Implications of removing TURN for non-pro self-hosted users ?

[saket424]

Does this mean we have to host an external TURN service?

I have attached the diff output between the nm-quick.0.21.2 versus nm-quick.0.22.0

root@pve:~/nm-stuff# diff ../nm-quick.sh .
308c308
<   local toCopy=("SERVER_HOST" "MASTER_KEY" "TURN_USERNAME" "TURN_PASSWORD" "MQ_USERNAME" "MQ_PASSWORD"
---
>   local toCopy=("SERVER_HOST" "MASTER_KEY" "MQ_USERNAME" "MQ_PASSWORD"
310,312c310,311
<       "CORS_ALLOWED_ORIGIN" "DISPLAY_KEYS" "DATABASE" "SERVER_BROKER_ENDPOINT" "STUN_PORT" "VERBOSITY"
<       "TURN_PORT" "USE_TURN" "DEBUG_MODE" "TURN_API_PORT" "REST_BACKEND"
<       "DISABLE_REMOTE_IP_CHECK" "NETCLIENT_ENDPOINT_DETECTION" "TELEMETRY" "AUTH_PROVIDER" "CLIENT_ID" "CLIENT_SECRET"
---
>       "CORS_ALLOWED_ORIGIN" "DISPLAY_KEYS" "DATABASE" "SERVER_BROKER_ENDPOINT" "VERBOSITY"
>       "DEBUG_MODE"  "REST_BACKEND" "DISABLE_REMOTE_IP_CHECK" "TELEMETRY" "AUTH_PROVIDER" "CLIENT_ID" "CLIENT_SECRET"
373d371
<   cp scripts/nm-certs.sh "$SCRIPT_DIR/nm-certs.sh"
554,555d551
<   echo "               turn.$NETMAKER_BASE_DOMAIN"
<   echo "            turnapi.$NETMAKER_BASE_DOMAIN"
661,709d656
<   unset GET_TURN_USERNAME
<   unset GET_TURN_PASSWORD
<   unset CONFIRM_TURN_PASSWORD
<   echo "Enter Credentials For TURN..."
<   if [ -z $AUTO_BUILD ]; then
<       read -p "TURN Username (click 'enter' to use 'netmaker'): " GET_TURN_USERNAME
<   fi
<   if [ -z "$GET_TURN_USERNAME" ]; then
<       echo "using default username for TURN"
<       TURN_USERNAME="netmaker"
<   else
<       TURN_USERNAME="$GET_TURN_USERNAME"
<   fi
< 
<   if test -z "$TURN_PASSWORD"; then
<       TURN_PASSWORD=$(
<           tr -dc A-Za-z0-9 </dev/urandom | head -c 30
<           echo ''
<       )
<   fi
< 
<   if [ -z $AUTO_BUILD ]; then
<       select domain_option in "Auto Generated / Config Password" "Input Your Own Password"; do
<           case $REPLY in
<           1)
<               echo "using random password for turn"
<               break
<               ;;
<           2)
<               while true; do
<                   echo "Enter your Password For TURN: "
<                   read -s GET_TURN_PASSWORD
<                   echo "Enter your password again to confirm: "
<                   read -s CONFIRM_TURN_PASSWORD
<                   if [ ${GET_TURN_PASSWORD} != ${CONFIRM_TURN_PASSWORD} ]; then
<                       echo "wrong password entered, try again..."
<                       continue
<                   fi
<                   TURN_PASSWORD="$GET_TURN_PASSWORD"
<                   echo "TURN Password Saved Successfully!!"
<                   break
<               done
<               break
<               ;;
<           *) echo "invalid option $REPLY" ;;
<           esac
<       done
<   fi
< 
779,780c726,728
<   docker-compose -f "$SCRIPT_DIR"/docker-compose.yml up -d --force-recreate
< 
---
>   cd "${SCRIPT_DIR}"
>   docker-compose up -d --force-recreate
>   cd -
830c778
<   local tokenJson=$(nmctl enrollment_key create --unlimited --networks netmaker)
---
>   local tokenJson=$(nmctl enrollment_key create --tags netmaker --unlimited --networks netmaker)
root@pve:~/nm-stuff#

[abhishek9686]

@saket424 TURN implementation had it's own share of problems, instead we moved to a more stable approach called failovers which is a PRO feature, but for users on community we do recommend to use remote-access gateway and use the client config attached to it on devices behind restrictive nat, also port forwarding should help in most cases. If you are looking for more automated NAT traversal you should switch to PRO.

[saket424]

@abhishek9686

Thanks for the clarification about deprecating TURN. I can confirm that the netmaker server is reachable by all the nodes and is a good candidate as a remote access gateway for the nodes behind problematic nats