Hi,
I have implemented and tested a script to install Galene and a TURN that works behind a Router, even a domestic one.
You can doowload it here : https://gitlab.inria.fr/rouillie/visio/-/tree/master/galene
It works only for Ubuntu 20.04 or Debian buster for the moment, mainly because I am lazy :-) but it opens the door to an very easy deployment on a cloud or simply at home.
Cheers,
Fabrice
-------------------------
Fabrice Rouillier
fabrice@rouillier.fr
Bureau virtuel : https://www.rouillier .fr/visio/fabrice
> Le 10 avr. 2021 à 16:41, Fabrice Rouillier a écrit :
>
> Hi Juliusz,
>
> Thanks for your help.
> See below for a simple setting that works with our external coturn.
>
>> The problem is probably that your NAT doesn't implement hairpinning, so
>> Galène and the TURN server cannot communicate.
>> Coturn is probably
>> connecting over IPv6, which the built-in server doesn't handle.
>
> I have deactivated the IPV6 everywhere and double checked (inspecting about:websocket ) in Firefox that it does not use IPV6.
>
>> Could you please check Galène's log for mentions of a relay test? If the
>> server-side relay test (the one in Galène's log) fails, that's probably
>> indicative of a problem with hairpinning.
>
> Server side : the relay-test do not fails.
>
> Client side :
> - using the builtin turn, the relay test fails ,
> - using coturn (on the same server) it works.
>
>> Fabrice — if your instance of Galène is behind NAT, then I strongly
>> recommend running an instance of coturn on a host that is not behind NAT.
>
> The following works :
>
> - port forwarding from my router (Freebox) to a Linux 20.04 VM (virtual box) :
>
> 49152-65535 (UDP/TCP)
> 3478 (UDP/TCP)
> 8443 (UDP/TCP)
>
> - coturn on the VM with the following configuration
>
> listening-port=3478
> fingerprint
> lt-cred-mech
> user=:
> server-name=
> realm=
>
> - galene on the VM launched with the option -turn auto
> and data/ice-servers.json with the following contents
>
> [
> {
> "Urls": [
> "turn::3478",
> « turn::3478?transport=tcp"
> ],
> "username": "",
> "credential": ""
> }
> ]
>