (no DDNS configured in the router), which should also render a warning to the user in the webfrontend/email notifications.


@sunil What could allow the easiest and most versatile configuration of routers might be: To configure an additional internal IP on the freedom box.

(And letting any type of request to that IP trigger a dyndns update (updating the real provider as configured in the freedombox) and then the STUN/TURN update, as suggested above.)

That could allow any type of router with an arbitrary DDNS implementation to trigger an update, no matter the URL or even protocol. Either by directly configuring the custom IP as custom DDNS provider with arbitrary protocol, or by configuring a hosts or route entry on the router, that redirects an available provider to the special freedombox DDNS update IP.

ejabberd and Coturn URLs and shared authentication secret?

Hey, great to have Coturn installed.

Noobie questions… for XMPP/eJabberd do I have to add the Coturn URLs and shared authentication secret to: sudo nano /etc/ejabberd/ejabberd.yml

Or are the URLs and secret only for Matrix Synapse?

In reference to the docs I haven’t found a way to use an external stun/turn config in ejabberd yet. It seems mandatory for ejabberd to use its internal stun/turn server which above doesn’t work with ldap auth afai read.

Besides it seems overhead to use two seperate stun/turn servers for two im services on one box.

So I’m also not sure how to deal with this.

1 Like

Thanks for the clarification.

doesn’t work with ldap auth

This is the bit that I had not quite understood. So as it stands, there is no workable TURN solution for eJabberd with Freedombox?

I’m afraid that I don’t find the eJabberd documentation/configuration very easy to understand!

On another note, last night I tested (2.8.2+fcr - free from F-Droid repos) on two Android devices using my Freedombox/eJabberd XMPP server. Over the local network Conversation works great - nice snappy connections and great quality audio and video chat.

When I tried it with both Android devices going through a VPN then they rang but the connection was never established - what you’d expect I guess!

1 Like

Don’t give up hope! Guess you will like that:

Points exactly to your question I would say. :grinning:

:smiley: wow, exactly what I needed - nice find :slight_smile: I’m going to follwo his set up guide whan I get time over the weekend:

1 Like

Bad news! We won’t get it to work until ejabberd 20.4 is in the debian repos. At the moment it’s 18something … so … I guess that will time until then. :confused:

The article mentioned 20.04 though, and that is already in buster-backports.
It is widely, highly apprecieated I guess. :slight_smile:

1 Like

Sooooo! To sum up the state of the STUN :wink:

  • VoIP via Matrix already works well after configuring coTURN with --external-ip
  • After upgrading ejabberd to 20.4 via backports I activated mod_stun_disco with stun(s) and turn(s) on 3478 and 5349
    • and had yet a 90min call with a friend via PixArt-Messenger (Conversations-fork) Unfortunately we didn’t realize that we did not use my server for calling. Instead PixArt doesn’t offer to call at all when we use our accounts on my FreedomBox :cry: What do I have to do for that? … @SottishFreedom ?
    • Well, I had a strange time with that server … The only thing I altered during my investigation was adding the stun and turn SRV entry in DNS of my domain. I also observed that in our conversation we didn’t receive the avatars. And finally some minutes ago the Call-Symbol appeared in PixArt and we called successfully and received the right avatars. …
  • added the stun and the turn incl. secret in Nextcloud Talk on another server at my office
    • which worked fantastic between different networks, too.

I’m good with this :grin:

Just realized that redirecting the router’s dyndns updates to a secondary IP of the freedombox (router hosts file or routing table entry) might even make the dyndns configuration on the freedomox entirely obsolete.

It should be possible to simply reuse the domain and the specific URL of the router’s request (found in the logs) for forwarding the request to the actual public dyndns service. But the redirection on the router would have to be only in effect for its locally originating request (packages), not for those triggered and originating from the freedombox.

Your devices will only fetch the new records, after the TTL of the last dns info expired, so that would introduce some lag to expect there.

Does everything continue working?

It seems so. Still everything’s working as far as I observed.

Did you add the dns records to a second level domain name or to a dyndns subdomain?
The former often have longer TTLs of several hours or even days.

As everything is still working, I congratulate!
First to have made it to a really complete setup.

second level.

Thank you :slight_smile:

I try not to party too soon.
But as I called my friend on a daily bases for the last week with different device and network setups each I guess I can start to claim this :smile:

could it be possible to prevent the /etc/matrix-synapse/homeserver.yaml file from being overwritten for updates when using the Coturn server?

1 Like

Yeah. Or at least have a way to turn overwriting off for the personal use case.

As I let my FB update/upgrade automatically I am regularly suprised by a non-working VoIP with both Matrix and XMPP when that happens.

FreedomBox no longer touch Matrix Synapse’s homerserver.yaml file. As of previous release, we have reset it to its original state (to allow smooth upgrade) and will never touch again. FreedomBox has a separate file in conf.d where configuration will be edited. Users are also advised to create their own configuration file in conf.d instead of editing homeserver.yaml. Note that only top level configuration keys can be overridden.