I tested the coturn server before both with
- my old setup and with
- your config of the app.
In both cases I could not connect between my smartphone while it is in cell mode or in a VPN to my Laptop in the same NAT as my FreedomBox.
Since I added external-ip to the config it works flawlessly.
This corresponds to difference in the log I observed. Before the external-ip only the client inside the NAT showed up with the name of account. The one outside didn’t or showed up as some number. Also there were a lot of 401 errors like this:
session 002000000000000010: realm <mydomain.net> user <>: incoming packet message processed, error 401: Unauthorized
IPv4. Local relay addr: 192.168.1.19:49394
As you can see the user tag is empty there. Only the local users in the NAT are shown in the log, the ones from outside cannot be authorized.
But now - after defining external-ip - both clients’ accounts show up, and no obvious error messages!
One problem is stil left:
The log shows that coturn doesn’t find the certs from the config file. So that TLS connections are impossible.
WARNING: cannot find private key file: /etc/coturn/certs/pkey.pem (1)
WARNING: cannot start TLS and DTLS listeners because private key file is not set properly
Checking my log and config I found out that you named the key pkey.pem while I named it privkey.pem. After correcting this in config there’s a working TLS setup.
Still I receive:
set_ctx: ERROR: cannot set DH
ERROR: set_ctx: ERROR: cannot set DH
which vanishes if I add
in my config.
Now TLS and DTLS are flawlessly working according to the log.
After setting /etc/matrix-synapse/homeserver.yaml up with
turn_uris: - "stun:ismus.net:3478?transport=udp" - "stun:ismus.net:3478?transport=tcp" - "turn:ismus.net:3478?transport=udp" - "turn:ismus.net:3478?transport=tcp" - "stun:ismus.net:5349?transport=udp" - "stun:ismus.net:5349?transport=tcp" - "turn:ismus.net:5349?transport=udp" - "turn:ismus.net:5349?transport=tcp"
the log tells me also that the 5349 port is used by matrix-synapse.
I guess now I’m ready