Thirdlane stun service

Coturn can be installed on the same server as the Thirdlane PBX or Thirdlane Multi Tenant PBX, or on a separate server dedicated to STUN/TURN processing.

There are few cases when you should install Coturn on a separate server:

  • For large scale deployments
  • When Thirdlane PBX or Thirdlane Multi Tenant PBX is installed behind NAT
  • When you want to configure it to listen for incoming TCP requests on ports 443 or 80. This may improve the chances of successful NAT traversal since on some networks outbound traffic to ports 3478 and 5349 can be denied while it is common to have 443 or 80 ports allowed by firewalls

To run Coturn server alongside the Thirdlane PBX or Thirdlane Multi Tenant PBX, do the following:

  • If you are using Thirdlane distro prior to 8.0.2.1, execute yum install turnserver command at the shell promp. You can bypass this step if your system was installed from Thirdlane distro version 8.0.2.1 or newer, Coturn package will be already preinstalled and will run as turnserver service. If you decide that you don’t need your own TURN, or are planning to install Coturn on a separate server, you can stop and disable turnserver service by executing two commands: service turnserver stop and chkconfig turnserver off
  • Configure Coturn by editing /etc/turnserver/turnserver.conf configuration file. Detailed steps for the configuration follow

To install Coturn server on separate server, do the following:

  • Install latest CentOS 6 x64 on a server with public IP address and configure network. When your server is ready, download ice.tar.gz archive. Then extract installation script, make sure that it has execution bit set and run it: ./coturn-install.sh
  • You will be prompted to allow Thirdlane repository configuration. Accept it to install and enable Thirdlane repository on your server and continue with turnserver installation
  • Configure Coturn by editing /etc/turnserver/turnserver.conf configuration file:

Configuring Coturn server:

  1. listening-device must be set to your Ethernet device with public IP address. By default it is set to eth0
  2. listening-port is already configured with default port 3478
  3. tls-listening-port is already configured with default port 5349. If Coturn was installed on a separate server, you can update this setting to use port 443 for better compatibility with firewalls. Do not do this on Thirdlane server because port 443 will be already in use
  4. external-ip must be uncommented and set to your public IP address
  5. min-port and max-port are already configured with default UDP port range 49152-65535
  6. user should be updated with your own credentials. You will be using them during ICE Server configuration within Thirdlane Manager
  7. cert and pkey can be updated with your certificate and key. Default configuration provides self signed certificate in case you don’t have one
  8. Firewall configuration. This step is only required if you did not used Thirdlane distro to install your system or have highly customized iptables configuration. Execute following commands to allow incoming traffic to turn server service. Do not forget to update port numbers if you changed them in turnserver configuration file.iptables -A INPUT -p tcp --dport 3478 -j ACCEPT
    iptables -A INPUT -p udp --dport 3478 -j ACCEPT
    iptables -A INPUT -p tcp --dport 5349 -j ACCEPT
    iptables -A INPUT -p udp --dport 5349 -j ACCEPT
    iptables -A INPUT -p udp --dport 49152:65535 -j ACCEPT
    service iptables save

You can always update /etc/turnserver/turnserver.conf configuration file later and make adjustments as needed. If you are going to change default ports be sure to update your firewall accordingly.

At this point you can manage your STUN/TURN server by executing service turnserver start/stop/restart

webrtc stun service configuration (auction)
rtp_additional.conf:stunaddr=stun.l.google.com:19302
basic nat intro:
https://www.thirdlane.com/blog/nat-stun-turn-and-ice