[SOLVED] Coturn setup - TURN tests good, STUN doesn't

Problem Description
I have Matrix and Coturn set up properly (Afaik) - matrix users can connect fine, services are running, ports are tested open all the way through. I’m on the latest version of Freedombox.

Steps to Reproduce

  1. When I go to https://test.voip.librepush.net/ I get:

Asked homeserver for TURN servers

  • 4 URIs received.

Test servers (IPv4)

  • TURN only (No STUN)

TURN will help users on all kinds of NATs. From this perspective, your configuration is good. However, TURN involves relaying all the users’ traffic, which can be costly or overload your server if there are many connections. For some users, STUN would suffice and would allow these users to establish direct connections, so your server would not need to relay all their traffic. For this reason, working STUN configuration is recommended.

  • stun:[domainname]:3478?transport=tcp
    Didn’t work: Fail

  • stun:[domainname]:3478?transport=udp
    Didn’t work: Fail

  • turn:[domainname]:3478?transport=tcp
    TURN: Excellent

  • turn:[domainname]:3478?transport=udp
    TURN: Excellent

  • FreedomBox version: You are running Debian GNU/Linux 11 (bullseye) and FreedomBox version 22.5. FreedomBox is up to date.
  • Hardware: VMware esxi
  • How did you install FreedomBox?: iso on vmware

When a call is answered, simply get the dreaded “Call connecting…”

Any ideas?

EDIT: here’s my /etc/coturn/freedombox.conf file

min-port = 49152
max-port = 50175
use-auth-secret = true
static-auth-secret = [secret]
cert = /etc/coturn/certs/cert.pem
pkey = /etc/coturn/certs/pkey.pem
no-tlsv1 = true
no-tlsv1_1 = true
no-cli = true
realm = [domainname]
listening-ip = ::
listening-ip = ::1
log-file = /var/log/coturn/turn.log


AND the relevant settings from /etc/matrix-synapse/homeserver.yaml

turn_uris: [ “stun:[domainname]:3478?transport=tcp”, “stun:[domainname]:3478?transport=udp”, “turn:[domainname]:3478?transport=tcp”, “turn:[domainname]:3478?transport=udp” ]

turn_shared_secret: “[secret]”

turn_user_lifetime: “1h”

turn_allow_guests: False

1 Like

Do you use DMZ or you port forwarding? On my home setup, when I set the router to do DMZ, calls wouldn’t work, but forwarding ports manually solved it for me.

Using port forwarding. I have a Cisco ASA (sip-alg/inspection has been turned off).

And, like I said, I verified that ports are open and working. I can see the traffic hitting the server in the firewall logs. So seems to be a server-side issue.

Welp, it was a software bug in the ASA firewall’s firmware. So, working after upgrade to fix NAT xlate issues.