Calls don't establish between users of the same homeserver

[Thatoo]

Describe the bug

User of our homeserver can call users of other homeserver but when they try to call an other user of their own homerserver then, the call start but remain at the "establishing connection" state and the call never really begin.

Context

• Hardware: Old laptop
• YunoHost version: 11.2.14.1
• I have access to my server: Through SSH | through the webadmin | direct access via keyboard / screen
• Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: no
• synapse version : 1.108.0~ynh1

Steps to reproduce

• From Element desktop of android, start a call to an other user of our own homeserver
• It rings
• Other user answer
• It displays for both something like "establishing connection" for ever (after 5 minutes we stop waiting).

Expected behavior

The connection should be established and the call should start as it does when calling an other user from an other homeserver.

Logs

I tried to look at sudo tail -f /var/log/matrix-synapse/homeserver.log but as I don't know what I'm looking for, it didn't help me much.

[Thatoo]

in turnserver logs (/var/log/matrix-synapse/turnserver.log), I found this :

CONFIGURATION ALERT: You specified --lt-cred-mech and --use-auth-secret in the same time.
Be aware that you could not mix the username/password and the shared secret based auth methods. 
Shared secret overrides username/password based auth method. Check your configuration!
0: : ERROR: 
CONFIG ERROR: Empty cli-password, and so telnet cli interface is disabled! Please set a non empty cli-password!

[Thatoo]

On the synapse channel (#synapse:matrix.org) I'm told :

If you are using cli, you should give it a strong password. By default synapse does not need cli on turn server, it's authenticating through static-auth-secret https://element-hq.github.io/synapse/latest/turn-howto.html — there should be all you need https://github.com/YunoHost-Apps/synapse_ynh/blob/master/conf/turnserver.conf — you could try commenting out/removing the line cli-port=… and see if it helps. Coturn config claims that cli is on by default, but apparently it's off unless address and port is mentioned

[Josue-T]

The reported errors should be fixed by #470, but well, on my side coturn work well, so I'm not sure that this is the cause of the issue.

[Thatoo]

Can I try it without updating? How can I find the value of {{ turnserver_cli_pwd }} ?

[Josue-T]

Can I try it without updating?

You can apply the patch manually

How can I find the value of {{ turnserver_cli_pwd }} ?

You can put any random value.

[Thatoo]

I changed it like that

lt-cred-mech
use-auth-secret
static-auth-secret=vvvvvvvvv
cli-password=zzzzzzzz
realm=matrix.DOMAIN.NAME

tls-listening-port=5349
alt-tls-listening-port=5350
min-port=49153
max-port=49193
cli-port=xxxx

but it didn't solve this issue... unfortunatly.

By the way, I just realize this (other) issue. I don't know if it could be related :

$ sudo yunohost service log synapse
Traceback (most recent call last):
  File "/usr/bin/yunohost", line 77, in <module>
    yunohost.cli(
  File "/usr/lib/python3/dist-packages/yunohost/__init__.py", line 41, in cli
    ret = moulinette.cli(
  File "/usr/lib/python3/dist-packages/moulinette/__init__.py", line 110, in cli
    Cli(
  File "/usr/lib/python3/dist-packages/moulinette/interfaces/cli.py", line 500, in run
    ret = self.actionsmap.process(args, timeout=timeout)
  File "/usr/lib/python3/dist-packages/moulinette/actionsmap.py", line 574, in process
    return func(**arguments)
  File "/usr/lib/python3/dist-packages/yunohost/service.py", line 528, in service_log
    result[log_path] = _tail(log_path, number)
  File "/usr/lib/python3/dist-packages/yunohost/service.py", line 790, in _tail
    lines = f.read().splitlines()
MemoryError
$ sudo yunohost service status synapse
configuration: unknown
description: Main matrix server service.
last_state_change: 2024-06-22 17:54:55
start_on_boot: enabled
status: running

[Thatoo]

I checked telnet. It works on port 5349 but not on 5350. Is it normal?

[Thatoo]

I try disabling "TLS/DTLS on Audio/Video coll" on the admin panel but it didn't help.

[Thatoo]

Well actually, changing this setting fails : https://paste.yunohost.org/raw/ayidomekiw

[Josue-T]

Hello,

Normally all fixes should be available on testing, so can you try to upgrade from testing, and test again ?

[Thatoo]

After updating, it has worked two times in a row between one user using Element Desktop client and one user using Element Android (from the same homeserver) no matter who starts the call. However between two Element android clients (same users), the connection doesn't establish (fails three times in a row).

EDIT: Between one user of one (yunohost) homeserver using Element Android and an other user from an other (yunohost) homeserver using Element iOS, it works...

[Thatoo]

Is it normal telnet doesn't work on port 5350 (tested on 3 yunohost synapse servers)?

$ telnet domain.tld 5349
Trying xxx.xxx.xxx.xxx...
Connected to domain.tld.
Escape character is '^]'.
^CConnection closed by foreign host.

$ telnet domain.tld 5350
Trying xxx.xxx.xxx.xxx...
^C

$ telnet domain.tld 80
Trying xxx.xxx.xxx.xxx...
Connected to domain.tld.
Escape character is '^]'.
^CConnection closed by foreign host.

$ telnet domain.tld 443
Trying xxx.xxx.xxx.xxx...
Connected to domain.tld.
Escape character is '^]'.
^CConnection closed by foreign host.
$ 

[Thatoo]

Between one user of one (yunohost) homeserver using Element Android and an other user from an other (yunohost) homeserver using Element Android, it works...

And between two users of an other(yunohost) homeserver (other than mine, but same ynh and last master synapse version, not testing), both using Element android, it failed also.

[Josue-T]

did you restart synapse and coturn after the change on the config panel ?

And on the config panel the option "Enable TLS/DTLS on Audio/Video call" are enabled ore disabled ?

[Thatoo]

I disabled "TLS/DTLS on Audio/Video coll" on last master release on my friends ynh synapse server, I got this warning, 'matrix-synapse' service is unknown.

They could make the call between two Element Android client.

I then disable "TLS/DTLS on Audio/Video call" on my testing own server, didn't get the warning and it works now, calling between two Element Android client between two users of the same homeserver.

This issue could be close then.

[Josue-T]

I disabled "TLS/DTLS on Audio/Video coll" on last master release on my friends ynh synapse server, I got this warning, 'matrix-synapse' service is unknown.

Note that this is fixed in testing.